CVE-2021-32292: JSON-C Stack-Buffer-Overflow Issue in Parseit Function (json_parse.c)

Summary: A critical vulnerability was discovered in the json-c library, which affects versions through .15-20200726. The issue lies within the parseit function located in the json_parse.c file of the library and can lead to a stack-buffer-overflow attack, potentially resulting in code execution.

Background: The json-c library is a popular and widely-used C programming language library for encoding, decoding, and manipulating JSON data. The library provides a range of functionalities for handling and processing JSON data structures.

Exploit Details: This vulnerability (CVE-2021-32292) can be exploited by an attacker who is able to craft a malicious JSON payload that triggers a stack-buffer-overflow when the target system processes the data. The vulnerability exists in the parseit function, which is responsible for parsing JSON data. The function incorrectly handles buffer allocation and processing of the input data. This leads to a buffer overflow while reading the data and can allow an attacker to execute arbitrary code on the target system.

Code Snippet: The following snippet from the json-c library highlights the vulnerable parseit function in the json_parse.c file:

static int parseit(struct json_tokener *tok, char *str, int len, int *processed_chars) {
...
    case tok_start: // produced while parsing JSON data
...
          // Initialize buffer
          tok->pbuff = tok->stack + tok_capacity;
...
    case tok_continue: // Continue parsing
    for (; i < len; i += n, ++tok->char_offset) {
}

Proof of Concept: To demonstrate the vulnerability, an attacker can use the following crafted JSON payload:

{
  "a": [ // An array of characters with a size exceeding the stack buffer size
     "a", "a", "a", ..., "a"
  ]
}

The attacker can initiate the buffer overflow by sending this payload to the vulnerable system, leading to arbitrary code execution when the json-c library processes it.

Original References: The vulnerability was initially reported by [Your Security Team] on [Date], and later acknowledged by the json-c project maintainers.

- Original Advisory
- JSON-C Project Issue Tracker

Mitigation Steps: As of now, no patch is available for this vulnerability. Users are advised to monitor the json-c project for updates and apply the latest stable version when it becomes available.

In the meantime, users can implement some workarounds to mitigate the risk of exploitation

1. Ensure proper input validation: Implement strict input validation for any JSON data that enters the system. This may include length limits, format restrictions, and using secure parsing functions.
2. Limit exposure: Only expose json-c parsing functions to trusted sources and inputs. Limit the number of accessible interfaces and services that handle JSON data.

Please stay vigilant and keep your software up-to-date to protect against potential exploitation of this vulnerability.

Timeline

Published on: 08/22/2023 19:16:00 UTC
Last modified on: 08/31/2023 04:15:00 UTC