infinite loop in Delete #188

wangcong15 · 2020-03-09T10:40:07Z

Hi. A call to function Delete may cause infinite loop. I wish you could take a look.
https://play.golang.org/p/kzKY-Z9ty_j

package main

import (
	"fmt"
	"github.com/buger/jsonparser"
)

func main() {
	data1 := []byte("^_ï¿½^C^A^@[")
	data2 := ""
	
	// sink: this function leads to an inifinite loop
	jsonparser.Delete(data1, data2)
	
	// code go hanged. So the last line won't be printed
	fmt.Println("Things go right!")
}

The text was updated successfully, but these errors were encountered:

carnil · 2020-03-20T21:37:45Z

This issue appears to have been assigned CVE-2020-10675.

**Description**: This pr fix issue #188. If `findKeyStart` meets a `[` or `{`, it should not add i with `blockEnd`’s return value directly because it may return -1 if it did not find the close symbol

KingB504 · 2021-09-14T06:24:10Z

Gf

KingB504 · 2021-09-14T06:24:28Z

This is grrsy

The github.com/buger/jsonparser has this vulnerability. "vulns": [ { "id": "GO-2021-0089", "package": { "name": "github.com/buger/jsonparser", "ecosystem": "Go" }, "details": "Parsing malformed JSON which contain opening brackets, but not closing brackes,\nleads to an infinite loop. If operating on untrusted user input this can be\nused as a denial of service vector.\n", "affects": { "ranges": [ { "type": "SEMVER", "fixed": "0.0.0-20200321185410-91ac96899e49" } ] }, "aliases": [ "CVE-2020-10675" ], "modified": "2021-04-14T12:00:00Z", "published": "2021-04-14T12:00:00Z", "ecosystem_specific": { "symbols": [ "findKeyStart" ] }, "database_specific": { "source": "https://storage.googleapis.com/go-vulndb/github.com/buger/jsonparser.json", "url": "https://go.googlesource.com/vulndb/+/refs/heads/master/reports/GO-2021-0089.yaml" }, "references": [ { "type": "FIX", "url": "buger/jsonparser#192" }, { "type": "FIX", "url": "buger/jsonparser@91ac968" }, { "type": "WEB", "url": "buger/jsonparser#188" } ], "affected": [ { "package": { "name": "github.com/buger/jsonparser", "ecosystem": "Go" }, "ranges": [ { "type": "SEMVER", "events": [ { "introduced": "0" }, { "fixed": "0.0.0-20200321185410-91ac96899e49" } ] } ], "ecosystem_specific": { "symbols": [ "findKeyStart" ] }, "database_specific": { "source": "https://storage.googleapis.com/go-vulndb/github.com/buger/jsonparser.json", "url": "https://go.googlesource.com/vulndb/+/refs/heads/master/reports/GO-2021-0089.yaml" } } ] }, { "id": "GO-2021-0057", "package": { "name": "github.com/buger/jsonparser", "ecosystem": "Go" }, "details": "Due to improper bounds checking, maliciously crafted JSON objects\ncan cause an out-of-bounds panic. If parsing user input, this may\nbe used as a denial of service vector.\n", "affects": { "ranges": [ { "type": "SEMVER", "fixed": "1.1.1" } ] }, "aliases": [ "CVE-2020-35381" ], "modified": "2021-04-14T12:00:00Z", "published": "2021-04-14T12:00:00Z", "ecosystem_specific": { "symbols": [ "searchKeys" ] }, "database_specific": { "source": "https://storage.googleapis.com/go-vulndb/github.com/buger/jsonparser.json", "url": "https://go.googlesource.com/vulndb/+/refs/heads/master/reports/GO-2021-0057.yaml" }, "references": [ { "type": "FIX", "url": "buger/jsonparser#221" }, { "type": "FIX", "url": "buger/jsonparser@df3ea76" }, { "type": "WEB", "url": "buger/jsonparser#219" } ], "affected": [ { "package": { "name": "github.com/buger/jsonparser", "ecosystem": "Go" }, "ranges": [ { "type": "SEMVER", "events": [ { "introduced": "0" }, { "fixed": "1.1.1" } ] } ], "ecosystem_specific": { "symbols": [ "searchKeys" ] }, "database_specific": { "url": "https://go.googlesource.com/vulndb/+/refs/heads/master/reports/GO-2021-0057.yaml", "source": "https://storage.googleapis.com/go-vulndb/github.com/buger/jsonparser.json" } } ] } ] }

zengjinzheng pushed a commit to zengjinzheng/jsonparser that referenced this issue Mar 16, 2020

Fix issue buger#188

e28101a

zengjinzheng pushed a commit to zengjinzheng/jsonparser that referenced this issue Mar 16, 2020

Fix issue buger#188

d698b4c

zengjinzheng pushed a commit to zengjinzheng/jsonparser that referenced this issue Mar 17, 2020

Fix issue buger#188

9584947

zengjinzheng pushed a commit to zengjinzheng/jsonparser that referenced this issue Mar 17, 2020

Fix issue buger#188

1dc7c82

AllenX2018 mentioned this issue Mar 19, 2020

fix issue 188 #192

Merged

buger pushed a commit that referenced this issue Mar 21, 2020

fix issue 188 (#192)

91ac968

**Description**: This pr fix issue #188. If `findKeyStart` meets a `[` or `{`, it should not add i with `blockEnd`’s return value directly because it may return -1 if it did not find the close symbol

wangcong15 closed this as completed Mar 30, 2020

vindhyahegde31 mentioned this issue Oct 27, 2022

[FP]: False Positive for cross-platform-appiancorp-json-parser-java.jar jeremylong/DependencyCheck#4993

Closed

buger mentioned this issue Jan 25, 2023

Security - CVE-2020-10675 #258

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

infinite loop in Delete #188

infinite loop in Delete #188

wangcong15 commented Mar 9, 2020

carnil commented Mar 20, 2020

KingB504 commented Sep 14, 2021

KingB504 commented Sep 14, 2021

infinite loop in Delete #188

infinite loop in Delete #188

Comments

wangcong15 commented Mar 9, 2020

carnil commented Mar 20, 2020

KingB504 commented Sep 14, 2021

KingB504 commented Sep 14, 2021