1903723 – (CVE-2020-9861) CVE-2020-9861 swift: stack overflow issue via nested malicious JSON input

Bug 1903723 (CVE-2020-9861) - CVE-2020-9861 swift: stack overflow issue via nested malicious JSON input

Summary: CVE-2020-9861 swift: stack overflow issue via nested malicious JSON input

Keywords:
Status:	CLOSED NOTABUG
Alias:	CVE-2020-9861
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1904263 1904264
Blocks:	1903725
TreeView+	depends on / blocked

Reported:	2020-12-02 17:14 UTC by Dhananjay Arunesh
Modified:	2020-12-04 09:09 UTC (History)
CC List:	9 users (show)
Fixed In Version:	swift-lang 5.1.5
Clone Of:
Environment:
Last Closed:	2020-12-04 09:09:15 UTC
Embargoed:

Attachments	(Terms of Use)

Description Dhananjay Arunesh 2020-12-02 17:14:38 UTC

A stack overflow issue existed in Swift for Linux. The issue was addressed with improved input validation for dealing with deeply nested malicious JSON input.

https://forums.swift.org/t/swift-5-1-5-for-linux-jsonserialization-limit-recursion-when-parsing/34514

Comment 2 Doran Moppert 2020-12-03 23:19:28 UTC

This is the swift programming language, not swift object storage.

Comment 3 Doran Moppert 2020-12-03 23:20:37 UTC

Created swift-lang tracking bugs for this issue:

Affects: epel-8 [bug 1904264]
Affects: fedora-all [bug 1904263]

Comment 4 Product Security DevOps Team 2020-12-04 09:09:15 UTC

This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-9861

Note You need to log in before you can comment on or make changes to this bug.