StarlingX

[Debian] Critical CVE: CVE-2021-32292 json-c: a stack-buffer-overflow

Bug #2033581 reported by Yue Tao
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
High
Wentao Zhang

Bug Description

CVE-2021-32292: https://nvd.nist.gov/vuln/detail/CVE-2021-32292

An issue was discovered in json-c through 0.15-20200726. A stack-buffer-overflow exists in the function parseit located in json_parse.c. It allows an attacker to cause code Execution.

Base Score: Critical

Reference:

['libjson-c5_0.15-2_amd64.deb===>libjson-c5_0.15-2+deb11u1_amd64.deb']
https://www.debian.org/security/2023/dsa-5486

CVE References

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/895243

Changed in starlingx:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/895243
Committed: https://opendev.org/starlingx/tools/commit/2af4185138df166f70b2c0f999bcfb41679f78b4
Submitter: "Zuul (22348)"
Branch: master

commit 2af4185138df166f70b2c0f999bcfb41679f78b4
Author: Wentao Zhang <email address hidden>
Date: Fri Sep 15 10:27:35 2023 +0800

    Debian: package : fix CVE-2021-32292

    Upgrade libjson-c5 to 0.15-2+deb11u1
    Upgrade libjson-c-dev to 0.15-2+deb11u1

    Refer to:
    https://nvd.nist.gov/vuln/detail/CVE-2021-32292

    Test Plan:
    Pass: downloader
    Pass: build-pkgs --clean --all
    Pass: build-image
    Pass: boot

    Closes-bug: #2033581

    Change-Id: I24d4e0b2c4c9c50b5e3b6fb0e22202ddda55d77d
    Signed-off-by: Wentao Zhang <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
Ghada Khalil (gkhalil)
Changed in starlingx:
assignee: nobody → Wentao Zhang (wzhang4)
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.