Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-33460HistoryJun 06, 2023 - 12:15 p.m.
CVE-2023-33460
2023-06-0612:15:09
Debian Security Bug Tracker
security-tracker.debian.org
9
yajl
memory leak
server crash
yajl_tree_parse
out-of-memory
unix
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
50.5%
There’s a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | epics-base | <=Â 7.0.3.1-4 | epics-base_7.0.3.1-4_all.deb |
| Debian | 999 | all | epics-base | <=Â 7.0.8+dfsg1-1 | epics-base_7.0.8+dfsg1-1_all.deb |
| Debian | 12 | all | r-cran-jsonlite | <=Â 1.8.4+dfsg-1 | r-cran-jsonlite_1.8.4+dfsg-1_all.deb |
| Debian | 11 | all | r-cran-jsonlite | <=Â 1.7.2+dfsg-1 | r-cran-jsonlite_1.7.2+dfsg-1_all.deb |
| Debian | 999 | all | r-cran-jsonlite | <=Â 1.8.8+dfsg-1 | r-cran-jsonlite_1.8.8+dfsg-1_all.deb |
| Debian | 13 | all | r-cran-jsonlite | <=Â 1.8.8+dfsg-1 | r-cran-jsonlite_1.8.8+dfsg-1_all.deb |
| Debian | 12 | all | ruby-yajl | <Â 1.4.3-1 | ruby-yajl_1.4.3-1_all.deb |
| Debian | 11 | all | ruby-yajl | <Â 1.4.1-1 | ruby-yajl_1.4.1-1_all.deb |
| Debian | 999 | all | ruby-yajl | <Â 1.4.3-1 | ruby-yajl_1.4.3-1_all.deb |
| Debian | 13 | all | ruby-yajl | <Â 1.4.3-1 | ruby-yajl_1.4.3-1_all.deb |
Related
nessus
nessus
CBL Mariner 2.0 Security Update: yajl (CVE-2023-33460)
2023-06-30 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : libyajl (SUSE-SU-2023:3301-1)
2023-08-15 00:00:00
Oracle Linux 9 : yajl (ELSA-2023-6551)
2023-11-16 00:00:00
osv
osv
yajl - security update
2023-07-02 00:00:00
Moderate: yajl security update
2023-11-07 00:00:00
CGA-gwr7-96x9-6chp
2024-06-06 12:27:34
redhat
redhat
(RHSA-2023:6551) Moderate: yajl security update
2023-11-07 06:08:33
(RHSA-2023:7057) Moderate: yajl security update
2023-11-14 08:44:17
(RHSA-2024:2580) Moderate: yajl security update
2024-04-30 14:00:42
cvelist
cvelist
CVE-2023-33460
2023-06-06 00:00:00
almalinux
almalinux
Moderate: yajl security update
2023-11-14 00:00:00
Moderate: yajl security update
2023-11-07 00:00:00
openvas
openvas
openSUSE: Security Advisory for libyajl (SUSE-SU-2023:3301-1)
2024-03-04 00:00:00
Debian: Security Advisory (DLA-3478-1)
2023-07-03 00:00:00
Fedora: Security Advisory for R-jsonlite (FEDORA-2023-0b0bb84049)
2023-07-23 00:00:00
oraclelinux
oraclelinux
yajl security update
2023-11-11 00:00:00
yajl security update
2023-11-17 00:00:00
nvd
nvd
CVE-2023-33460
2023-06-06 12:15:09
cbl_mariner
cbl_mariner
CVE-2023-33460 affecting package yajl 2.1.0-17
2023-07-28 23:16:55
CVE-2023-33460 affecting package yajl for versions less than 2.1.0-19
2023-06-27 20:56:13
CVE-2023-33460 affecting package yajl for versions less than 2.1.0-19
2024-03-19 17:21:46
fedora
fedora
[SECURITY] Fedora 38 Update: R-jsonlite-1.8.5-2.fc38
2023-07-21 02:27:06
[SECURITY] Fedora 37 Update: yajl-2.1.0-21.fc37
2023-07-27 02:05:39
[SECURITY] Fedora 38 Update: yajl-2.1.0-21.fc38
2023-07-16 01:27:03
redos
redos
ROS-20240606-06
2024-06-06 00:00:00
rocky
rocky
yajl security update
2023-11-28 22:43:02
yajl security update
2024-05-10 14:32:38
veracode
veracode
Memory Leak
2023-09-13 11:16:55
Memory Leak
2023-06-18 06:39:45
cgr
cgr
CVE-2023-33460 vulnerabilities
2024-05-19 03:07:16
alpinelinux
alpinelinux
CVE-2023-33460
2023-06-06 12:15:09
redhatcve
redhatcve
CVE-2023-33460
2023-07-12 12:36:38
cve
cve
CVE-2023-33460
2023-06-06 12:15:09
ubuntucve
ubuntucve
CVE-2023-33460
2023-06-06 00:00:00
debian
debian
[SECURITY] [DLA 3478-1] yajl security update
2023-07-02 11:11:11
[SECURITY] [DLA 3516-1] burp security update
2023-08-05 15:23:20
[SECURITY] [DLA 3492-1] yajl security update
2023-07-11 17:48:41
wolfi
wolfi
CVE-2023-33460 vulnerabilities
2024-07-26 21:09:29
amazon
amazon
Medium: yajl
2023-08-03 18:09:00
prion
prion
Memory corruption
2023-06-06 12:15:00
mageia
mageia
Updated yajl packages fix security vulnerabilities
2024-03-16 01:51:55
ubuntu
ubuntu
YAJL vulnerabilities
2023-12-14 00:00:00
YAJL vulnerabilities
2023-07-18 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2023-5.0-0096
2023-09-20 00:00:00
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
50.5%
Related for DEBIANCVE:CVE-2023-33460