Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-16516

Опубликовано: 02 нояб. 2017
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Operational Toolsrubygem-yajl-rubyWill not fix
Red Hat OpenShift Enterprise 3rubygem-yajl-rubyNot affected
Red Hat OpenStack Platform 10 (Newton) Operational Toolsrubygem-yajl-rubyWill not fix
Red Hat OpenStack Platform 11 (Ocata) Operational Toolsrubygem-yajl-rubyWill not fix
Red Hat OpenStack Platform 12 (Pike) Operational Toolsrubygem-yajl-rubyWill not fix
Red Hat OpenStack Platform 13 (Queens) Operational Toolsrubygem-yajl-rubyAffected
Red Hat OpenStack Platform 8 (Liberty) Operational Toolsrubygem-yajl-rubyWill not fix
Red Hat OpenStack Platform 9 (Mitaka) Operational Toolsrubygem-yajl-rubyWill not fix
Red Hat Virtualization 4rubygem-yajl-rubyWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1524439rubygem-yajl-ruby: Yajl:: Parser.new.parse incorrect parsing

EPSS

Процентиль: 81%
0.01553
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2017-16516

CVSS3: 7.5
ubuntu
больше 8 лет назад

In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service.

nvd логотип

CVE-2017-16516

CVSS3: 7.5
nvd
больше 8 лет назад

In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service.

debian логотип

CVE-2017-16516

CVSS3: 7.5
debian
больше 8 лет назад

In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is suppl ...

github логотип

GHSA-wwh7-4jw9-33x6

CVSS3: 7.5
github
около 8 лет назад

yajl-ruby gem Denial of Service vulnerability

fstec логотип

BDU:2023-07604

CVSS3: 7.5
fstec
больше 8 лет назад

Уязвимость функции yajl_string_decode компонента yajl_encode.c библиотеки JSON YAJL-ruby, позволяющая нарушителю вызвать отказ в обслуживании

EPSS

Процентиль: 81%
0.01553
Низкий

7.5 High

CVSS3