Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 3 of 3 results

CVE-2023-33460

Low priority

Some fixes available 6 of 25

There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.

3 affected packages

argyll, r-cran-jsonlite, yajl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
argyll Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
r-cran-jsonlite Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
yajl Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2022-24795

Medium priority

Some fixes available 6 of 93

yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB)...

12 affected packages

argyll, burp, centreon-broker, collada2gltf, icinga2...

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
argyll Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
burp Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
centreon-broker Ignored
collada2gltf Not in release Needs evaluation Needs evaluation Needs evaluation
icinga2 Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
libbson Needs evaluation Needs evaluation
lnav Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
php-mongodb Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
r-cran-jsonlite Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
ruby-yajl Needs evaluation Needs evaluation Needs evaluation Needs evaluation Needs evaluation
tulip Not in release Needs evaluation Needs evaluation
yajl Not affected Fixed Fixed Fixed Fixed
Show all 12 packages Show less packages

CVE-2017-16516

Low priority

Some fixes available 6 of 18

In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby...

2 affected packages

ruby-yajl, yajl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ruby-yajl Not affected Not affected Not affected Not affected Vulnerable
yajl Not affected Fixed Fixed Fixed Fixed
Show less packages