CVE-2021-32292

Name
CVE-2021-32292
Description
An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/json-c/json-c/issues/654
Third Party Advisory https://security.netapp.com/advisory/ntap-20230929-0010/
Third Party Advisory https://www.debian.org/security/2023/dsa-5486

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:json-c_project:json-c:*:*:*:*:*:*:*:* json-c >= None <= 0.15-20200726
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:* active_iq_unified_manager == None == -

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
json-c 3.15-main 0.15-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable