CVE-2022-24795

The CVE-2022-24795 issue affects yajl (and its ruby binding yajl-ruby). A 32-bit size_t-based integer overflow in the reallocation logic (yajl_buf.c) can cause under-allocation when handling very large inputs (~2 GB), leading to heap memory corruption and potential process availability impact. On...

CVE-2017-16516

CVE-2017-16516 – yajl-ruby (Ruby gem 1.3.0) The vulnerability concerns the yajl-ruby gem used with Ruby. When a crafted JSON is parsed via Yajl::Parser.new.parse, the process can crash with a SIGABRT in yajl_encode.c: yajl_string_decode, potentially causing a denial of service. The initial descri...