Lucene search
K

67 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 4:37 a.m.3 views

SUSE CVE-2017-16516

In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajlstringdecode function in yajlencode.c. This results in the whole ruby process terminating and potentially a denial of service...

7.5CVSS7.3AI score0.03767EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:27 a.m.8 views

SUSE CVE-2022-24795

yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit...

5.9CVSS7.8AI score0.03472EPSS
Exploits1References15
Tenable Nessus
Tenable Nessus
added 2022/11/22 12:0 a.m.13 views

Oracle Linux 9 : yajl (ELSA-2022-8252)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-8252 advisory. - yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to...

7.5CVSS7.8AI score0.03472EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/11/16 12:0 a.m.21 views

Oracle Linux 8 : yajl (ELSA-2022-7524)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-7524 advisory. - fix CVE-2022-24795 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not tested for...

7.5CVSS6.8AI score0.03472EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2022/11/12 12:0 a.m.22 views

AlmaLinux 8 : yajl (ALSA-2022:7524)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:7524 advisory. - yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to...

7.5CVSS7.8AI score0.03472EPSS
Exploits1References2
OSV
OSV
added 2022/09/16 11:4 a.m.4 views

OESA-2022-1912 yajl security update

yajl is a small event-driven JSON parser written in ANSI C, and a small validating JSON generator. Security Fixes: yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory...

7.5CVSS8.4AI score0.03472EPSS
Exploits1References2
CBLMariner
CBLMariner
added 2022/09/16 6:5 a.m.14 views

CVE-2022-24795 affecting package rubygem-yajl-ruby for versions less than 1.3.1-2

CVE-2022-24795 affecting package rubygem-yajl-ruby for versions less than 1.3.1-2. A patched version of the package is available...

7.5CVSS7.3AI score0.03472EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2022/09/09 12:0 a.m.26 views

SUSE SLED15: libyajl-devel / libyajl-devel-32bit / libyajl-devel-static / etc (SUSE-SU-2022:3162-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:3162-1 advisory. - CVE-2022-24795: Fixed heap-based buffer overflow when handling large inputs bsc1198405. Tenable has...

7.5CVSS7.1AI score0.03472EPSS
Exploits1References4
OSV
OSV
added 2022/07/15 11:3 a.m.5 views

OESA-2022-1752 rubygem-yajl-ruby security update

Ruby C bindings to the excellent Yajl JSON stream-based parser library. Security Fixes: yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing wit...

7.5CVSS8.4AI score0.03472EPSS
Exploits1References2
Photon
Photon
added 2022/06/03 12:0 a.m.76 views

Important Photon OS Security Update - PHSA-2022-0399

Updates of 'mariadb', 'libxml2', 'rubygem-yajl-ruby', 'linux', 'linux-aws', 'linux-secure', 'linux-esx', 'linux-rt' packages of Photon OS have been released...

7.2CVSS1.7AI score0.0363EPSS
Exploits24
Photon
Photon
added 2022/06/03 12:0 a.m.58 views

Important Photon OS Security Update - PHSA-2022-3.0-0399

Updates of 'linux-rt', 'linux-secure', 'libxml2', 'linux-aws', 'linux', 'linux-esx', 'rubygem-yajl-ruby', 'mariadb' packages of Photon OS have been released...

7.8CVSS6.8AI score0.0363EPSS
Exploits22
OSV
OSV
added 2022/06/02 8:48 a.m.5 views

SUSE-SU-2022:1918-1 Security update for rubygem-yajl-ruby

This update for rubygem-yajl-ruby fixes the following issue: -CVE-2022-24795: Fixed a heap-based buffer overflow when handling large inputs due to an integer overflow bsc1198405...

7.5CVSS7.7AI score0.03472EPSS
Exploits1References3
CBLMariner
CBLMariner
added 2022/05/12 2:16 a.m.17 views

CVE-2022-24795 affecting package rubygem-yajl-ruby 1.4.1-1

CVE-2022-24795 affecting package rubygem-yajl-ruby 1.4.1-1. An upgraded version of the package is available that resolves this issue...

7.5CVSS8.4AI score0.03472EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2022/04/19 7:0 a.m.2 views

Buffer Overflow and Integer Overflow in yajl-ruby

...

7.5CVSS6.8AI score0.03472EPSS
Exploits1
Snyk
Snyk
added 2022/04/06 10:31 a.m.3 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS due to an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit integer wrapping to 0 when need...

7.5CVSS7.2AI score0.03472EPSS
Exploits1References2
Veracode
Veracode
added 2022/04/06 3:42 a.m.24 views

Denial Of Service (DoS)

yajl-ruby is vulnerable to denial of service. The vulnerability exists due to an integer overflow which leads to a heap memory corruption causing an application crash...

7.5CVSS2.6AI score0.03472EPSS
Exploits1References11Affected Software6
OSV
OSV
added 2022/04/05 4:15 p.m.3 views

DEBIAN-CVE-2022-24795

yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit...

7.5CVSS7.8AI score0.03472EPSS
Exploits1References1
NVD
NVD
added 2022/04/05 4:15 p.m.19 views

CVE-2022-24795

yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit...

7.5CVSS0.03472EPSS
Exploits1References7
OSV
OSV
added 2022/04/05 4:15 p.m.9 views

AZL-10552 CVE-2022-24795 affecting package rubygem-yajl-ruby for versions less than 1.3.1-2

yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit...

7.5CVSS7.5AI score0.03472EPSS
Exploits1References1
OSV
OSV
added 2022/04/05 4:15 p.m.11 views

AZL-35233 CVE-2022-24795 affecting package rubygem-yajl-ruby for versions less than 1.4.3-1

yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large 2GB inputs. The reallocation logic at yajlbuf.cL64 may result in the need 32bit...

7.5CVSS7.5AI score0.03472EPSS
Exploits1References1
Rows per page
Query Builder