[3.5] jansson: stack exhaustion parsing a JSON file (CVE-2016-4425)
Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data.
References:
http://www.openwall.com/lists/oss-security/2016/05/01/5
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4425
Patch:
https://github.com/akheron/jansson/commit/64ce0ad3731ebd77e02897b07920eadd0e2cc318
(from redmine: issue id 5790, created on 2016-06-24, closed on 2016-07-07)
- Relations:
- parent #5789 (closed)