Veracode Vulnerability DatabaseVERACODE:45772Double Free
libyyjson is vulnerable to Double Free. The vulnerability is due to a lack of loop checks in the pool_free function of pool series allocator. This flaw allows an attacker to execute arbitrary code remotely, resulting in Denial of Service (DoS) attacks.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libyyjson.so | le | 0.8.0 | |
| libyyjson.so | le | 0.8.0 |
References
github.com/ibireme/yyjson/commit/0eca326fe57aeeb866e6f04c9ef9ea9f8343157e
github.com/ibireme/yyjson/security/advisories/GHSA-q4m7-9pcm-fpxh
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KQ67T4R7QEWURW5NMCCVLTBASL4ECHE/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NNICQVIF7BRYFWYRL3HPVAJIPXN4OVTX/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKQPEREDUDKGYJMFNFDQVYCVLWDRO2Y2/
Related
