Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2013-6401

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2013-6401
Last Modified 23 May 2014 12:03:18
Published 20 Mar 2014 09:04:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2013-6401

Summary

Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted JSON document.

Vulnerable Systems

Application

  • Jansson Project Jansson 2.0

  • Jansson Project Jansson 2.0.1

  • Jansson Project Jansson 2.1

  • Jansson Project Jansson 2.2

  • Jansson Project Jansson 2.2.1

  • Jansson Project Jansson 2.3

  • Jansson Project Jansson 2.3.1

  • Jansson Project Jansson 2.4


References

CONFIRM - https://github.com/akheron/jansson/commit/8f80c2d83808150724d31793e6ade92749b1faa4

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=1035538

SUSE - openSUSE-SU-2014:0394

MLIST - [oss-security] 20140211 CVE-2013-6401 Jansson hash collision issue


Last Updated: 27 May 2016 11:04:46