Buffer Overflow Vulnerability in Arduino JSON Library by Bblanchon
CVE-2015-4590

Currently unrated

Key Information:

Vendor: Arduino Json Project
Status: Arduino Json
Vendor: CVE Published:; 22 June 2015

🔔 Create Arduino Json Project Vulnerability Alert

What is CVE-2015-4590?

In the Arduino JSON library, specifically in the extractFrom function within the Internals/QuotedString.cpp file, an exploitable buffer overflow vulnerability exists. This flaw is triggered when a JSON string containing a backslash followed by a terminator (such as '\0') is processed. Successful exploitation can lead to a denial of service, causing the library to crash, which may be exploitable by remote attackers through crafted JSON strings.

References

https://github.com/bblanchon/ArduinoJson/commit/5e7b9ec68...

x_refsource_CONFIRM

https://github.com/bblanchon/ArduinoJson/pull/81

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2015/06/16/6

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2015
Vulnerability Reserved
Jun 16, 2015

JSON