1. CVE-Search
  2. CVE-2013-6371
ID CVE-2013-6371
Summary The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions.
References
Vulnerable Configurations
  • cpe:2.3:a:json-c:json-c:-:*:*:*:*:*:*:*
    cpe:2.3:a:json-c:json-c:-:*:*:*:*:*:*:*
  • cpe:2.3:a:json-c:json-c:0.1:*:*:*:*:*:*:*
    cpe:2.3:a:json-c:json-c:0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:json-c:json-c:0.2:*:*:*:*:*:*:*
    cpe:2.3:a:json-c:json-c:0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:json-c:json-c:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:json-c:json-c:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:json-c:json-c:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:json-c:json-c:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:json-c:json-c:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:json-c:json-c:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:json-c:json-c:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:json-c:json-c:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:json-c:json-c:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:json-c:json-c:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:json-c:json-c:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:json-c:json-c:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:json-c:json-c:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:json-c:json-c:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:json-c:json-c:0.10-20120530:*:*:*:*:*:*:*
    cpe:2.3:a:json-c:json-c:0.10-20120530:*:*:*:*:*:*:*
  • cpe:2.3:a:json-c:json-c:0.11-20130402:*:*:*:*:*:*:*
    cpe:2.3:a:json-c:json-c:0.11-20130402:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 25-09-2023 - 02:30)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 1032322
title CVE-2013-6370 json-c: buffer overflow if size_t is larger than int
oval
OR
  • comment Red Hat Enterprise Linux must be installed
    oval oval:com.redhat.rhba:tst:20070304026
  • AND
    • comment Red Hat Enterprise Linux 7 is installed
      oval oval:com.redhat.rhba:tst:20150364027
    • OR
      • AND
        • comment json-c is earlier than 0:0.11-4.el7_0
          oval oval:com.redhat.rhsa:tst:20140703001
        • comment json-c is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140703002
      • AND
        • comment json-c-devel is earlier than 0:0.11-4.el7_0
          oval oval:com.redhat.rhsa:tst:20140703003
        • comment json-c-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140703004
      • AND
        • comment json-c-doc is earlier than 0:0.11-4.el7_0
          oval oval:com.redhat.rhsa:tst:20140703005
        • comment json-c-doc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20140703006
rhsa
id RHSA-2014:0703
released 2014-06-10
severity Moderate
title RHSA-2014:0703: json-c security update (Moderate)
rpms
  • json-c-0:0.11-4.el7_0
  • json-c-debuginfo-0:0.11-4.el7_0
  • json-c-devel-0:0.11-4.el7_0
  • json-c-doc-0:0.11-4.el7_0
refmap via4
bid 66715
confirm
fedora FEDORA-2014-5006
mandriva MDVSA-2014:079
secunia 57791
xf jsonc-cve20136371-dos(92541)
Last major update 25-09-2023 - 02:30
Published 22-04-2014 - 13:06
Last modified 25-09-2023 - 02:30
Back to Top