What is the severity of CVE-2021-32292?

CVE-2021-32292 is classified as a high severity vulnerability due to the potential for remote code execution resulting from the stack-buffer-overflow.

How do I fix CVE-2021-32292?

To mitigate CVE-2021-32292, users should upgrade to json-c version 0.16 or later.

What software is affected by CVE-2021-32292?

CVE-2021-32292 affects json-c versions 0.12.1+ds-2+deb10u1, 0.15-2+deb11u1, 0.16-2, and 0.17-1, among others.

What type of vulnerability is CVE-2021-32292?

CVE-2021-32292 is identified as a stack-buffer-overflow vulnerability.

Can CVE-2021-32292 be exploited remotely?

Yes, CVE-2021-32292 can potentially be exploited remotely, leading to unauthorized execution of code.

Vulnerability/
CVE-2021-32292

critical

9.8

CWE

787

22/8/2023

2/4/2025

CVE-2021-32292

First published: Tue Aug 22 2023(Updated: )

An issue was discovered in json-c from 20200420 (post 0.14 unreleased code) through 0.15-20200726. A stack-buffer-overflow exists in the auxiliary sample program json_parse which is located in the function parseit.

Credit: cve@mitre.org cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
debian/json-c		0.12.1+ds-2+deb10u1 0.15-2+deb11u1 0.16-2 0.17-1
CentOS Json-C	=0.15-20200726
NetApp Active IQ Unified Manager for VMware vSphere
Red Hat Json-c	=0.15-20200726

Remedy

https://github.com/json-c/json-c/pull/655/commits/4e9e44e5258dee7654f74948b0dd5da39c28beec

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2021-32292?
CVE-2021-32292 is classified as a high severity vulnerability due to the potential for remote code execution resulting from the stack-buffer-overflow.
How do I fix CVE-2021-32292?
To mitigate CVE-2021-32292, users should upgrade to json-c version 0.16 or later.
What software is affected by CVE-2021-32292?
CVE-2021-32292 affects json-c versions 0.12.1+ds-2+deb10u1, 0.15-2+deb11u1, 0.16-2, and 0.17-1, among others.
What type of vulnerability is CVE-2021-32292?
CVE-2021-32292 is identified as a stack-buffer-overflow vulnerability.
Can CVE-2021-32292 be exploited remotely?
Yes, CVE-2021-32292 can potentially be exploited remotely, leading to unauthorized execution of code.

collector/usn-cve
collector/launchpad-cve
collector/security-tracker-debian
agent/type
agent/first-publish-date
agent/severity
agent/weakness
agent/author
agent/references
agent/remedy
agent/event
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-cve
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
package-manager/debian
vendor/json-c project
canonical/centos json-c
version/centos json-c/0.15-20200726
vendor/netapp
canonical/netapp active iq unified manager for vmware vsphere
vendor/json-c
canonical/red hat json-c
version/red hat json-c/0.15-20200726

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.