Debian Burp vulnerabilities

CVE-2022-24795 [MEDIUM] CVE-2022-24795: burp - yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.... yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x800

CVE-2017-16516 [HIGH] CVE-2017-16516: burp - In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yaj... In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service. Scope: local bookworm: open bullseye: open forky: resolved (fixed in 3.1.4-2) sid:

CVE-2017-18285 [HIGH] CVE-2017-18285: burp - The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership o... The Gentoo app-backup/burp package before 2.1.32 has incorrect group ownership of the /etc/burp directory, which might allow local users to obtain read and write access to arbitrary files by leveraging access to a certain account for a burp-server.conf change. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2017-18284 [HIGH] CVE-2017-18284: burp - The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID f... The Gentoo app-backup/burp package before 2.1.32 sets the ownership of the PID file directory to the burp account, which might allow local users to kill arbitrary processes by leveraging access to this account for PID file modification before a root script sends a SIGKILL. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved