json-cproject json-c CVE-2020-12762 vulnerability in Json Cproject and Other Products
Published on May 9, 2020

product logo product logo product logo product logo product logo
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Vulnerability Analysis

CVE-2020-12762 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
REQUIRED
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
HIGH
Availability Impact:
HIGH

Weakness Type

What is a Memory Corruption Vulnerability?

The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.

CVE-2020-12762 has been classified to as a Memory Corruption vulnerability or weakness.


Products Associated with CVE-2020-12762

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-12762 are published in these products:

Json Cproject Json C
 
Fedora Project Fedora
 
Debian Linux
 
Canonical Ubuntu Linux
 
Siemens Sinec Ins
 
Json C
 

Exploit Probability

EPSS
0.28%
Percentile
51.04%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.