Showing 1 - 5 of 5

CVE-2023-33460

Status Candidate

Overview

There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.

Red Hat Security Advisory 2024-2580-03: Posted May 1, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-2580-03 - An update for yajl is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a memory leak vulnerability.; tags | advisory, memory leak; systems | linux, redhat; advisories | CVE-2023-33460; SHA-256 | 3cbbbe94260d433bbf0453d1c08e057a80bd9cda9267f8cb219291893c029e43; Download | Favorite | View

Ubuntu Security Notice USN-6233-2: Posted Dec 15, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6233-2 - USN-6233-1 fixed vulnerabilities in YAJL. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. It was discovered that YAJL was not properly performing bounds checks when decoding a string with escape sequences. If a user or automated system using YAJL were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service .; tags | advisory, denial of service, vulnerability; systems | linux, ubuntu; advisories | CVE-2017-16516, CVE-2022-24795, CVE-2023-33460; SHA-256 | 1a79b120418384147adf55646f48f838ca04a6cd9e3d760d119309f406d0434a; Download | Favorite | View

Red Hat Security Advisory 2023-7057-01: Posted Nov 15, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-7057-01 - An update for yajl is now available for Red Hat Enterprise Linux 8. Issues addressed include a memory leak vulnerability.; tags | advisory, memory leak; systems | linux, redhat; advisories | CVE-2023-33460; SHA-256 | f30c33ac99b2602702e4072df820cdb74c7dbfcf30e2c94bcc918b11713c38b0; Download | Favorite | View

Red Hat Security Advisory 2023-6551-01: Posted Nov 13, 2023; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2023-6551-01 - An update for yajl is now available for Red Hat Enterprise Linux 9. Issues addressed include a memory leak vulnerability.; tags | advisory, memory leak; systems | linux, redhat; advisories | CVE-2023-33460; SHA-256 | 623bd081c791673f21caed8805524f984b8a91c207d92d64625287c7dc3a3c9c; Download | Favorite | View

Ubuntu Security Notice USN-6233-1: Posted Jul 19, 2023; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6233-1 - It was discovered that YAJL was not properly performing bounds checks when decoding a string with escape sequences. If a user or automated system using YAJL were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service. It was discovered that YAJL was not properly handling memory allocation when dealing with large inputs, which could lead to heap memory corruption. If a user or automated system using YAJL were tricked into running a specially crafted large input, an attacker could possibly use this issue to cause a denial of service.; tags | advisory, denial of service; systems | linux, ubuntu; advisories | CVE-2017-16516, CVE-2022-24795, CVE-2023-33460; SHA-256 | dc76af79630bbfeaaf462528d36963309713ef6633d5dd1d737257cd112afad5; Download | Favorite | View

Page 1 of 1 Back 1 Next