Vulnerability Details : CVE-2016-4425
Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data.
Vulnerability category: Input validationDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2016-4425
Probability of exploitation activity in the next 30 days: 0.92%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 81 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-4425
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
7.5
|
HIGH | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2016-4425
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-4425
-
http://www.debian.org/security/2015/dsa-3577
Debian -- Page not found
-
http://www.openwall.com/lists/oss-security/2016/05/01/5
oss-security - CVE Request: Jansson: stack exhaustion parsing a JSON file
-
https://github.com/akheron/jansson/pull/284/commits/64ce0ad3731ebd77e02897b07920eadd0e2cc318
Fix for issue #282 by dev-zzo · Pull Request #284 · akheron/jansson · GitHub
-
http://www.openwall.com/lists/oss-security/2016/05/02/1
oss-security - Re: CVE Request: Jansson: stack exhaustion parsing a JSON file
-
http://www.openwall.com/lists/oss-security/2016/05/03/3
oss-security - Re: CVE Request: Jansson: stack exhaustion parsing a JSON file
-
https://github.com/akheron/jansson/pull/284
Fix for issue #282 by dev-zzo · Pull Request #284 · akheron/jansson · GitHubPatch
-
https://github.com/akheron/jansson/issues/282
Stack exhaustion parsing a JSON file · Issue #282 · akheron/jansson · GitHubPatch
Products affected by CVE-2016-4425
- cpe:2.3:a:jansson_project:jansson:*:*:*:*:*:*:*:*