mirror of
https://git.yoctoproject.org/poky
synced 2026-02-13 12:13:02 +01:00
d01be5cf84
This is a read past end of buffer issue in the json_parse test app, which can happened with malformed json data. It's not an issue with the library itself. For what ever reason this CVE has a base score of 9.8. Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-32292 Upstream issue: https://github.com/json-c/json-c/issues/654 The CVE is fixed with version 0.16 (which is already in all active branches of poky). (From OE-Core rev: a7b93651028b55d71b8db53ea831eee7fd539f33) Signed-off-by: Adrian Freihofer <adrian.freihofer@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>