CVE-2021-32292 – This is a stack buffer overflow vulnerability i... (How to Fix)

Q: What is the severity of CVE-2021-32292?

CVE-2021-32292 has a CVSS score of 9.8 (CRITICAL). This is a stack buffer overflow vulnerability in json-c's auxiliary sample program json_parse. It allows attackers to execute arbitrary code or cause denial of service by providing malicious JSON input. Affects systems using json-c library versions from 20200420 through 0.15-20200726.

📋 TL;DR

This is a stack buffer overflow vulnerability in json-c's auxiliary sample program json_parse. It allows attackers to execute arbitrary code or cause denial of service by providing malicious JSON input. Affects systems using json-c library versions from 20200420 through 0.15-20200726.

💻 Affected Systems

Products:

json-c library

Versions: 20200420 through 0.15-20200726 (post 0.14 unreleased code)

Operating Systems: Linux, Unix-like systems

Default Config Vulnerable: ✅ No

Notes: Only affects the auxiliary sample program json_parse, not the main json-c library functions. Many distributions may not include this sample program by default.

📦 What is this software?

Active Iq Unified Manager by Netapp

View all CVEs affecting Active Iq Unified Manager →

Json C by Json C

View all CVEs affecting Json C →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Denial of service through application crashes, potentially leading to service disruption.

🟢

If Mitigated

Limited impact if proper memory protections (ASLR, stack canaries) are enabled and the sample program isn't exposed.

🌐 Internet-Facing: MEDIUM - Risk depends on whether the vulnerable json_parse sample program is exposed to untrusted input.

🏢 Internal Only: LOW - The vulnerability is in a sample program, not the main library, reducing internal exposure.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires feeding malicious JSON to the json_parse sample program. The vulnerability is well-documented in public issue trackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in json-c 0.16 and later

Vendor Advisory: https://github.com/json-c/json-c/issues/654

Restart Required: Yes

Instructions:

1. Update json-c to version 0.16 or later. 2. For Debian/Ubuntu: apt update && apt upgrade libjson-c. 3. For RHEL/CentOS: yum update json-c. 4. Restart affected services using json-c.

🔧 Temporary Workarounds

Remove json_parse sample program

linux

Remove or disable the vulnerable json_parse sample program if not needed

rm /usr/bin/json_parse
find / -name 'json_parse' -type f -delete

Restrict program execution

linux

Use SELinux/AppArmor to restrict execution of json_parse program

chmod 000 /usr/bin/json_parse
setenforce 1

🧯 If You Can't Patch

Remove or disable the json_parse sample program from production systems
Implement strict input validation and sanitization for any JSON parsing operations

🔍 How to Verify

Check if Vulnerable:

Check if json_parse program exists and json-c version: find / -name 'json_parse' 2>/dev/null && json-c-config --version

Check Version:

json-c-config --version || dpkg -l | grep json-c || rpm -qa | grep json-c

Verify Fix Applied:

Verify json-c version is 0.16+ and json_parse program is removed: json-c-config --version | grep -E '0\.1[6-9]|0\.[2-9]'

📡 Detection & Monitoring

Log Indicators:

Segmentation fault or stack overflow errors in application logs
Unexpected termination of json_parse process

Network Indicators:

Unusual JSON payloads sent to services using json-c
Exploit attempts targeting json_parse

SIEM Query:

process_name:json_parse AND (event_type:crash OR exit_code:139)

📊 Metadata

CVE ID: CVE-2021-32292

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: August 22, 2023

Last Updated: June 25, 2025

🔗 References

https://github.com/json-c/json-c/issues/654 Exploit,Issue Tracking
https://security.netapp.com/advisory/ntap-20230929-0010/ Third Party Advisory
https://www.debian.org/security/2023/dsa-5486 Third Party Advisory
https://github.com/json-c/json-c/issues/654 Exploit,Issue Tracking
https://security.netapp.com/advisory/ntap-20230929-0010/ Third Party Advisory
https://www.debian.org/security/2023/dsa-5486 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-32292, you might also want to check these: