CVE-2020-12762: Integer Overflow
First published: Sat May 09 2020(Updated: )
json-c could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow and out-of-bounds write. By persuading a victim to run a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
Credit: cve@mitre.org cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Json-c Json-c | <0.15-20200726 | |
| Fedoraproject Fedora | =30 | |
| Fedoraproject Fedora | =31 | |
| Fedoraproject Fedora | =32 | |
| Debian Debian Linux | =8.0 | |
| Debian Debian Linux | =9.0 | |
| Debian Debian Linux | =10.0 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =14.04 | |
| Canonical Ubuntu Linux | =16.04 | |
| Canonical Ubuntu Linux | =18.04 | |
| Canonical Ubuntu Linux | =19.10 | |
| Canonical Ubuntu Linux | =20.04 | |
| Siemens Sinec Ins | ||
| Siemens Sinec Ins | =1.0 | |
| Siemens Sinec Ins | =1.0-sp1 | |
| redhat/json-c-0.14 | <3. | 3. |
| redhat/libfastjson | <0.99.9.1 | 0.99.9.1 |
| IBM QRadar SIEM | <=7.5.0 GA | |
| IBM QRadar SIEM | <=7.4.3 GA - 7.4.3 FP4 | |
| IBM QRadar SIEM | <=7.3.3 GA - 7.3.3 FP10 | |
| ubuntu/json-c | <0.12.1-1.3ubuntu0.3 | 0.12.1-1.3ubuntu0.3 |
| ubuntu/json-c | <0.13.1+dfsg-4ubuntu0.3 | 0.13.1+dfsg-4ubuntu0.3 |
| ubuntu/json-c | <0.13.1+dfsg-7ubuntu0.3 | 0.13.1+dfsg-7ubuntu0.3 |
| ubuntu/json-c | <0.11-3ubuntu1.2+ | 0.11-3ubuntu1.2+ |
| ubuntu/json-c | <0.11-4ubuntu2.6 | 0.11-4ubuntu2.6 |
| debian/json-c | 0.15-2+deb11u1 0.16-2 0.17-1 | |
| debian/libfastjson | <=0.99.9-1 | 1.2304.0-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf
- https://github.com/json-c/json-c/pull/592
- https://github.com/rsyslog/libfastjson/issues/161
- https://lists.debian.org/debian-lts-announce/2020/05/msg00032.html
- https://lists.debian.org/debian-lts-announce/2020/05/msg00034.html
- https://lists.debian.org/debian-lts-announce/2020/07/msg00031.html
- https://lists.debian.org/debian-lts-announce/2023/06/msg00023.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBR36IXYBHITAZFB5PFBJTED22WO5ONB/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CQQRRGBQCAWNCCJ2HN3W5SSCZ4QGMXQI/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W226TSCJBEOXDUFVKNWNH7ETG7AR6MCS/
- https://security.gentoo.org/glsa/202006-13
- https://security.netapp.com/advisory/ntap-20210521-0001/
- https://usn.ubuntu.com/4360-1/
- https://usn.ubuntu.com/4360-4/
- https://www.debian.org/security/2020/dsa-4741
- https://launchpad.net/bugs/cve/CVE-2020-12762
- https://github.com/json-c/json-c/commit/099016b7e8d70a6d5dd814e788bba08d33d48426
- https://github.com/json-c/json-c/commit/77d935b7ae7871a1940cd827e850e6063044ec45
- https://github.com/json-c/json-c/commit/d07b91014986900a3a75f306d302e13e005e9d67
- https://github.com/json-c/json-c/commit/519dfe1591d85432986f9762d41d1a883198c157
- https://github.com/json-c/json-c/commit/a59d5acfab4485d5133114df61785b1fc633e0c6
- https://github.com/json-c/json-c/issues/599
- https://github.com/json-c/json-c/pull/610
- https://github.com/json-c/json-c/pull/608
- https://security-tracker.debian.org/tracker/CVE-2020-12762
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBR36IXYBHITAZFB5PFBJTED22WO5ONB/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CQQRRGBQCAWNCCJ2HN3W5SSCZ4QGMXQI/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W226TSCJBEOXDUFVKNWNH7ETG7AR6MCS/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1835255
- https://github.com/json-c/json-c/pull/592/commits/d07b91014986900a3a75f306d302e13e005e9d67
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1836219
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1836220
- https://github.com/json-c/json-c/pull/607
- https://github.com/json-c/json-c/pull/611
- https://github.com/json-c/json-c/pull/612
- https://github.com/json-c/json-c/pull/613
- https://access.redhat.com/security/cve/cve-2020-12762
- https://access.redhat.com/errata/RHSA-2021:4382
- https://access.redhat.com/security/cve/CVE-2020-12762
- https://github.com/rsyslog/libfastjson/pull/166
- https://github.com/rsyslog/libfastjson/commit/f51fcd59a8bbeb60eaf8ae0e398556be2fa3317a
- https://github.com/rsyslog/libfastjson/issues/161#issuecomment-1463424648
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2203170
- https://access.redhat.com/errata/RHSA-2023:6431
- https://access.redhat.com/errata/RHSA-2023:6976
- https://access.redhat.com/errata/RHSA-2024:0411
- https://access.redhat.com/errata/RHSA-2024:0573
- https://access.redhat.com/errata/RHSA-2024:1086
- https://access.redhat.com/errata/RHSA-2024:1154
- https://bugzilla.redhat.com/show_bug.cgi?id=1835253
- https://exchange.xforce.ibmcloud.com/vulnerabilities/182094
- https://www.ibm.com/support/pages/node/6574787 (Advisory)
- https://ubuntu.com/security/notices/USN-4360-1
- https://ubuntu.com/security/notices/USN-4360-4
- https://www.cve.org/CVERecord?id=CVE-2020-12762
- https://nvd.nist.gov/vuln/detail/CVE-2020-12762
- https://github.com/json-c/json-c/pull/592/commits/099016b7e8d70a6d5dd814e788bba08d33d48426
- https://github.com/json-c/json-c/pull/592/commits/77d935b7ae7871a1940cd827e850e6063044ec45
- https://github.com/besser82/json-c/commit/7a4807fe0cdb1d9e20273c79762cbf54833aaae4
- https://ubuntu.com/security/CVE-2020-12762
Frequently Asked Questions
What is the vulnerability ID of this vulnerability?
The vulnerability ID is CVE-2020-12762.
What is the severity of CVE-2020-12762?
The severity of CVE-2020-12762 is high.
Which software products and versions are affected by this vulnerability?
This vulnerability affects IBM QRadar SIEM versions 7.5.0 GA, 7.4.3 GA - 7.4.3 FP4, and 7.3.3 GA - 7.3.3 FP10.
How can I fix CVE-2020-12762?
To fix CVE-2020-12762, you can apply the patches provided by IBM for affected versions of IBM QRadar SIEM.
Where can I find more information about CVE-2020-12762?
You can find more information about CVE-2020-12762 on the following websites: [IBM X-Force Exchange](https://exchange.xforce.ibmcloud.com/vulnerabilities/182094), [IBM Support](https://www.ibm.com/support/pages/node/6574787), [Siemens ProductCERT](https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf).
- collector/nvd-api
- collector/nvd-index
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/first-publish-date
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/softwarecombine
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2020-12762
- collector/ibm-support
- source/IBM
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- collector/usn-cve
- source/Ubuntu
- collector/security-tracker-debian
- source/Debian
- agent/remedy
- agent/references
- agent/tags
- vendor/json-c
- canonical/json-c json-c
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/30
- version/fedoraproject fedora/31
- version/fedoraproject fedora/32
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- version/debian debian linux/9.0
- version/debian debian linux/10.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/14.04
- version/canonical ubuntu linux/16.04
- version/canonical ubuntu linux/18.04
- version/canonical ubuntu linux/19.10
- version/canonical ubuntu linux/20.04
- vendor/siemens
- canonical/siemens sinec ins
- version/siemens sinec ins/1.0
- version/siemens sinec ins/1.0-sp1
- package-manager/redhat
- vendor/ibm
- canonical/ibm qradar siem
- version/ibm qradar siem/7.5.0 ga
- version/ibm qradar siem/7.4.3 ga - 7.4.3 fp4
- version/ibm qradar siem/7.3.3 ga - 7.3.3 fp10
- package-manager/ubuntu
- package-manager/debian