Lucene search

RedHatRHSA-2024:2063

HistoryApr 25, 2024 - 2:45 p.m.

(RHSA-2024:2063) Moderate: yajl security update

2024-04-2514:45:06

access.redhat.com

yajl

security update

heap-based buffer overflow

memory leak

cve-2022-24795

cve-2023-33460

event-driven json parser

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.8 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.01 Low

EPSS

Percentile

83.5%

JSON

Yet Another JSON Library (YAJL) is a small event-driven (SAX-style) JSON parser written in ANSI C, and a small validating JSON generator.

Security Fix(es):

yajl: heap-based buffer overflow when handling large inputs due to an integer overflow (CVE-2022-24795)
yajl: Memory leak in yajl_tree_parse function (CVE-2023-33460)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHat8ppc64leyajl-debuginfo< 2.1.0-13.el8_6yajl-debuginfo-2.1.0-13.el8_6.ppc64le.rpm
RedHat8x86_64yajl-debuginfo< 2.1.0-13.el8_6yajl-debuginfo-2.1.0-13.el8_6.x86_64.rpm
RedHat8x86_64yajl-debugsource< 2.1.0-13.el8_6yajl-debugsource-2.1.0-13.el8_6.x86_64.rpm
RedHat8i686yajl-devel< 2.1.0-13.el8_6yajl-devel-2.1.0-13.el8_6.i686.rpm
RedHat8s390xyajl< 2.1.0-13.el8_6yajl-2.1.0-13.el8_6.s390x.rpm
RedHat8x86_64yajl-devel< 2.1.0-13.el8_6yajl-devel-2.1.0-13.el8_6.x86_64.rpm
RedHat8ppc64leyajl< 2.1.0-13.el8_6yajl-2.1.0-13.el8_6.ppc64le.rpm
RedHat8i686yajl-debugsource< 2.1.0-13.el8_6yajl-debugsource-2.1.0-13.el8_6.i686.rpm
RedHat8i686yajl-debuginfo< 2.1.0-13.el8_6yajl-debuginfo-2.1.0-13.el8_6.i686.rpm
RedHat8s390xyajl-devel< 2.1.0-13.el8_6yajl-devel-2.1.0-13.el8_6.s390x.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	8	ppc64le	yajl-debuginfo	< 2.1.0-13.el8_6	yajl-debuginfo-2.1.0-13.el8_6.ppc64le.rpm
RedHat	8	x86_64	yajl-debuginfo	< 2.1.0-13.el8_6	yajl-debuginfo-2.1.0-13.el8_6.x86_64.rpm
RedHat	8	x86_64	yajl-debugsource	< 2.1.0-13.el8_6	yajl-debugsource-2.1.0-13.el8_6.x86_64.rpm
RedHat	8	i686	yajl-devel	< 2.1.0-13.el8_6	yajl-devel-2.1.0-13.el8_6.i686.rpm
RedHat	8	s390x	yajl	< 2.1.0-13.el8_6	yajl-2.1.0-13.el8_6.s390x.rpm
RedHat	8	x86_64	yajl-devel	< 2.1.0-13.el8_6	yajl-devel-2.1.0-13.el8_6.x86_64.rpm
RedHat	8	ppc64le	yajl	< 2.1.0-13.el8_6	yajl-2.1.0-13.el8_6.ppc64le.rpm
RedHat	8	i686	yajl-debugsource	< 2.1.0-13.el8_6	yajl-debugsource-2.1.0-13.el8_6.i686.rpm
RedHat	8	i686	yajl-debuginfo	< 2.1.0-13.el8_6	yajl-debuginfo-2.1.0-13.el8_6.i686.rpm
RedHat	8	s390x	yajl-devel	< 2.1.0-13.el8_6	yajl-devel-2.1.0-13.el8_6.s390x.rpm