Description
JSON-C implements a reference counting object model that allows you to
easily construct JSON objects in C, output them as JSON-formatted strings,
and parse JSON-formatted strings back into the C representation of
JSON objects.
Multiple buffer overflow flaws were found in the way the json-c library
handled long strings in JSON documents. An attacker able to make an
application using json-c parse excessively large JSON input could cause the
application to crash. (CVE-2013-6370)
A denial of service flaw was found in the implementation of hash arrays in
json-c. An attacker could use this flaw to make an application using json-c
consume an excessive amount of CPU time by providing a specially crafted
JSON document that triggers multiple hash function collisions. To mitigate
this issue, json-c now uses a different hash function and randomization to
reduce the chance of an attacker successfully causing intentional
collisions. (CVE-2013-6371)