CVE-2013-6401 in Jansson
Summary
by MITRE
Jansson, possibly 2.4 and earlier, does not restrict the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted JSON document.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 05/08/2026
The vulnerability identified as CVE-2013-6401 affects the Jansson JSON library version 2.4 and earlier, representing a critical security flaw that enables attackers to exploit hash collision vulnerabilities within the library's implementation. This issue stems from the library's insufficient handling of hash table operations, specifically in how it manages hash values during JSON document parsing and processing. The vulnerability falls under the category of denial of service attacks, where malicious actors can craft specific JSON documents designed to trigger predictable hash collisions, leading to excessive CPU consumption and system resource exhaustion.
The technical flaw in Jansson operates at the core hash table implementation level where the library uses a simple hash function that does not adequately randomize or distribute hash values across the hash table buckets. When attackers submit carefully constructed JSON documents containing specific data patterns, they can force multiple hash values to map to the same bucket, creating a collision chain that significantly degrades performance. This vulnerability is particularly dangerous because it can be exploited with relatively simple JSON payloads that trigger the hash collision behavior without requiring special privileges or complex attack vectors. The impact manifests as exponential increases in processing time as the hash table degrades from O(1) average case to O(n) worst-case performance, where n represents the number of elements in the collision chain.
From an operational perspective, this vulnerability presents significant risks to systems that process untrusted JSON data, particularly web applications, API endpoints, and services that accept JSON input from external sources. Attackers can leverage this weakness to perform resource exhaustion attacks that consume excessive CPU cycles, potentially leading to system instability, service disruption, or complete denial of service for legitimate users. The context-dependent nature of the attack means that the vulnerability can be triggered by any application using the affected Jansson library when processing malicious JSON input, making it particularly dangerous in environments where JSON parsing is common. This vulnerability directly relates to CWE-327, which addresses weak cryptographic hash functions, and aligns with ATT&CK technique T1499.004 for resource exhaustion attacks, specifically targeting availability through CPU consumption.
Mitigation strategies for CVE-2013-6401 primarily involve upgrading to Jansson version 2.5 or later, where the library implements improved hash table collision handling and better hash function distribution. Organizations should also implement input validation and sanitization measures to detect and reject suspicious JSON patterns before they reach the parsing layer. Additionally, rate limiting and resource monitoring should be implemented to detect unusual CPU consumption patterns that might indicate exploitation attempts. The fix addresses the root cause by introducing more robust hash functions and collision resolution mechanisms that prevent predictable hash collisions, thereby maintaining the expected performance characteristics of the JSON parsing operations. System administrators should also consider implementing network-level controls and application firewalls that can detect and block known malicious JSON patterns associated with this vulnerability, ensuring comprehensive protection against both current and potential future exploitation attempts.