This repository has been archived by the owner on Feb 9, 2021. It is now read-only.
SimpleJSON read out of bounds - information leak #8
Comments
|
Ohhhh cool :D I saw you had a JSON fuzzer on your github; is that how you found this? Thanks for the heads up, I'll look into this, but I'm not sure how long it'll be. I'm in the middle of changing jobs and moving so I'm kinda swamped. |
|
Yeah, taking a quick look at this, I'm going to probably need to rewrite the parser :/ |
|
@nbsdx sure i found it using PyJFuzz :) so feel free to use it as a test suite during your development! |
sjgardiner
added a commit
to MARLEY-MC/marley
that referenced
this issue
Aug 23, 2017
… end of a file without finding a closing double quote. This is similar to the leak in SimpleJSON issue #8 (nbsdx/SimpleJSON#8)
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
While i was testing SimpleJSON security i found a crash during string parsing inside parse_string function , below a screenshot.
This seems to be an information leak bug since the parser will try to parse a string until it found a matching " character in order to close the string inside the object, so providing something similar will result in a read out of bounds!
Step to reproduce:
Let me know if you need more information!
Regards,
Daniele Linguaglossa
The text was updated successfully, but these errors were encountered: