Skip to main content
Version: latest

CVE-2020-36325

CVE Details

Visit the official vulnerability details page for CVE-2020-36325 to learn more.

Initial Publication

10/25/2024

Last Update

12/16/2024

Third Party Dependency

libjansson4

NIST CVE Summary

An issue was discovered in Jansson through 2.13.1. Due to a parsing error in json_loads, there's an out-of-bounds read-access bug. NOTE: the vendor reports that this only occurs when a programmer fails to follow the API specification

CVE Severity

7.5

Our Official Summary

According to many vendors, this vulnerability was incorrectly assigned for this issue, which was a problem in the fuzzer code and not in the jansson library itself. This vulnerability is reported on older versions of some of the older kubernetes components.

Since this can only be exploited by code running on these container, risk for our products is very low. We will wait for upstream fixes to come in and upgrade to them.

Status

Ongoing

Affected Products & Versions

VersionPalette EnterprisePalette Enterprise AirgapVerteXVerteX Airgap
4.5.15⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.11⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.10⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.8⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.5⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.5.4⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted
4.4.20⚠️ Impacted⚠️ Impacted⚠️ Impacted⚠️ Impacted

Revision History

DateRevision
12/16/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11, 4.5.15
11/21/2024Official summary revised: According to many vendors, this vulnerability was incorrectly assigned for this issue, which was a problem in the fuzzer code and not in the jansson library itself. This vulnerability is reported on older versions of some of the older kubernetes components. Since this can only be exploited by code running on these container, risk for our products is very low. We will wait for upstream fixes to come in and upgrade to them.
11/15/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10, 4.5.11
11/15/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8, 4.4.20 to 4.5.4, 4.5.5, 4.5.8, 4.4.20, 4.5.10
11/13/2024Impacted versions changed from 4.5.4, 4.5.5, 4.5.8 to 4.5.4, 4.5.5, 4.5.8, 4.4.20
11/10/2024Impacted versions changed from 4.5.4, 4.5.5 to 4.5.4, 4.5.5, 4.5.8
10/27/2024Impacted versions changed from 4.5.4 to 4.5.4, 4.5.5