Bug 610877 (CVE-2010-1666) - CVE-2010-1666 python-cjson: Buffer overflow (crash) when encoding wide Unicode characters on UTF-32/UCS-4
Summary: CVE-2010-1666 python-cjson: Buffer overflow (crash) when encoding wide Unicod...
Keywords:
Status: CLOSED UPSTREAM
Alias: CVE-2010-1666
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 610881
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-07-02 16:30 UTC by Jan Lieskovsky
Modified: 2021-11-04 16:14 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-06-10 10:57:04 UTC
Embargoed:

Attachments (Terms of Use)
And local copy of Ubuntu patch (3.36 KB, application/x-gzip)
2010-07-02 16:38 UTC, Jan Lieskovsky 		no flags Details
View All

Description Jan Lieskovsky 2010-07-02 16:30:46 UTC 
Matt Giuca noticed a possibility of buffer overflow, present in Python
JSON encoder/decoder, when encoding wide Unicode characters on UTF-32/UCS-4.
A remote attacker could create a specially-crafted Python script, which once
launched by local, unsuspecting user could lead to denial of service
(application using Python JSON encoder / decoder crash).

References:
  [1] https://bugs.launchpad.net/ubuntu/+source/python-cjson/+bug/585274

Public PoC (from [1]):
  [2] cjson.encode(u'\U0001D11E\U0001D11E\U0001D11E\U0001D11E\u1234\u1234\u1234\u1234\u1234\u1234')

Patch applied by Ubuntu:
  [3] https://launchpad.net/ubuntu/hardy/+source/python-cjson/1.0.5-1ubuntu0.8.04.1/+files/python-cjson_1.0.5-1ubuntu0.8.04.1.diff.gz
Comment 1 Jan Lieskovsky 2010-07-02 16:38:00 UTC 
Created attachment 429108 [details]
And local copy of Ubuntu patch
Comment 2 Jan Lieskovsky 2010-07-02 16:39:52 UTC 
This issue affects the versions of the python-cjson package,
as shipped with Fedora releases of 12 and 13.

This issue affects the versions of the python-cjson package,
as present within EPEL-5 repository.

Please fix.
Comment 3 Jan Lieskovsky 2010-07-02 16:40:46 UTC 
Created python-cjson tracking bugs for this issue

Affects: fedora-all [bug 610881]
Comment 4 Product Security DevOps Team 2019-06-10 10:57:04 UTC 
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
Note You need to log in before you can comment on or make changes to this bug.