SimpleJSON read out of bounds - information leak

[dzonerzy]

While i was testing SimpleJSON security i found a crash during string parsing inside parse_string function , below a screenshot.

This seems to be an information leak bug since the parser will try to parse a string until it found a matching " character in order to close the string inside the object, so providing something similar will result in a read out of bounds!

Step to reproduce:

Let me know if you need more information!

Regards,
Daniele Linguaglossa

[nbsdx]

Ohhhh cool :D I saw you had a JSON fuzzer on your github; is that how you found this?

Thanks for the heads up, I'll look into this, but I'm not sure how long it'll be. I'm in the middle of changing jobs and moving so I'm kinda swamped.

[nbsdx]

Yeah, taking a quick look at this, I'm going to probably need to rewrite the parser :/

[dzonerzy]

@nbsdx sure i found it using PyJFuzz :) so feel free to use it as a test suite during your development!