Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

Ubuntu 20.04 LTS USN-6629-2 Moderate: Ujson Denial Of Service

ubuntu
Calendar Grey February 14, 2024
Dist Ubuntu Esm H88
Ubuntu Security Alert USN-6629-2 addresses vulnerabilities linked to ujson, which could impact installed software and lead to possible crash scenarios.
UltraJSON could be made to crash if it received specially crafted input.

Summary

UltraJSON could be made to crash if it received specially crafted

input.

Software Description:

- ujson: ultra fast JSON encoder and decoder for Python 3

Details:

USN-6629-1 fixed vulnerabilities in UltraJSON.

This update provides the corresponding updates for Ubuntu 20.04 LTS.

Original advisory details:

It was discovered that UltraJSON incorrectly handled certain input with

a large amount of indentation. An attacker could possibly use this issue

to crash the program, resulting in a denial of service. (CVE-2021-45958)

Jake Miller discovered that UltraJSON incorrectly decoded certain

characters. An attacker could possibly use this issue to cause key

confusion and overwrite values in dictionaries. (CVE-2022-31116)

It was discovered that UltraJSON incorrectly handled an error when

reallocating a buffer for string decoding. An attacker could possibly

use this issue to corrupt memory. (CVE-2022-31117)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
   python3-ujson                   1.35-4ubuntu0.1

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6629-2

https://ubuntu.com/security/notices/USN-6629-1

CVE-2021-45958

Ubuntu Security Notice USN-6629-2

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here