All errata/sisyphus/ALT-PU-2023-1991-2
ALT-PU-2023-1991-2

Package update yajl in branch sisyphus

Version2.1.0-alt3
Task#322972
Published2026-02-04
Max severityMEDIUM
Severity:

Closed issues (2)

BDU:2023-07652
MEDIUM6.5

Уязвимость функции yajl_tree_parse библиотеки JSON YAJL-ruby, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2023-11-11Modified: 2025-11-19
CVSS 3.xMEDIUM 6.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C
References
CVE-2023-33460
MEDIUM6.5

There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.

Published: 2023-06-06Modified: 2025-01-08
CVSS 3.xMEDIUM 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
References