{ "public_date" : "2023-08-22T00:00:00Z", "bugzilla" : { "description" : "json-c: stack-buffer-overflow in parseit() in json_parse.c", "id" : "2235514", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2235514" }, "cvss3" : { "cvss3_base_score" : "0.0", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "status" : "draft" }, "cwe" : "CWE-121->CWE-125", "details" : [ "An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit.", "A flaw was found in the parseit() function in json_parse.c., a test app in the json-c library. The code error does not affect the library itself." ], "statement" : "Vulnerable code was introduced in json-c 0.15-20200726. Red Hat Enterprise Linux ships json-c-0.14-11 and prior, therefore, it is not-affected.\nThis issue affects a test app and not the library itself, which lowers the impact of the flaw to none.", "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "json-c", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "json-c", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "json-c", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "json-c", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2021-32292\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-32292\nhttps://github.com/json-c/json-c/commit/4e9e44e5258dee7654f74948b0dd5da39c28beec\nhttps://github.com/json-c/json-c/issues/654#issuecomment-670437005" ], "name" : "CVE-2021-32292", "csaw" : false }