CVE Vulnerabilities

CVE-2013-6401

Published: Mar 21, 2014 | Modified: May 23, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
5 MODERATE
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu
MEDIUM

Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted JSON document.

Affected Software

Name Vendor Start Version End Version
Jansson Jansson_project * 2.4 (including)
Jansson Jansson_project 2.0 (including) 2.0 (including)
Jansson Jansson_project 2.0.1 (including) 2.0.1 (including)
Jansson Jansson_project 2.1 (including) 2.1 (including)
Jansson Jansson_project 2.2 (including) 2.2 (including)
Jansson Jansson_project 2.2.1 (including) 2.2.1 (including)
Jansson Jansson_project 2.3 (including) 2.3 (including)
Jansson Jansson_project 2.3.1 (including) 2.3.1 (including)
Jansson Ubuntu precise *
Jansson Ubuntu quantal *
Jansson Ubuntu saucy *
Jansson Ubuntu trusty *
Jansson Ubuntu trusty/esm *
Jansson Ubuntu upstream *

References