CVE-2016-4425

MEDIUM

Jansson <2.7 - DoS

Title source: llm

Description

Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data.

References (7)

[Patch] https://github.com/akheron/jansson/issues/282

[Patch] https://github.com/akheron/jansson/pull/284

[Patch] https://github.com/akheron/jansson/pull/284/commits/64ce0ad3731ebd77e02897b07920eadd0e2cc318

[Third Party Advisory] http://www.debian.org/security/2015/dsa-3577

[Mailing List] http://www.openwall.com/lists/oss-security/2016/05/01/5

[Mailing List] http://www.openwall.com/lists/oss-security/2016/05/02/1

[Mailing List] http://www.openwall.com/lists/oss-security/2016/05/03/3

Scores

CVSS v3 6.5

EPSS 0.0101

EPSS Percentile 76.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Classification

CWE

CWE-674 CWE-20

Status draft

Affected Products (1)

jansson_project/jansson < 2.7

Timeline

Published May 17, 2016

Tracked Since Feb 18, 2026