CVE-2016-4425

6.5 MEDIUM

Published: May 17, 2016 Modified: December 04, 2025

Description

Jansson 2.7 and earlier allows context-dependent attackers to cause a denial of service (deep recursion, stack consumption, and crash) via crafted JSON data.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://www.debian.org/security/2015/dsa-3577

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2016/05/01/5

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2016/05/02/1

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2016/05/03/3

Source: cve@mitre.org

https://github.com/akheron/jansson/issues/282

Source: cve@mitre.org

Patch

https://github.com/akheron/jansson/pull/284

Source: cve@mitre.org

Patch

https://github.com/akheron/jansson/pull/284/commits/64ce0ad3731ebd77e02897b07920eadd0e2cc318

Source: cve@mitre.org

http://www.debian.org/security/2015/dsa-3577