67 matches found
SUSE CVE-2017-16516
In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajlstringdecode function in yajlencode.c. This results in the whole ruby process terminating and potentially a denial of service...
SUSE CVE-2022-24795
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit...
Oracle Linux 9 : yajl (ELSA-2022-8252)
The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-8252 advisory. - yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to...
Oracle Linux 8 : yajl (ELSA-2022-7524)
The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7524 advisory. - fix CVE-2022-24795 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested for...
AlmaLinux 8 : yajl (ALSA-2022:7524)
The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7524 advisory. - yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to...
OESA-2022-1912 yajl security update
yajl is a small event-driven JSON parser written in ANSI C, and a small validating JSON generator. Security Fixes: yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory...
CVE-2022-24795 affecting package rubygem-yajl-ruby for versions less than 1.3.1-2
CVE-2022-24795 affecting package rubygem-yajl-ruby for versions less than 1.3.1-2. A patched version of the package is available...
SUSE SLED15: libyajl-devel / libyajl-devel-32bit / libyajl-devel-static / etc (SUSE-SU-2022:3162-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3162-1 advisory. - CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs bsc1198405. Tenable has...
OESA-2022-1752 rubygem-yajl-ruby security update
Ruby C bindings to the excellent Yajl JSON stream-based parser library. Security Fixes: yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing wit...
Important Photon OS Security Update - PHSA-2022-0399
Updates of 'mariadb', 'libxml2', 'rubygem-yajl-ruby', 'linux', 'linux-aws', 'linux-secure', 'linux-esx', 'linux-rt' packages of Photon OS have been released...
Important Photon OS Security Update - PHSA-2022-3.0-0399
Updates of 'linux-rt', 'linux-secure', 'libxml2', 'linux-aws', 'linux', 'linux-esx', 'rubygem-yajl-ruby', 'mariadb' packages of Photon OS have been released...
SUSE-SU-2022:1918-1 Security update for rubygem-yajl-ruby
This update for rubygem-yajl-ruby fixes the following issue: -CVE-2022-24795: Fixed a heap-based buffer overflow when handling large inputs due to an integer overflow bsc1198405...
CVE-2022-24795 affecting package rubygem-yajl-ruby 1.4.1-1
CVE-2022-24795 affecting package rubygem-yajl-ruby 1.4.1-1. An upgraded version of the package is available that resolves this issue...
Buffer Overflow and Integer Overflow in yajl-ruby
...
Denial of Service (DoS)
Overview Affected versions of this package are vulnerable to Denial of Service DoS due to an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit integer wrapping to 0 when need...
Denial Of Service (DoS)
yajl-ruby is vulnerable to denial of service. The vulnerability exists due to an integer overflow which leads to a heap memory corruption causing an application crash...
DEBIAN-CVE-2022-24795
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit...
CVE-2022-24795
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit...
AZL-10552 CVE-2022-24795 affecting package rubygem-yajl-ruby for versions less than 1.3.1-2
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit...
AZL-35233 CVE-2022-24795 affecting package rubygem-yajl-ruby for versions less than 1.4.3-1
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit...