|
Message-id: <F0AF15DC-5C68-4A2F-A920-BC5750912A97@me.com>
Date: Wed, 10 Jun 2015 17:12:09 -0400
From: Giancarlo Canales <gcanalesb@...com>
To: oss-security@...ts.openwall.com
Subject: CVE ID Request: Buffer overflow in ArduinoJson when parsing crafted
JSON strings
I recently discovered a buffer overflow weakness in the open source ArduinoJson library.
Several IoT projects are using this library, and a CVE number would help ensure traceability of the issue abroad.
This issue has already been made public, and a fix has been released by the project maintainer.
Title: Buffer overflow in ArduinoJson when parsing crafted JSON strings
Products: ArduinoJson
Affects: All versions prior to v4.5
Type: Buffer overflow
First CVE ID Request: Yes
Link to vulnerable source code or fix:
https://github.com/bblanchon/ArduinoJson/commit/5e7b9ec688d79e7b16ec7064e1d37e8481a31e72
Link to source code change log:
https://github.com/bblanchon/ArduinoJson/blob/master/CHANGELOG.md
Link to bug entry:
https://github.com/bblanchon/ArduinoJson/pull/81
Thanks in advance,
Giancarlo Canales Barreto
Download attachment "signature.asc" of type "application/pgp-signature" (843 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.