Thursday, May 23, 2024

[USN-6784-1] cJSON vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEhC9y9XdAFQPCvYXchGmXSGiknnUFAmZPY90FAwAAAAAACgkQhGmXSGiknnXt
YhAAtPW66lyhP/4RDvPsRfueECUW5HoGpGOtginiOHENjjh6oQvRN/WQNBh3BOl4+7vH+72arhUZ
hLeTULo6c0Zlld5FPzLXjrjDntmd/44fV+leTeLBkfFVBcJJFSvlIZ6HC3yJALDWxGs9SMIB68JZ
AY80bgGzO1BGjrkknWYgjY2MK0Y+sws4j2s54M3UP0UjDpUpFUW9v+yrJcSKbowKymc3e2sPpUTt
FmpzJlimKTU1pgCnCD61kqIGjhifsFDJuwOuy7a3r9TiJVeXt80zXriHtsF0IaHKt6zkPtBTJ+A4
svCfJrW5lzV99KtpBsJK/4a5iJbadhNcPT9yn401r+rKmaqn1/jvFL4YxNUHBqa1c9EJ4FaNuqOK
0PdCI75P/lVb/PpACIo26NXGPx1p+X1/Y8wlLxt5HYXyFU7HjRBVgh3uFfeVQF8kE4rAn41ENjQq
G7557cMrk5+YDbiCSJK5A0hgLPSx70U3InjmdMIvur5hexcCwY0ve6A2R2m0z2k35+y8sgcB1QS5
rIc6U8IX6URZeXyvCT6MGDODg7qdlVc5IYlofqDo4UCAafmNsYRjvtoO5Zqghizk+QFzR6eb7b1F
MygJk+AmE5tswUxJeiQ6HWbMLw1emQb/ZfVIl1MGfPpASRTflwaDpEu/B8uQp7/+UNGQ4+hx3dqS
/GQ=
=34xa
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-6784-1
May 23, 2024

cjson vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS

Summary:

cJSON could be made to crash if it received specially crafted
input.

Software Description:
- cjson: Ultralightweight JSON parser in ANSI C (development files)

Details:

It was discovered that cJSON incorrectly handled certain input. An
attacker could possibly use this issue to cause cJSON to crash, resulting
in a denial of service. This issue only affected Ubuntu 22.04 LTS and
Ubuntu 23.10. (CVE-2023-50471, CVE-2023-50472)

Luo Jin discovered that cJSON incorrectly handled certain input. An
attacker could possibly use this issue to cause cJSON to crash, resulting
in a denial of service. (CVE-2024-31755)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
libcjson1 1.7.17-1ubuntu0.1~esm2
Available with Ubuntu Pro

Ubuntu 23.10
libcjson1 1.7.16-1ubuntu0.2

Ubuntu 22.04 LTS
libcjson1 1.7.15-1ubuntu0.1~esm2
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-6784-1
CVE-2023-50471, CVE-2023-50472, CVE-2024-31755

Package Information:
https://launchpad.net/ubuntu/+source/cjson/1.7.16-1ubuntu0.2

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)