CVE-2016-4425
Publication date 17 May 2016
Last updated 24 July 2024
Ubuntu priority
Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data.
From the Ubuntu Security Team
It was discovered that Jansson incorrectly handled certain JSON files. An attacker could possibly use this issue to cause a denial of service.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| jansson | 18.04 LTS bionic |
Not affected
|
| 16.04 LTS xenial |
Fixed 2.7-3ubuntu0.1
|
|
| 14.04 LTS trusty |
Fixed 2.5-2ubuntu0.1
|
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.5 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | None |
| Integrity impact | None |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |