Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2016-4303: Fix a buffer overflow / heap corruption issue that could occur if a · esnet/iperf@91f2fa5

The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.

CVE
#cisco#dos#js#buffer_overflow

Permalink

Browse files

Fix a buffer overflow / heap corruption issue that could occur if a

malformed JSON string was passed on the control channel. This issue, present in the cJSON library, was already fixed upstream, so was addressed here in iperf3 by importing a newer version of cJSON (plus local ESnet modifications).

Discovered and reported by Dave McDaniel, Cisco Talos.

Based on a patch by @dopheide-esnet, with input from @DaveGamble.

Cross-references: TALOS-CAN-0164, ESNET-SECADV-2016-0001, CVE-2016-4303

(cherry picked from commit ed94082) Signed-off-by: Bruce A. Mah [email protected]

  • Loading branch information

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907