CVE-2020-12762 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.8 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 51%

Affected Products (NVD)

Vendor	Product	Version
json-c	json-c	𝑥 < 0.15-20200726
debian	debian_linux	8.0
debian	debian_linux	9.0
debian	debian_linux	10.0
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	18.04
canonical	ubuntu_linux	19.10
canonical	ubuntu_linux	20.04
siemens	sinec_ins	-
siemens	sinec_ins	1.0
siemens	sinec_ins	1.0:sp1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

json-c

bookworm	0.16-2 fixed
bullseye	0.15-2+deb11u1 no-dsa
bullseye (security)	0.15-2+deb11u1 fixed
sid	0.18+ds-1 fixed
trixie	0.18+ds-1 fixed

libfastjson

bookworm	1.2304.0-1 fixed
bullseye	no-dsa
sid	1.2304.0-2 fixed
trixie	1.2304.0-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

json-c

bionic	Fixed 0.12.1-1.3ubuntu0.3 released
eoan	Fixed 0.13.1+dfsg-4ubuntu0.3 released
focal	Fixed 0.13.1+dfsg-7ubuntu0.3 released
trusty	Fixed 0.11-3ubuntu1.2+esm3 released
xenial	Fixed 0.11-4ubuntu2.6 released

openSUSE / SLES Releases

openSUSE Product

Release

libfastjson-devel

suse enterprise desktop 15 SP4	0.99.9-150400.3.3.1 fixed
suse enterprise desktop 15 SP5	0.99.9-150400.3.3.1 fixed
suse enterprise desktop 15 SP6	0.99.9-150400.3.3.1 fixed
suse enterprise desktop 15 SP7	0.99.9-150400.3.3.1 fixed
suse enterprise sap 15 SP4	0.99.9-150400.3.3.1 fixed
suse enterprise sap 15 SP5	0.99.9-150400.3.3.1 fixed
suse enterprise sap 15 SP6	0.99.9-150400.3.3.1 fixed
suse enterprise sap 15 SP7	0.99.9-150400.3.3.1 fixed
suse enterprise server 15 SP2	0.99.8-150000.3.3.1 fixed
suse enterprise server 15 SP3	0.99.8-150000.3.3.1 fixed
suse enterprise server 15 SP4	0.99.9-150400.3.3.1 fixed
suse enterprise server 15 SP5	0.99.9-150400.3.3.1 fixed
suse enterprise server 15 SP6	0.99.9-150400.3.3.1 fixed
suse enterprise server 15 SP7	0.99.9-150400.3.3.1 fixed

libfastjson4

suse enterprise desktop 15 SP4	0.99.9-150400.3.3.1 fixed
suse enterprise desktop 15 SP5	0.99.9-150400.3.3.1 fixed
suse enterprise desktop 15 SP6	0.99.9-150400.3.3.1 fixed
suse enterprise desktop 15 SP7	0.99.9-150400.3.3.1 fixed
suse enterprise sap 12 SP5	0.99.8-3.6.1 fixed
suse enterprise sap 15 SP4	0.99.9-150400.3.3.1 fixed
suse enterprise sap 15 SP5	0.99.9-150400.3.3.1 fixed
suse enterprise sap 15 SP6	0.99.9-150400.3.3.1 fixed
suse enterprise sap 15 SP7	0.99.9-150400.3.3.1 fixed
suse enterprise server 12 SP3	0.99.8-3.6.1 fixed
suse enterprise server 12 SP5	0.99.8-3.6.1 fixed
suse enterprise server 15 SP2	0.99.8-150000.3.3.1 fixed
suse enterprise server 15 SP3	0.99.8-150000.3.3.1 fixed
suse enterprise server 15 SP4	0.99.9-150400.3.3.1 fixed
suse enterprise server 15 SP5	0.99.9-150400.3.3.1 fixed
suse enterprise server 15 SP6	0.99.9-150400.3.3.1 fixed
suse enterprise server 15 SP7	0.99.9-150400.3.3.1 fixed

libjson-c-devel

suse enterprise desktop 15 SP3	0.13-3.3.1 fixed
suse enterprise desktop 15 SP4	0.13-3.3.1 fixed
suse enterprise desktop 15 SP5	0.13-3.3.1 fixed
suse enterprise desktop 15 SP6	0.16-150600.1.4 fixed
suse enterprise desktop 15 SP7	0.16-150600.1.4 fixed
suse enterprise sap 12 SP5	0.12.1-4.3.1 fixed
suse enterprise sap 15	0.13-3.3.1 fixed
suse enterprise sap 15 SP1	0.13-3.3.1 fixed
suse enterprise sap 15 SP3	0.13-3.3.1 fixed
suse enterprise sap 15 SP4	0.13-3.3.1 fixed
suse enterprise sap 15 SP5	0.13-3.3.1 fixed
suse enterprise sap 15 SP6	0.16-150600.1.4 fixed
suse enterprise sap 15 SP7	0.16-150600.1.4 fixed
suse enterprise server 12 SP2	0.12.1-4.3.1 fixed
suse enterprise server 12 SP3	0.12.1-4.3.1 fixed
suse enterprise server 12 SP4	0.12.1-4.3.1 fixed
suse enterprise server 12 SP5	0.12.1-4.3.1 fixed
suse enterprise server 15	0.13-3.3.1 fixed
suse enterprise server 15 SP1	0.13-3.3.1 fixed
suse enterprise server 15 SP2	0.13-3.3.1 fixed
suse enterprise server 15 SP3	0.13-3.3.1 fixed
suse enterprise server 15 SP4	0.13-3.3.1 fixed
suse enterprise server 15 SP5	0.13-3.3.1 fixed
suse enterprise server 15 SP6	0.16-150600.1.4 fixed
suse enterprise server 15 SP7	0.16-150600.1.4 fixed

libjson-c2

suse enterprise sap 12 SP5	0.12.1-4.3.1 fixed
suse enterprise server 12 SP2	0.12.1-4.3.1 fixed
suse enterprise server 12 SP3	0.12.1-4.3.1 fixed
suse enterprise server 12 SP4	0.12.1-4.3.1 fixed
suse enterprise server 12 SP5	0.12.1-4.3.1 fixed

libjson-c2-32bit

suse enterprise sap 12 SP5	0.12.1-4.3.1 fixed
suse enterprise server 12 SP2	0.12.1-4.3.1 fixed
suse enterprise server 12 SP3	0.12.1-4.3.1 fixed
suse enterprise server 12 SP4	0.12.1-4.3.1 fixed
suse enterprise server 12 SP5	0.12.1-4.3.1 fixed

libjson-c3

suse enterprise desktop 15 SP3	0.13-3.3.1 fixed
suse enterprise desktop 15 SP4	0.13-3.3.1 fixed
suse enterprise desktop 15 SP5	0.13-3.3.1 fixed
suse enterprise desktop 15 SP6	0.13-3.3.1 fixed
suse enterprise desktop 15 SP7	0.13-3.3.1 fixed
suse enterprise sap 15	0.13-3.3.1 fixed
suse enterprise sap 15 SP1	0.13-3.3.1 fixed
suse enterprise sap 15 SP3	0.13-3.3.1 fixed
suse enterprise sap 15 SP4	0.13-3.3.1 fixed
suse enterprise sap 15 SP5	0.13-3.3.1 fixed
suse enterprise sap 15 SP6	0.13-3.3.1 fixed
suse enterprise sap 15 SP7	0.13-3.3.1 fixed
suse enterprise server 15	0.13-3.3.1 fixed
suse enterprise server 15 SP1	0.13-3.3.1 fixed
suse enterprise server 15 SP2	0.13-3.3.1 fixed
suse enterprise server 15 SP3	0.13-3.3.1 fixed
suse enterprise server 15 SP4	0.13-3.3.1 fixed
suse enterprise server 15 SP5	0.13-3.3.1 fixed
suse enterprise server 15 SP6	0.13-3.3.1 fixed
suse enterprise server 15 SP7	0.13-3.3.1 fixed

