The remote host is affected by the vulnerability described in GLSA-202006-13 (json-c: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in json-c. Please review       the CVE identifiers referenced below for details.
  Impact :

    A remote/local attacker could send a specially crafted file possibly       resulting in a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

According to the version of the json-c package installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - json-c through 0.14 has an integer overflow and     out-of-bounds write via a large JSON file, as     demonstrated by printbuf_memappend.(CVE-2020-12762)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the json-c package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :

  - json-c through 0.14 has an integer overflow and     out-of-bounds write via a large JSON file, as     demonstrated by printbuf_memappend.(CVE-2020-12762)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of json-c installed on the remote host is prior to 0.11-4. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2020-1442 advisory.

    json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated     by printbuf_memappend. (CVE-2020-12762)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Tobias Stoeckmann found an integer overflow issue in JSON-C, a C library to manipulate JSON objects, when reading maliciously crafted large files. The issue could be exploited to cause denial of service or possibly execute arbitrary code.

For Debian 9 stretch, this problem has been fixed in version 0.12.1-1.1+deb9u1.

We recommend that you upgrade your json-c packages.

For the detailed security status of json-c please refer to its security tracker page at:
https://security-tracker.debian.org/tracker/json-c

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the json-c package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :

  - A flaw was found in json-c. In printbuf_memappend,     certain crafted values can overflow the memory allowing     an attacker to write past the memory boundary. The     highest threat from this vulnerability is to data     confidentiality and integrity as well as system     availability.(CVE-2020-12762)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

According to the version of the json-c package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :

  - json-c through 0.14 has an integer overflow and     out-of-bounds write via a large JSON file, as     demonstrated by printbuf_memappend.(CVE-2020-12762)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The version of IBM MQ Server running on the remote host is affected by a remote arbitrary code execution vulnerability.
IBM MQ 9.1 LTS, 9.2 LTS, and 9.2 CD could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow and out-of-bounds write in json-c via a large JSON file. An attacker could exploit this vulnerability to execute arbitrary code on the system.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated     by printbuf_memappend. (CVE-2020-12762)

Note that Nessus relies on the presence of the package as reported by the vendor.

json-c through 0.14 has an integer overflow and out-of-bounds write via a large JSON file, as demonstrated by printbuf_memappend.

This plugin only works with Tenable.ot.
Please visit https://www.tenable.com/products/tenable-ot for more information.

ID	Name	Product	Family	Published	Updated	Severity
137450	GLSA-202006-13 : json-c: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	6/17/2020	3/7/2024	high
137522	EulerOS 2.0 SP2 : json-c (EulerOS-SA-2020-1680)	Nessus	Huawei Local Security Checks	6/17/2020	3/6/2024	high
137812	EulerOS Virtualization for ARM 64 3.0.6.0 : json-c (EulerOS-SA-2020-1705)	Nessus	Huawei Local Security Checks	6/25/2020	3/5/2024	high
138044	Amazon Linux 2 : json-c (ALAS-2020-1442)	Nessus	Amazon Linux Local Security Checks	7/2/2020	12/11/2024	high
139209	Debian DLA-2301-1 : json-c security update	Nessus	Debian Local Security Checks	7/31/2020	2/27/2024	high
140355	EulerOS Virtualization for ARM 64 3.0.2.0 : json-c (EulerOS-SA-2020-1985)	Nessus	Huawei Local Security Checks	9/8/2020	2/21/2024	high
141647	EulerOS Virtualization 3.0.2.2 : json-c (EulerOS-SA-2020-2189)	Nessus	Huawei Local Security Checks	10/21/2020	2/14/2024	high
149782	IBM MQ 9.1 LTS / 9.2 < 9.2.0.1 LTS / 9.2 < 9.2.1 CD RCE (6382922)	Nessus	Misc.	5/19/2021	12/29/2023	high
223335	Linux Distros Unpatched Vulnerability : CVE-2020-12762	Nessus	Misc.	3/4/2025	9/10/2025	high
503850	Siemens SIMATIC Devices Integer Overflow or Wraparound (CVE-2020-12762)	Tenable OT Security	Tenable.ot	10/29/2025	10/29/2025	high

Detections

Analytics

Plugins Search

high

high

high

high

high

high

high

high

high

high