Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2022-24795

Published: 05/04/2022 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Subscribe to Yajl-ruby

Vulnerability Summary

yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

yajl-ruby project yajl-ruby

Vendor Advisories

Debian CVElist Bug Report Logs: ruby-yajl: CVE-2022-24795
Debian Bug report logs - #1014803 ruby-yajl: CVE-2022-24795 Package: src:ruby-yajl; Maintainer for src:ruby-yajl is Debian Ruby Team <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Tue, 12 Jul 2022 09:15:05 UTC Severity: grave Tags: security Reply or ...
Red Hat: Moderate: yajl security update
Synopsis Moderate: yajl security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for yajl is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as having a security ...
Red Hat: Moderate: yajl security update
Synopsis Moderate: yajl security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for yajl is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as having a security ...
Red Hat: Important: OpenShift Virtualization 4.12.0 Images security update
Synopsis Important: OpenShift Virtualization 4120 Images security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Virtualization release 412 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...
Red Hat: Moderate: OpenShift Virtualization 4.11.1 security and bug fix update
Synopsis Moderate: OpenShift Virtualization 4111 security and bug fix update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Virtualization release 4111 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impac ...
Amazon Linux 2: ALAS2-2023-2101
yajl-ruby is a C binding to the YAJL JSON parsing and generation library The 1x branch and the 2x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs The reallocation logic at `yajl_bufc#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approach ...

References

CWE-190CWE-122https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrmhttps://github.com/brianmario/yajl-ruby/blob/7168bd79b888900aa94523301126f968a93eb3a6/ext/yajl/yajl_buf.c#L64https://github.com/brianmario/yajl-ruby/commit/7168bd79b888900aa94523301126f968a93eb3a6https://lists.debian.org/debian-lts-announce/2023/07/msg00013.htmlhttps://lists.debian.org/debian-lts-announce/2023/08/msg00003.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLE3C4CECEJ4EUYI56KXI6OWACWXX7WN/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO32YDJ74DADC7CMJNLSLBVWN5EXGF5J/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014803https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2023-2101.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook