CVE-2023-33460 — Missing Release of Memory after Effective Lifetime in Ruby-yajl

CWE-401 — Missing Release of Memory after Effective Lifetime10 documents7 sources

Severity

6.5MEDIUMNVD

OSV7.5

EPSS

0.1%

top 69.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Yajl Project Yajl Debian Epics-base Debian R-cran-jsonlite +13 more

Timeline

PublishedJun 6

Latest updateDec 14

Description

There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages15 packages

▶debiandebian/yajl< r-cran-jsonlite 1.8.8+dfsg-1 (forky)

▶debiandebian/ruby-yajl< r-cran-jsonlite 1.8.8+dfsg-1 (forky)

▶Debianyajl_project/yajl< 2.1.0-3+deb11u2+3

▶NVDyajl_project/yajl2.1.0

▶msrcmsrc/cm1_yajl_2.1.0-18_on_cbl_mariner_1.0

Also affects: Debian Linux 10.0, Fedora 37, 38

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

yajl vulnerabilities↗2023-12-14

▶

OSV

yajl vulnerabilities↗2023-07-18

▶

GHSA

GHSA-cqgm-m7h3-xgwm: There's a memory leak in yajl 2↗2023-06-06

▶

OSV

CVE-2023-33460: There's a memory leak in yajl 2↗2023-06-06

▶

📋Vendor Advisories

Ubuntu

YAJL vulnerabilities↗2023-12-14

▶

Ubuntu

YAJL vulnerabilities↗2023-07-18

▶

Microsoft

There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.↗2023-06-13

▶

Red Hat

yajl: Memory leak in yajl_tree_parse function↗2023-06-06

▶

Debian

CVE-2023-33460: epics-base - There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which ...↗2023

▶