Headline
CVE-2021-45958: oss-fuzz-vulns/OSV-2021-955.yaml at main · google/oss-fuzz-vulns
UltraJSON (aka ujson) through 5.1.0 has a stack-based buffer overflow in Buffer_AppendIndentUnchecked (called from encode). Exploitation can, for example, use a large amount of indentation.
id: OSV-2021-955
summary: Stack-buffer-overflow in Buffer_AppendIndentUnchecked
details: |
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009
```
Crash type: Stack-buffer-overflow WRITE 1
Crash state:
Buffer_AppendIndentUnchecked
encode
encode
```
modified: ‘2022-05-19T00:45:08.957102Z’
published: ‘2021-07-11T00:01:05.153778Z’
references:
- type: REPORT
url: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=36009
affected:
- package:
name: ujson
ecosystem: PyPI
ranges:
- type: GIT
repo: https://github.com/ultrajson/ultrajson.git
events:
- introduced: 0c52200eb4e2d97e548a765d5f089858c41967b0
- fixed: f6860f1f3d8d4e92b9be0e5815355a8976c6e75b
- fixed: 5525f8c9ef8bb879dadd0eb942d524827d1b0362
versions:
- 2.0.0
- 2.0.1
- 2.0.2
- 2.0.3
- 3.0.0
- 3.1.0
- 3.2.0
- 4.0.0
- 4.0.1
- 4.0.2
- 4.1.0
- 4.2.0
- 4.3.0
- 5.0.0
- 5.1.0
- v1.34
- v1.35
ecosystem_specific:
severity: HIGH
Related news
Ubuntu Security Notice 6629-3 - USN-6629-1 fixed vulnerabilities in UltraJSON. This update provides the corresponding updates for Ubuntu 20.04 LTS. It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jake Miller discovered that UltraJSON incorrectly decoded certain characters. An attacker could possibly use this issue to cause key confusion and overwrite values in dictionaries. It was discovered that UltraJSON incorrectly handled an error when reallocating a buffer for string decoding. An attacker could possibly use this issue to corrupt memory.
Ubuntu Security Notice 6629-2 - USN-6629-1 fixed vulnerabilities in UltraJSON. This update provides the corresponding updates for Ubuntu 20.04 LTS. It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jake Miller discovered that UltraJSON incorrectly decoded certain characters. An attacker could possibly use this issue to cause key confusion and overwrite values in dictionaries. It was discovered that UltraJSON incorrectly handled an error when reallocating a buffer for string decoding. An attacker could possibly use this issue to corrupt memory.
Ubuntu Security Notice 6629-1 - It was discovered that UltraJSON incorrectly handled certain input with a large amount of indentation. An attacker could possibly use this issue to crash the program, resulting in a denial of service. Jake Miller discovered that UltraJSON incorrectly decoded certain characters. An attacker could possibly use this issue to cause key confusion and overwrite values in dictionaries. It was discovered that UltraJSON incorrectly handled an error when reallocating a buffer for string decoding. An attacker could possibly use this issue to corrupt memory.