CVE-2023-33460

Name
CVE-2023-33460
Description
There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/lloyd/yajl/issues/250
MLIST https://lists.debian.org/debian-lts-announce/2023/07/msg00000.html
MLIST https://lists.debian.org/debian-lts-announce/2023/07/msg00013.html
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KLE3C4CECEJ4EUYI56KXI6OWACWXX7WN/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IBUUHG27RM4ROEYKMVRROR27AX6R63MB/
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YO32YDJ74DADC7CMJNLSLBVWN5EXGF5J/
MLIST https://lists.debian.org/debian-lts-announce/2023/08/msg00003.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLE3C4CECEJ4EUYI56KXI6OWACWXX7WN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBUUHG27RM4ROEYKMVRROR27AX6R63MB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO32YDJ74DADC7CMJNLSLBVWN5EXGF5J/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:yajl_project:yajl:2.1.0:*:*:*:*:*:*:* yajl == None == 2.1.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
yajl 3.18-main 2.1.0-r6 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
yajl 3.17-main 2.1.0-r5 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
yajl 3.16-main 2.1.0-r4 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
yajl 3.15-main 2.1.0-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
yajl edge-main 2.1.0-r9 Natanael Copa <ncopa@alpinelinux.org> fixed
yajl 3.20-main 2.1.0-r9 Natanael Copa <ncopa@alpinelinux.org> fixed
yajl 3.19-main 2.1.0-r9 Natanael Copa <ncopa@alpinelinux.org> fixed