Json C
CVE-2013-6371
MEDIUM
Severity by source
AV:N/AC:L/Au:N/C:N/I:N/A:P
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:N/AC:L/Au:N/C:N/I:N/A:P
Lifecycle Timeline
1DescriptionCVE.org
The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions.
AnalysisAI
The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.
Technical ContextAI
This vulnerability is classified under CWE-310. The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted JSON data, involving collisions. Affected products include: Json-C, Fedoraproject Fedora. Version information: before 0.12.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_m
Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unsp
Same weakness CWE-310 – Cryptographic Issues
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today