akheron/jansson

akheron/jansson

Releases33

Frequency6 months 4 days

Last Release 4 months ago

Stars3.34K

C library for encoding, decoding and manipulating JSON data

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-36325 ↗	Apr 26, 2021Monday, 26 April 2021, 18:15	7.5 HIGH	5 MEDIUM
An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification
CVE-2016-4425 ↗	May 17, 2016Tuesday, 17 May 2016, 14:08	6.5 MEDIUM	5 MEDIUM
Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data.
CVE-2013-6401 ↗	Mar 21, 2014Friday, 21 March 2014, 01:04	—	5 MEDIUM
Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted JSON document.