Red Hat Bugzilla – Bug 1032322
CVE-2013-6370 json-c: buffer overflow if size_t is larger than int
Last modified: 2015-11-25 05:04:50 EST
Florian Weimer reported that the printbuf APIs used in the json-c library used ints for counting buffer lengths, which is inappropriate for 32bit architectures. These functions need to be changed to using size_t if possible for sizes, or to be hardened against negative values if not. This could be used to cause a denial of service in an application linked to the json-c library.
This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Created json-c tracking bugs for this issue:
Affects: fedora-all [bug 1085676]
Affects: epel-all [bug 1085677]
json-c-0.11-6.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
json-c-0.11-6.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products:
Red Hat Enterprise Linux 7
Via RHSA-2014:0703 https://rhn.redhat.com/errata/RHSA-2014-0703.html