CVE-2023-33460

Name
CVE-2023-33460
Description
There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/lloyd/yajl/issues/250
MLIST https://lists.debian.org/debian-lts-announce/2023/07/msg00000.html
MLIST https://lists.debian.org/debian-lts-announce/2023/07/msg00013.html
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KLE3C4CECEJ4EUYI56KXI6OWACWXX7WN/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBUUHG27RM4ROEYKMVRROR27AX6R63MB/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YO32YDJ74DADC7CMJNLSLBVWN5EXGF5J/
MLIST https://lists.debian.org/debian-lts-announce/2023/08/msg00003.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLE3C4CECEJ4EUYI56KXI6OWACWXX7WN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBUUHG27RM4ROEYKMVRROR27AX6R63MB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO32YDJ74DADC7CMJNLSLBVWN5EXGF5J/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:yajl_project:yajl:2.1.0:*:*:*:*:*:*:* yajl == None == 2.1.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
yajl edge-main 2.1.0-r9 Natanael Copa <ncopa@alpinelinux.org> fixed
yajl 3.23-main 2.1.0-r9 Natanael Copa <ncopa@alpinelinux.org> fixed
yajl 3.22-main 2.1.0-r9 Natanael Copa <ncopa@alpinelinux.org> fixed
yajl 3.21-main 2.1.0-r9 Natanael Copa <ncopa@alpinelinux.org> fixed
yajl 3.20-main 2.1.0-r9 Natanael Copa <ncopa@alpinelinux.org> fixed
yajl 3.19-main 2.1.0-r9 Natanael Copa <ncopa@alpinelinux.org> fixed
yajl 3.18-main 2.1.0-r6 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
yajl 3.17-main 2.1.0-r5 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable