Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
rubygemsRubySecRUBY:YAJL-RUBY-2022-24795
HistoryApr 04, 2022 - 9:00 p.m.

Reallocation bug can trigger heap memory corruption

2022-04-0421:00:00
RubySec
github.com
10
reallocation bug
heap memory corruption
yajl
integer overflow
32bit platforms
buffer size
vulnerability
process availability
arbitrary code execution
patched
workarounds
large inputs

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

JSON

The 1.x branch and the 2.x branch of yajl
contain an integer overflow which leads to subsequent heap memory corruption
when dealing with large (~2GB) inputs.

Details

The reallocation logic at yajl_buf.c#L64
may result in the need 32bit integer wrapping to 0 when need approaches
a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation
of buf->alloc into a small heap chunk.

These integers are declared as size_t in the 2.x branch of yajl, which
practically prevents the issue from triggering on 64bit platforms, however
this does not preclude this issue triggering on 32bit builds on which
size_t is a 32bit integer.

Subsequent population of this under-allocated heap chunk is based on the
original buffer size, leading to heap memory corruption.

Impact

We rate this as a moderate severity vulnerability which mostly impacts
process availability as we believe exploitation for arbitrary code
execution to be unlikely.

Patches

Patched in yajl-ruby 1.4.2

Workarounds

Avoid passing large inputs to YAJL

Affected configurations

Vulners
Node
rubyyajl-rubyRange≤1.4.2
VendorProductVersionCPE
rubyyajl-ruby*cpe:2.3:a:ruby:yajl-ruby:*:*:*:*:*:*:*:*

Related

osv 10
nessus 38
amazon 1
oraclelinux 2
debiancve 1
openvas 24
almalinux 2
redhat 11
github 1
redhatcve 1
prion 1
rocky 2
ubuntucve 1
cbl_mariner 3
cve 1
suse 1
cvelist 1
veracode 1
nvd 1
fedora 2
debian 2
ubuntu 2
photon 2
ibm 1
osv
osv
CVE-2022-24795
2022-04-05 16:15:14
Moderate: yajl security update
2022-11-08 00:00:00
Moderate: yajl security update
2022-11-08 06:21:57
nessus
nessus
EulerOS Virtualization 2.9.1 : yajl (EulerOS-SA-2023-1210)
2023-01-10 00:00:00
SUSE SLED15 / SLES15 Security Update : libyajl (SUSE-SU-2022:3162-1)
2022-09-09 00:00:00
Oracle Linux 8 : yajl (ELSA-2022-7524)
2022-11-16 00:00:00
amazon
amazon
Medium: yajl
2023-06-21 19:11:00
oraclelinux
oraclelinux
yajl security update
2022-11-22 00:00:00
yajl security update
2022-11-15 00:00:00
debiancve
debiancve
CVE-2022-24795
2022-04-05 16:15:14
openvas
openvas
openSUSE: Security Advisory for libyajl (SUSE-SU-2022:3162-1)
2022-09-08 00:00:00
Huawei EulerOS: Security Advisory for yajl (EulerOS-SA-2022-1776)
2022-05-25 00:00:00
Huawei EulerOS: Security Advisory for yajl (EulerOS-SA-2023-1181)
2023-01-12 00:00:00
almalinux
almalinux
Moderate: yajl security update
2022-11-15 00:00:00
Moderate: yajl security update
2022-11-08 00:00:00
redhat
redhat
(RHSA-2022:7524) Moderate: yajl security update
2022-11-08 06:21:57
(RHSA-2022:8252) Moderate: yajl security update
2022-11-15 06:19:32
(RHSA-2024:2063) Moderate: yajl security update
2024-04-25 14:45:06
github
github
Buffer Overflow in yajl-ruby
2022-04-05 15:55:51
redhatcve
redhatcve
CVE-2022-24795
2022-04-07 09:54:18
prion
prion
Integer overflow
2022-04-05 16:15:00
rocky
rocky
yajl security update
2022-11-15 06:19:32
yajl security update
2022-11-08 06:21:57
ubuntucve
ubuntucve
CVE-2022-24795
2022-04-05 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-24795 affecting package rubygem-yajl-ruby 1.4.1-1
2022-05-12 02:16:39
CVE-2022-24795 affecting package rubygem-yajl-ruby for versions less than 1.3.1-2
2022-09-16 06:05:31
CVE-2022-24795 affecting package rubygem-yajl-ruby for versions less than 1.4.3-1
2024-07-24 01:52:07
cve
cve
CVE-2022-24795
2022-04-05 16:15:14
suse
suse
Security update for libyajl (moderate)
2022-09-07 00:00:00
cvelist
cvelist
CVE-2022-24795 Buffer Overflow and Integer Overflow in yajl-ruby
2022-04-05 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-04-06 03:42:26
nvd
nvd
CVE-2022-24795
2022-04-05 16:15:14
fedora
fedora
[SECURITY] Fedora 38 Update: yajl-2.1.0-21.fc38
2023-07-16 01:27:03
[SECURITY] Fedora 37 Update: yajl-2.1.0-21.fc37
2023-07-27 02:05:39
debian
debian
[SECURITY] [DLA 3492-1] yajl security update
2023-07-11 17:48:41
[SECURITY] [DLA 3516-1] burp security update
2023-08-05 15:23:20
ubuntu
ubuntu
YAJL vulnerabilities
2023-07-18 00:00:00
YAJL vulnerabilities
2023-12-14 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0399
2022-06-03 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0399
2022-06-03 00:00:00
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management
2024-02-28 21:30:18

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

JSON
Related for RUBY:YAJL-RUBY-2022-24795
osv10nessus38amazon1oraclelinux2debiancve1openvas24almalinux2redhat11github1redhatcve1prion1rocky2ubuntucve1cbl_mariner3cve1suse1cvelist1veracode1nvd1fedora2debian2ubuntu2photon2ibm1