Описание
There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.
A flaw was found in the yajl library, which exists due to a memory leak within the yajl_tree_parse() function. This flaw allows a remote attacker to parse malicious JSON input to cause out-of-memory in the server, causing a crash, resulting in a denial of service attack.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | yajl | Not affected | ||
| Red Hat Enterprise Linux 7 | yajl | Out of support scope | ||
| Red Hat Enterprise Linux 8 | libreoffice:flatpak/yajl | Will not fix | ||
| Red Hat Enterprise Linux 8 | yajl | Fixed | RHSA-2023:7057 | 14.11.2023 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | yajl | Fixed | RHSA-2024:2063 | 25.04.2024 |
| Red Hat Enterprise Linux 8.8 Extended Update Support | yajl | Fixed | RHSA-2024:2580 | 30.04.2024 |
| Red Hat Enterprise Linux 9 | yajl | Fixed | RHSA-2023:6551 | 07.11.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.
There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.
There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse functi ...
EPSS
6.5 Medium
CVSS3