CVE-2013-6370 in json-cinfo

Summary

by MITRE

Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

Analysis

by VulDB Data Team • 05/11/2026

The vulnerability identified as CVE-2013-6370 represents a critical buffer overflow condition within the json-c library's printbuf application programming interfaces. This flaw exists in versions prior to 0.12 of the json-c library, which is widely used for JSON parsing and generation in numerous software applications across different platforms. The buffer overflow occurs specifically within the printbuf APIs, which are responsible for managing dynamic string buffers during JSON serialization processes. These APIs handle the conversion of JSON data structures into formatted string representations that are essential for data transmission and storage operations.

The technical nature of this vulnerability stems from insufficient bounds checking within the printbuf implementation, allowing maliciously crafted JSON input to trigger memory corruption conditions. When applications utilizing json-c process malformed JSON data through the affected printbuf functions, the library fails to properly validate buffer boundaries during string expansion operations. This condition creates opportunities for attackers to manipulate memory layout through carefully constructed input sequences that exceed allocated buffer limits. The vulnerability manifests as a classic stack-based or heap-based buffer overflow depending on the specific implementation details and input characteristics, potentially leading to arbitrary code execution or system instability.

The operational impact of CVE-2013-6370 extends beyond simple denial of service scenarios, as it can be exploited to compromise the integrity and availability of systems relying on json-c for JSON processing. Applications that parse JSON data from untrusted sources, including web services, mobile applications, and network protocols, become vulnerable to remote exploitation. Attackers can leverage this vulnerability to cause application crashes, system hangs, or potentially execute malicious code with the privileges of the affected process. The vulnerability is particularly concerning in server environments where JSON processing is common, as it can be triggered through various attack vectors including HTTP requests, API calls, or file processing operations. This makes it a significant concern for organizations implementing JSON-based communication protocols and services.

Mitigation strategies for this vulnerability primarily focus on immediate remediation through library version updates to json-c 0.12 or later, which contain fixed implementations of the printbuf APIs. System administrators should conduct comprehensive vulnerability assessments to identify all applications utilizing the vulnerable json-c library and prioritize patching efforts accordingly. Additional defensive measures include implementing input validation controls, deploying network segmentation to limit exposure, and configuring intrusion detection systems to monitor for exploitation attempts. Organizations should also consider implementing runtime protections such as stack canaries, address space layout randomization, and heap metadata protection to reduce the effectiveness of potential exploitation attempts. The vulnerability aligns with CWE-121, which describes stack-based buffer overflow conditions, and represents a typical example of how library-level vulnerabilities can propagate across multiple applications and systems within an organization's infrastructure.

Reservation

11/04/2013

Disclosure

04/22/2014

Moderation

accepted

Entry

VDB-69421

CPE

ready

EPSS

0.04511

KEV

no

Activities

very low

Sources

Do you want to use VulDB in your project?

Use the official API to access entries easily!