Florian Weimer reported that the hash function in the json-c library was weak, and that parsing smallish JSON strings showed quadratic timing behaviour. This could cause an application linked to the json-c library, and that processes some specially-crafted JSON data, to use excessive amounts of CPU. Acknowledgements: This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Public via: https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015
Created json-c tracking bugs for this issue: Affects: fedora-all [bug 1085676] Affects: epel-all [bug 1085677]
json-c-0.11-6.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
json-c-0.11-6.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 7 Via RHSA-2014:0703 https://rhn.redhat.com/errata/RHSA-2014-0703.html