{"id":"USN-4360-2","summary":"json-c regression","details":"USN-4360-1 fixed a vulnerability in json-c. The security fix introduced\na memory leak in some scenarios. This update reverts the security fix\npending further investigation.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\n It was discovered that json-c incorrectly handled certain JSON files.\n An attacker could possibly use this issue to execute arbitrary code.\n","modified":"2026-04-22T10:05:02.608974Z","published":"2020-05-15T18:42:45Z","references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4360-2"},{"type":"REPORT","url":"https://launchpad.net/bugs/1878723"}],"affected":[{"package":{"name":"json-c","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/json-c@0.11-4ubuntu2.5?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.11-4ubuntu2.5"}]}],"versions":["0.11-4ubuntu2","0.11-4ubuntu2.1","0.11-4ubuntu2.2"],"ecosystem_specific":{"binaries":[{"binary_version":"0.11-4ubuntu2.5","binary_name":"libjson-c2"},{"binary_version":"0.11-4ubuntu2.5","binary_name":"libjson0"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[],"ecosystem":"Ubuntu:16.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4360-2.json"}},{"package":{"name":"json-c","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/json-c@0.12.1-1.3ubuntu0.2?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.12.1-1.3ubuntu0.2"}]}],"versions":["0.12.1-1.2","0.12.1-1.3","0.12.1-1.3ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.12.1-1.3ubuntu0.2","binary_name":"libjson-c3"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[],"ecosystem":"Ubuntu:18.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4360-2.json"}},{"package":{"name":"json-c","ecosystem":"Ubuntu:20.04:LTS","purl":"pkg:deb/ubuntu/json-c@0.13.1+dfsg-7ubuntu0.2?arch=source&distro=focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.13.1+dfsg-7ubuntu0.2"}]}],"versions":["0.13.1+dfsg-4","0.13.1+dfsg-6","0.13.1+dfsg-7","0.13.1+dfsg-7ubuntu0.1"],"ecosystem_specific":{"binaries":[{"binary_version":"0.13.1+dfsg-7ubuntu0.2","binary_name":"libjson-c4"}],"availability":"No subscription required"},"database_specific":{"cves_map":{"cves":[],"ecosystem":"Ubuntu:20.04:LTS"},"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-4360-2.json"}}],"schema_version":"1.7.5"}