A flaw in json-c was discovered and libfastjson was also affected. Fixed upstream in 0.99.9.1. Version 1.2304.0 has been pushed to Cauldron.
https://github.com/advisories/GHSA-3797-gmjf-45gm
Update pushed to Cauldron.
Version: Cauldron => 8
Advisory ======== libfastjson has been updated to fix CVE-2020-12762. CVE-2020-12762: json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend. References ========== https://github.com/advisories/GHSA-3797-gmjf-45gm https://nvd.nist.gov/vuln/detail/CVE-2020-12762 Files ===== Uploaded to core/updates_testing libfastjson4-1.2304.0-1.mga8 libfastjson-devel-1.2304.0-1.mga8 from libfastjson-1.2304.0-1.mga8.src.rpm
Assignee: smelror => qa-bugs
Here is how you can test https://github.com/rsyslog/libfastjson/pull/166#issuecomment-1468211763
Part 1, before update: Mageia8, x86_64 $ cat test.c #include "libfastjson/json_util.h" #include <unistd.h> int main() { fjson_object_from_fd(STDIN_FILENO); return 0; } $ gcc test.c -o test -Llib64 -lfastjson -I include/libfastjson $ dd if=/dev/zero of=poc.json bs=1 count=1 seek=2147483647 1+0 records in 1+0 records out 1 byte copied, 0.00617968 s, 0.2 kB/s $ export LD_LIBRARY_PATH=$(pwd)/lib64 $ (dd if=poc.json bs=4096; sleep 1; dd if=test.json bs=10) 2>/dev/null | ./test Segmentation fault (core dumped) lcl@canopus:fastjson $ echo $? 139 Is test.json a typo? Don't see where that is generated. The segfault occurs after considerably more than 1 second. Part 2 Updated to lib64fastjson4-1.2304.0-1.mga8 lib64fastjson-devel-1.2304.0-1.mga8 Recompiled test. $ (dd if=poc.json bs=4096; sleep 1; dd if=test.json bs=10) 2>/dev/null | ./test $ Completed after a second or two, no segfault. urpmq --whatrequires returns rsyslog as the only application using fastjson. Installed rsyslog and started it as a service under strace. $ sudo grep fastjson rsyslog.trace $ Guess it comes into play when logging occurs. Don't know how to use rsyslog so the PoC test shall have to be enough to validate this update.
Whiteboard: (none) => MGA8-64-OKCC: (none) => tarazed25
Validating. Advisory in comment 3.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Keywords: (none) => advisoryCC: (none) => davidwhodgins
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2023-0159.html
Status: NEW => RESOLVEDResolution: (none) => FIXED