1
PublicDateAtUSN: 2014-04-08
2
Candidate: CVE-2013-6371
6
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6371
7
https://usn.ubuntu.com/usn/usn-2245-1
9
The hash functionality in json-c before 0.12 allows context-dependent
10
attackers to cause a denial of service (CPU consumption) via crafted JSON
11
data, involving collisions.
15
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744008
16
https://bugzilla.redhat.com/show_bug.cgi?id=1032311
17
https://bugs.launchpad.net/ubuntu/+source/json-c/+bug/1311397
19
Discovered-by: Florian Weimer
23
upstream: https://github.com/json-c/json-c/commit/64e36901a0614bf64a19bc3396469c66dcd0b015
24
upstream_json-c: released (0.11-4)
25
lucid_json-c: ignored (reached end-of-life)
26
precise_json-c: released (0.9-1ubuntu1.1)
27
quantal_json-c: ignored (reached end-of-life)
28
saucy_json-c: released (0.11-2ubuntu1.2)
29
trusty_json-c: released (0.11-3ubuntu1.2)
30
devel_json-c: not-affected (0.11-4ubuntu1)