json-c: Buffer Overflow — GLSA 202408-08

A vulnerability has been discovered in json-c, which can lead to a stack buffer overflow.

Affected packages

dev-libs/json-c on all architectures
Affected versions < 0.16
Unaffected versions >= 0.16

Background

json-c is a JSON implementation in C.

Description

Please review the CVE identifier referenced below for details.

Impact

A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit.

Workaround

There is no known workaround at this time.

Resolution

All json-c users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-libs/json-c-0.16"
 

References

Release date
August 07, 2024

Latest revision
August 07, 2024: 1

Severity
normal

Exploitable
remote

Bugzilla entries