Описание
There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| yajl | fixed | 2.1.0-5 | package | |
| yajl | fixed | 2.1.0-3+deb12u2 | bookworm | package |
| yajl | fixed | 2.1.0-3+deb11u2 | bullseye | package |
| epics-base | not-affected | package | ||
| r-cran-jsonlite | fixed | 1.8.8+dfsg-1 | package | |
| r-cran-jsonlite | no-dsa | bookworm | package | |
| r-cran-jsonlite | no-dsa | bullseye | package | |
| r-cran-jsonlite | postponed | buster | package | |
| ruby-yajl | not-affected | package |
Примечания
https://github.com/lloyd/yajl/issues/250
Introduced with: https://github.com/lloyd/yajl/commit/cfa9f8fcb12d80dd5ebf94f5e6a607aab4d225fb (2.0.0)
The original fix uploaded as 2.1.0-3.1 was incomplete.
ruby-yajl embeds yajl version 1.0.12 (https://github.com/brianmario/yajl-ruby/blob/master/ext/yajl/api/yajl_version.h)
r-cran-jsonlite: https://github.com/jeroen/jsonlite/issues/426
r-cran-jsonlite: https://github.com/jeroen/jsonlite/pull/421
r-cran-jsonlite: https://github.com/jeroen/jsonlite/commit/e8965dfead9f270ff8d7bb3029e86dee866d407d (v1.8.8)
EPSS
Связанные уязвимости
There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.
There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.
There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.
EPSS