Launchpad.net

CVE 2010-1666

Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function.

Related bugs and status

CVE-2010-1666 (Candidate) is related to these bugs:

Bug #585274: Buffer overrun in encode_string

		In	Importance	Status
585274	Buffer overrun in encode_string	python-cjson (Ubuntu)	Undecided	Fix Released
585274	Buffer overrun in encode_string	python-cjson (Ubuntu Hardy)	Undecided	Fix Released
585274	Buffer overrun in encode_string	python-cjson (Ubuntu Jaunty)	Undecided	Fix Released
585274	Buffer overrun in encode_string	python-cjson (Ubuntu Maverick)	Undecided	Fix Released
585274	Buffer overrun in encode_string	python-cjson (Ubuntu Lucid)	Undecided	Fix Released
585274	Buffer overrun in encode_string	python-cjson (Ubuntu Karmic)	Undecided	Fix Released

Bug #603868: Please sync python-cjson 1.0.5-3 (universe) from Debian unstable (main).

Summary				In	Importance	Status
	603868	Please sync python-cjson 1.0.5-3 (universe) from Debian unstable (main).		python-cjson (Ubuntu)	Wishlist	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: https://bugs.launchpad...
SECUNIA: 40335
DEBIAN: DSA-2068
SECUNIA: 40500
VUPEN: ADV-2010-1774