Published: 03/11/2017 Updated: 05/08/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
yajl-ruby project yajl-ruby 1.3.0
debian debian linux 7.0

Debian Bug report logs - #880691 ruby-yajl: CVE-2017-16516 Package: src:ruby-yajl; Maintainer for src:ruby-yajl is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 3 Nov 2017 21:24:01 UTC Severity: important Tags: p ...

In the yajl-ruby gem 130 for Ruby, when a crafted JSON file is supplied to Yajl::Parsernewparse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encodec This results in the whole ruby process terminating and potentially a denial of service ...

CWE-134 https://rubygems.org/gems/yajl-ruby https://github.com/brianmario/yajl-ruby/issues/176 https://lists.debian.org/debian-lts-announce/2017/11/msg00010.html https://lists.debian.org/debian-lts-announce/2023/07/msg00013.html https://lists.debian.org/debian-lts-announce/2023/08/msg00003.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880691 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2017-16516

CVE-2017-16516

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect