Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Mageia 8 MGASA-2022-0270 Critical: Python-ujson Buffer Overflow

mageia
Calendar Grey July 29, 2022
Dist Mageia Esm H88
The latest release of python-ujson in Mageia resolves various vulnerabilities, specifically targeting concerns such as memory leaks and buffer overflows that could compromise security.
Add support for arbitrary size integers

Summary

Add support for arbitrary size integers. Replace 'wchar_t' string decoding implementation with a 'uint32_t'-based one; fix handling of surrogates on decoding (CVE-2022-31116) Potential double free of buffer during string decoding - Fix memory leak on encoding errors when the buffer was resized - Integer parsing: always detect overflows - Fix handling of surrogates on encoding (CVE-2022-31117)

References

- https://bugs.mageia.org/show_bug.cgi?id=30663

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/OPPU5FZP3LCTXYORFH7NHUMYA5X66IA7/

- https://www.cve.org/CVERecord?id=CVE-2022-31116

- https://www.cve.org/CVERecord?id=CVE-2022-31117

Topics%20covered

Topics Covered

security advisory buffer overflow critical memory leak Mageia python-ujson CVE-2022-31116

Resolution

SRPMS

- 8/core/python-ujson-5.4.0-1.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 29 Jul 2022
URL: https://advisories.mageia.org/MGASA-2022-0270.html
Type: security
CVE: CVE-2022-31116, CVE-2022-31117

Topics%20covered

Topics Covered

security advisory buffer overflow critical memory leak Mageia python-ujson CVE-2022-31116

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here