CVE-2020-12762

HIGH

json-c <0.14 - Buffer Overflow

Title source: llm
STIX 2.1

Description

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

References (16)

Core 16
Core References
Third Party Advisory vendor-advisory
https://usn.ubuntu.com/4360-1/
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2020/05/msg00032.html
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2020/05/msg00034.html
Third Party Advisory vendor-advisory
https://usn.ubuntu.com/4360-4/
Third Party Advisory vendor-advisory
https://security.gentoo.org/glsa/202006-13
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2020/07/msg00031.html
Third Party Advisory vendor-advisory
https://www.debian.org/security/2020/dsa-4741
Exploit, Patch, Third Party Advisory
https://github.com/json-c/json-c/pull/592

Scores

CVSS v3 7.8
EPSS 0.0028
EPSS Percentile 51.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-190 CWE-787
Status published
Products (15)
canonical/ubuntu_linux 12.04
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 16.04
canonical/ubuntu_linux 18.04
canonical/ubuntu_linux 19.10
canonical/ubuntu_linux 20.04
debian/debian_linux 8.0
debian/debian_linux 9.0
debian/debian_linux 10.0
fedoraproject/fedora 30
... and 5 more
Published May 09, 2020
Tracked Since Feb 18, 2026