yajl-ruby 0.6.7
Flaw in yajl-ruby gem may cause a DoS
high severity CVE-2017-16516>= 1.3.1
In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service.
Reallocation bug can trigger heap memory corruption
medium severity CVE-2022-24795>= 1.4.2
The 1.x branch and the 2.x branch of yajl contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs.
Details
The reallocation logic at yajl_buf.c#L64
may result in the need
32bit integer wrapping to 0 when need
approaches
a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation
of buf->alloc into a small heap chunk.
These integers are declared as size_t
in the 2.x branch of yajl
, which
practically prevents the issue from triggering on 64bit platforms, however
this does not preclude this issue triggering on 32bit builds on which
size_t
is a 32bit integer.
Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption.
Impact
We rate this as a moderate severity vulnerability which mostly impacts process availability as we believe exploitation for arbitrary code execution to be unlikely.
Patches
Patched in yajl-ruby 1.4.2
Workarounds
Avoid passing large inputs to YAJL
No officially reported memory leakage issues detected.
This gem version does not have any officially reported memory leaked issues.
Gem version without a license.
Unless a license that specifies otherwise is included, nobody can use, copy, distribute, or modify this library without being at risk of take-downs, shake-downs, or litigation.
This gem version is available.
This gem version has not been yanked and is still available for usage.