libjson-c3-32bit

suse enterprise desktop 15 SP3	0.13-3.3.1 fixed
suse enterprise desktop 15 SP4	0.13-3.3.1 fixed
suse enterprise desktop 15 SP5	0.13-3.3.1 fixed
suse enterprise sap 15	0.13-3.3.1 fixed
suse enterprise sap 15 SP1	0.13-3.3.1 fixed
suse enterprise sap 15 SP3	0.13-3.3.1 fixed
suse enterprise sap 15 SP4	0.13-3.3.1 fixed
suse enterprise sap 15 SP5	0.13-3.3.1 fixed
suse enterprise server 15	0.13-3.3.1 fixed
suse enterprise server 15 SP1	0.13-3.3.1 fixed
suse enterprise server 15 SP2	0.13-3.3.1 fixed
suse enterprise server 15 SP3	0.13-3.3.1 fixed
suse enterprise server 15 SP4	0.13-3.3.1 fixed
suse enterprise server 15 SP5	0.13-3.3.1 fixed

libjson-c5

suse enterprise desktop 15 SP6	0.16-150600.1.4 fixed
suse enterprise desktop 15 SP7	0.16-150600.1.4 fixed
suse enterprise sap 15 SP6	0.16-150600.1.4 fixed
suse enterprise sap 15 SP7	0.16-150600.1.4 fixed
suse enterprise server 15 SP6	0.16-150600.1.4 fixed
suse enterprise server 15 SP7	0.16-150600.1.4 fixed

libjson-c5-32bit

suse enterprise desktop 15 SP6	0.16-150600.1.4 fixed
suse enterprise desktop 15 SP7	0.16-150600.1.4 fixed
suse enterprise sap 15 SP6	0.16-150600.1.4 fixed
suse enterprise sap 15 SP7	0.16-150600.1.4 fixed
suse enterprise server 15 SP6	0.16-150600.1.4 fixed
suse enterprise server 15 SP7	0.16-150600.1.4 fixed

Red Hat Enterprise Linux Releases

Red Hat Product

Release

json-c

RHEL 8

0:0.13.1-2.el8

fixed

json-c-devel

RHEL 8

0:0.13.1-2.el8

fixed

json-c-doc

RHEL 8

0:0.13.1-2.el8

fixed

libfastjson

RHEL 9

0:0.99.9-5.el9

fixed

libfastjson-devel

RHEL 9

0:0.99.9-5.el9

fixed

Known Exploits!

Common Weakness Enumeration

References

https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf

https://github.com/json-c/json-c/pull/592

https://github.com/rsyslog/libfastjson/issues/161

https://lists.debian.org/debian-lts-announce/2020/05/msg00032.html

https://lists.debian.org/debian-lts-announce/2020/05/msg00034.html

https://lists.debian.org/debian-lts-announce/2020/07/msg00031.html

https://lists.debian.org/debian-lts-announce/2023/06/msg00023.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBR36IXYBHITAZFB5PFBJTED22WO5ONB/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CQQRRGBQCAWNCCJ2HN3W5SSCZ4QGMXQI/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W226TSCJBEOXDUFVKNWNH7ETG7AR6MCS/

https://security.gentoo.org/glsa/202006-13

https://security.netapp.com/advisory/ntap-20210521-0001/

https://usn.ubuntu.com/4360-1/

https://usn.ubuntu.com/4360-4/

https://www.debian.org/security/2020/dsa-4741

https://cert-portal.siemens.com/productcert/pdf/ssa-637483.pdf

https://github.com/json-c/json-c/pull/592

https://github.com/rsyslog/libfastjson/issues/161

https://lists.debian.org/debian-lts-announce/2020/05/msg00032.html

https://lists.debian.org/debian-lts-announce/2020/05/msg00034.html

https://lists.debian.org/debian-lts-announce/2020/07/msg00031.html

https://lists.debian.org/debian-lts-announce/2023/06/msg00023.html

https://lists.debian.org/debian-lts-announce/2025/07/msg00021.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CBR36IXYBHITAZFB5PFBJTED22WO5ONB/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CQQRRGBQCAWNCCJ2HN3W5SSCZ4QGMXQI/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W226TSCJBEOXDUFVKNWNH7ETG7AR6MCS/

https://security.gentoo.org/glsa/202006-13

https://security.netapp.com/advisory/ntap-20210521-0001/

https://usn.ubuntu.com/4360-1/

https://usn.ubuntu.com/4360-4/

https://www.debian.org/security/2020/dsa-4741