CVE-2020-29203

Vulnerability

The struct2json library prior to the 2020-11-18 commit contains a buffer overflow vulnerability in the S2J_STRUCT_GET_string_ELEMENT macro. This macro uses strcpy to copy a JSON string value into a struct member array, without checking the length of the source string against the destination buffer size [1]. When the JSON string exceeds the allocated array size, a buffer overflow occurs.

Exploitation

An attacker can exploit this vulnerability by supplying a JSON object with a string value longer than the corresponding struct array field. The overflow is triggered during deserialization when s2j_struct_get_basic_element is called for string elements [1]. No authentication or special privileges are required; the attack can be performed remotely if the application processes untrusted JSON input.

Impact

Successful exploitation results in memory corruption, potentially leading to a denial of service (crash) or arbitrary code execution. The severity depends on the memory layout and the struct's location [1].

Mitigation

The vulnerability is fixed by replacing strcpy with strncpy to limit the copy length to the destination buffer size [1]. Users should update to the patched version (after 2020-11-18) or apply the provided fix to the S2J_STRUCT_GET_string_ELEMENT macro. No workaround is available other than avoiding untrusted JSON input.