Описание
In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 1.3.1-1build1 |
| cosmic | not-affected | 1.3.1-1build1 |
| devel | not-affected | 1.3.1-1build1 |
| disco | not-affected | 1.3.1-1build1 |
| eoan | not-affected | 1.3.1-1build1 |
| esm-apps/bionic | not-affected | 1.3.1-1build1 |
| esm-apps/focal | not-affected | 1.3.1-1build1 |
| esm-apps/jammy | not-affected | 1.3.1-1build1 |
| esm-apps/noble | not-affected | 1.3.1-1build1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support, was deferred |
| cosmic | ignored | end of life |
| devel | not-affected | 2.1.0-5 |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-infra-legacy/trusty | released | 2.0.4-4ubuntu0.1~esm1 |
| esm-infra/bionic | released | 2.1.0-2ubuntu0.18.04.1~esm1 |
| esm-infra/focal | released | 2.1.0-3ubuntu0.20.04.1 |
| esm-infra/xenial | released | 2.1.0-2ubuntu0.16.04.1~esm1 |
Показывать по
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service.
In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service.
In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is suppl ...
Уязвимость функции yajl_string_decode компонента yajl_encode.c библиотеки JSON YAJL-ruby, позволяющая нарушителю вызвать отказ в обслуживании
5 Medium
CVSS2
7.5 High
CVSS3