CVE-2022-45493
📋 TL;DR
This is a buffer overflow vulnerability in the json_parse_key function of the sheredom json.h library. It allows attackers to execute arbitrary code and potentially gain escalated privileges on systems using vulnerable versions of this JSON parsing library. Anyone using software that incorporates this library before the fixed commit is affected.
💻 Affected Systems
- sheredom json.h library
- Any software using vulnerable versions of sheredom json.h
📦 What is this software?
Json.h by Json.h Project
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete system compromise, privilege escalation to root/admin, and persistent backdoor installation.
Likely Case
Application crash (denial of service) or limited code execution within the application's context, potentially leading to data theft or further lateral movement.
If Mitigated
Application crash with no code execution if memory protections (ASLR, DEP) are effective, but still causing service disruption.
🎯 Exploit Status
Buffer overflow exploitation requires crafting malicious JSON input, but the vulnerability is in a core parsing function that handles untrusted data.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Commit 0825301a07cbf51653882bf2b153cc81fdadf41 or later
Vendor Advisory: https://github.com/hyrathon/trophies/security/advisories/GHSA-r2mm-2f4c-6243
Restart Required: Yes
Instructions:
1. Update to json.h from commit 0825301a07cbf51653882bf2b153cc81fdadf41 or later. 2. Replace the vulnerable json.h file in your project. 3. Recompile all affected software. 4. Restart services using the patched library.
🔧 Temporary Workarounds
Input Validation
allImplement strict input validation and size limits on JSON data before passing to json_parse_key function
Memory Protection
allEnable ASLR, DEP, and stack canaries if not already enabled to make exploitation more difficult
For Linux: echo 2 > /proc/sys/kernel/randomize_va_space
For Windows: Enable Data Execution Prevention (DEP) in system properties
🧯 If You Can't Patch
- Network segmentation to isolate systems using vulnerable library
- Implement strict input filtering and rate limiting for JSON parsing endpoints
🔍 How to Verify
Check if Vulnerable:
Check if your json.h file contains the vulnerable json_parse_key function without bounds checking on line ~1300Check Version:
git log --oneline json.h | head -5Verify Fix Applied:
Verify json.h includes commit 0825301a07cbf51653882bf2b153cc81fdadf41 or check that json_parse_key has proper bounds checking📡 Detection & Monitoring
Log Indicators:
- Application crashes with segmentation faults
- Unusual memory access patterns in application logs
- Large or malformed JSON input logs
Network Indicators:
- Unusually large JSON payloads to parsing endpoints
- Repeated malformed JSON requests
SIEM Query:
source="application.logs" AND ("segmentation fault" OR "buffer overflow" OR "json_parse")