Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-id: <09034647-4A0F-45A5-BD05-543844A711DF@me.com>
Date: Mon, 15 Jun 2015 21:03:45 -0400
From: Giancarlo Canales <gcanalesb@...com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: CVE ID Request: Buffer overflow in ArduinoJson when parsing
 crafted JSON strings

Any update on a possible CVE for this issue?

Thanks,


Giancarlo Canales Barreto

> On Jun 10, 2015, at 5:12 PM, Giancarlo Canales <gcanalesb@...com> wrote:
> 
> I recently discovered a buffer overflow weakness in the open source ArduinoJson library.
> Several IoT projects are using this library, and a CVE number would help ensure traceability of the issue abroad.
> 
> This issue has already been made public, and a fix has been released by the project maintainer.
> 
> Title: Buffer overflow in ArduinoJson when parsing crafted JSON strings
> Products: ArduinoJson
> Affects: All versions prior to v4.5
> Type: Buffer overflow
> First CVE ID Request: Yes
> 
> Link to vulnerable source code or fix:
> https://github.com/bblanchon/ArduinoJson/commit/5e7b9ec688d79e7b16ec7064e1d37e8481a31e72
> 
> Link to source code change log:
> https://github.com/bblanchon/ArduinoJson/blob/master/CHANGELOG.md
> 
> Link to bug entry:
> https://github.com/bblanchon/ArduinoJson/pull/81
> 
> Thanks in advance,
> 
> 
> Giancarlo Canales Barreto


Download attachment "signature.asc" of type "application/pgp-signature" (843 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.