Headline
CVE-2017-16516: yajl-ruby | RubyGems.org | your community gem host
In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service.
RubyGems.org is the Ruby community’s gem hosting service. Instantly publish your gems and then install them. Use the API to find out more about available gems. Become a contributor and improve the site yourself.
RubyGems.org is made possible through a partnership with the greater Ruby community. Fastly provides bandwidth and CDN support, Ruby Central covers infrastructure costs, and funds ongoing development and ops work. Learn more about our sponsors and how they work together.
We need your help to fund the developer time that keeps RubyGems.org running smoothly for everyone. Join Ruby Central today.
Related news
Ubuntu Security Notice 6233-2 - USN-6233-1 fixed vulnerabilities in YAJL. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. It was discovered that YAJL was not properly performing bounds checks when decoding a string with escape sequences. If a user or automated system using YAJL were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service .
Ubuntu Security Notice 6233-1 - It was discovered that YAJL was not properly performing bounds checks when decoding a string with escape sequences. If a user or automated system using YAJL were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service. It was discovered that YAJL was not properly handling memory allocation when dealing with large inputs, which could lead to heap memory corruption. If a user or automated system using YAJL were tricked into running a specially crafted large input, an attacker could possibly use this issue to cause a denial of service.