Headline
CVE-2023-33460: memory leak in yajl_tree_parse function. · Issue #250 · lloyd/yajl
There’s a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.
there is memory leak in yajl_tree_parse function
reproduce step:
1. compile the yajl with asan cmake . -DCMAKE_C_COMPILER=gcc -fsanitize=address -g
2. example/parse_config.c
3. crash input: “{"@\\\n\\\\"”
==1696156==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x7ffff767d867 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
#1 0x555555561953 in context_push ./yajl/src/yajl_tree.c:117
#2 0x555555563380 in handle_start_map ./yajl/src/yajl_tree.c:339
#3 0x55555556d903 in yajl_do_parse ./yajl/src/yajl_parser.c:269
#4 0x555555564f57 in yajl_parse ./yajl/src/yajl.c:130
#5 0x5555555639c5 in yajl_tree_parse ./yajl/src/yajl_tree.c:435
#6 0x555555560eeb in main parse_config.c:26
Indirect leak of 40 byte(s) in 1 object(s) allocated from:
#0 0x7ffff767d867 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
#1 0x555555561424 in value_alloc ./yajl/src/yajl_tree.c:63
#2 0x55555556322f in handle_start_map ./yajl/src/yajl_tree.c:331
#3 0x55555556d903 in yajl_do_parse ./yajl/src/yajl_parser.c:269
#4 0x555555564f57 in yajl_parse ./yajl/src/yajl.c:130
#5 0x5555555639c5 in yajl_tree_parse ./yajl/src/yajl_tree.c:435
#6 0x555555560eeb in main parse_config.c:26
Indirect leak of 9 byte(s) in 1 object(s) allocated from:
#0 0x7ffff767d867 in __interceptor_malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:145
#1 0x555555562907 in handle_string ./yajl/src/yajl_tree.c:280
#2 0x55555556f9a3 in yajl_do_parse ./yajl/src/yajl_parser.c:399
#3 0x555555564f57 in yajl_parse ./yajl/src/yajl.c:130
#4 0x5555555639c5 in yajl_tree_parse ./yajl/src/yajl_tree.c:435
#5 0x555555560eeb in main parse_config.c:26
SUMMARY: AddressSanitizer: 73 byte(s) leaked in 3 allocation(s).
this may casue crash and dos for which use our lib.
Related news
Red Hat Security Advisory 2024-2580-03 - An update for yajl is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a memory leak vulnerability.
Red Hat Security Advisory 2024-2063-03 - An update for yajl is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include buffer overflow, integer overflow, and memory leak vulnerabilities.
Ubuntu Security Notice 6233-2 - USN-6233-1 fixed vulnerabilities in YAJL. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. It was discovered that YAJL was not properly performing bounds checks when decoding a string with escape sequences. If a user or automated system using YAJL were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service .
Ubuntu Security Notice 6233-1 - It was discovered that YAJL was not properly performing bounds checks when decoding a string with escape sequences. If a user or automated system using YAJL were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service. It was discovered that YAJL was not properly handling memory allocation when dealing with large inputs, which could lead to heap memory corruption. If a user or automated system using YAJL were tricked into running a specially crafted large input, an attacker could possibly use this issue to cause a denial of service.