A vulnerability has been reported in python-cjson, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise an application using the module.
The vulnerability is caused due to a boundary error when encoding certain wide unicode character sequences. This can be exploited to cause a buffer overflow by e.g. tricking an application into encoding specially crafted wide unicode strings.
The vulnerability is reported in version 1.0.5 on UCS4 builds. Other versions may also be affected.
Solution: Use another module.
Provided and/or discovered by: Matt Giuca
Original Advisory: https://bugs.launchpad.net/ubuntu/+source/python-cjson/+bug/585274
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: python-cjson Unicode Character Encoding Buffer Overflow Vulnerability