Jansson Project : Security Vulnerabilities, CVEs,
Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data.
Max CVSS
7.5
EPSS Score
0.92%
Published
2016-05-17
Updated
2016-05-19
** DISPUTED ** An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification.
Max CVSS
7.5
EPSS Score
0.16%
Published
2021-04-26
Updated
2021-05-04
Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted JSON document.
Max CVSS
5.0
EPSS Score
0.16%
Published
2014-03-21
Updated
2014-05-23
3 vulnerabilities found