What is the vulnerability associated with REDHAT-BUG-1032311?

REDHAT-BUG-1032311 identifies a weakness in the hash function of the json-c library, causing quadratic timing behavior when parsing smallish JSON strings.

How can the issue in REDHAT-BUG-1032311 affect applications?

Applications linked to the json-c library can experience excessive CPU usage when processing specially-crafted JSON data due to the vulnerability.

What versions of json-c are affected by REDHAT-BUG-1032311?

The specific versions of json-c affected by REDHAT-BUG-1032311 have not been detailed, but any application utilizing the vulnerable library may be at risk.

How do I mitigate the impact of REDHAT-BUG-1032311?

To mitigate the impact of REDHAT-BUG-1032311, update to a patched version of the json-c library that addresses the weakness.

Is REDHAT-BUG-1032311 classified as critical?

REDHAT-BUG-1032311 may not be classified as critical, but it poses a significant performance risk due to excessive CPU consumption.

Vulnerability/
REDHAT-BUG-1032311

medium

20/11/2013

12/5/2023

REDHAT-BUG-1032311

First published: Wed Nov 20 2013(Updated: )

Florian Weimer reported that the hash function in the json-c library was weak, and that parsing smallish JSON strings showed quadratic timing behaviour. This could cause an application linked to the json-c library, and that processes some specially-crafted JSON data, to use excessive amounts of CPU. Acknowledgements: This issue was discovered by Florian Weimer of the Red Hat Product Security Team.

Affected Software	Affected Version	How to fix
libjson-c

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability associated with REDHAT-BUG-1032311?
REDHAT-BUG-1032311 identifies a weakness in the hash function of the json-c library, causing quadratic timing behavior when parsing smallish JSON strings.
How can the issue in REDHAT-BUG-1032311 affect applications?
Applications linked to the json-c library can experience excessive CPU usage when processing specially-crafted JSON data due to the vulnerability.
What versions of json-c are affected by REDHAT-BUG-1032311?
The specific versions of json-c affected by REDHAT-BUG-1032311 have not been detailed, but any application utilizing the vulnerable library may be at risk.
How do I mitigate the impact of REDHAT-BUG-1032311?
To mitigate the impact of REDHAT-BUG-1032311, update to a patched version of the json-c library that addresses the weakness.
Is REDHAT-BUG-1032311 classified as critical?
REDHAT-BUG-1032311 may not be classified as critical, but it poses a significant performance risk due to excessive CPU consumption.

agent/type
agent/first-publish-date
agent/last-modified-date
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2013-6371
agent/severity
agent/references
agent/description
agent/event
agent/trending
agent/source
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/json-c
canonical/libjson-c

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.