Headline
CVE-2021-32292: A stack-buffer-overflow in json_parse.c:89:44 · Issue #654 · json-c/json-c
An issue was discovered in json-c through 0.15-20200726. A stack-buffer-overflow exists in the function parseit located in json_parse.c. It allows an attacker to cause code Execution.
cmake …-DCMAKE_CXX_FLAGS="-fsanitize=address -g" -DCMAKE_C_FLAGS="-fsanitize=address -g" -DCMAKE_EXE_LINKER_FLAGS="-fsanitize=address"
=================================================================
==12668==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffea9c409b0 at pc 0x00000051747b bp 0x7ffea9c388b0 sp 0x7ffea9c388a8
READ of size 1 at 0x7ffea9c409b0 thread T0
#0 0x51747a in parseit /home/seviezhou/jsonc/apps/json_parse.c:89:44
#1 0x51747a in main /home/seviezhou/jsonc/apps/json_parse.c:182
#2 0x7fc02a77783f in __libc_start_main /build/glibc-e6zv40/glibc-2.23/csu/../csu/libc-start.c:291
#3 0x41a928 in _start (/home/seviezhou/jsonc/build/apps/json_parse+0x41a928)
Address 0x7ffea9c409b0 is located in stack of thread T0 at offset 33008 in frame
#0 0x51651f in main /home/seviezhou/jsonc/apps/json_parse.c:159
This frame has 3 object(s):
[32, 176) 'rusage.i.i.i' (line 42)
[240, 33008) 'buf.i' (line 52) <== Memory access at offset 33008 overflows this variable
[33264, 33408) 'rusage.i' (line 42)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /home/seviezhou/jsonc/apps/json_parse.c:89:44 in parseit
Shadow bytes around the buggy address:
0x1000553800e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x1000553800f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100055380100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100055380110: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100055380120: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x100055380130: 00 00 00 00 00 00[f2]f2 f2 f2 f2 f2 f2 f2 f2 f2
0x100055380140: f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2 f2
0x100055380150: f2 f2 f2 f2 f2 f2 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8
0x100055380160: f8 f8 f8 f8 f8 f8 f8 f8 f3 f3 f3 f3 f3 f3 f3 f3
0x100055380170: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x100055380180: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==12668==ABORTINGRelated news
Gentoo Linux Security Advisory 202408-8 - A vulnerability has been discovered in json-c, which can lead to a stack buffer overflow. Versions greater than or equal to 0.16 are affected.
An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process. In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.
Debian Linux Security Advisory 5486-1 - An invalid memory access was discovered in json-c, a JSON library which could result in denial of service.
Ubuntu Security Notice 6310-1 - It was discovered that json-c incorrectly handled certain JSON files. An attacker could possibly use this issue to cause a crash or execute arbitrary code.