Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted JSON document.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Jansson | Jansson_project | 2.0 | 2.0 |
Jansson | Jansson_project | 2.2.1 | 2.2.1 |
Jansson | Jansson_project | 2.3.1 | 2.3.1 |
Jansson | Jansson_project | 2.3 | 2.3 |
Jansson | Jansson_project | 2.2 | 2.2 |
Jansson | Jansson_project | 2.1 | 2.1 |
Jansson | Jansson_project | * | 2.4 |
Jansson | Jansson_project | 2.0.1 | 2.0.1 |