CVE-2016-4303 - Vulncode-DB

CVE-2016-4303 (NVD)

2016-09-26

The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.

Products	Debian_linux, Iperf3, Suse_package_hub_for_suse_linux_enterprise, Leap, Opensuse
Type	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') (CWE-120)
First patch	https://github.com/esnet/iperf/commit/91f2fa59e8ed80dfbf400add0164ee0e508e412a
Relevant file/s	• ./configure.ac (modified, +6) • ./src/cjson.c (modified, +571, -842) • ./src/cjson.h (modified, +79, -54) • ./src/iperf_api.c (modified, +39, -29) • ./src/iperf_util.c (modified, +2, -2)
Links	• http://software.es.net/iperf/news.html#security-issue-iperf-3-1-3-iperf-3-0-12-released • http://blog.talosintel.com/2016/06/esnet-vulnerability.html • http://lists.opensuse.org/opensuse-updates/2016-08/msg00090.html • https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc • https://lists.debian.org/debian-lts-announce/2020/01/msg00023.html More/Less (2) • http://www.talosintelligence.com/reports/TALOS-2016-0164/ • http://lists.opensuse.org/opensuse-updates/2016-08/msg00082.html

iperf - Tree: 91f2fa59e8

(? files)

Filter Settings

All Files

Relevant Files

Vulnerable Files

Patched Files

Files

VS-Dark VS-Bright Monokai Darcula

Navigation

Patch data:

(on by default)

Patched area: