Source: yajl Severity: important Tags: security upstream X-Debbugs-Cc: Debian Security Team <t...@security.debian.org>
After preparing the LTS upload of yajl I've seen the following issues in the upstream github issue tracker: CVE-2017-16516 [1] portential buffer overread: A JSON file can cause denial of service. CVE-2022-24795 [2] potential integer overflow which can lead to subsequent heap memory corruption when dealing with large (~2GB) input The upstream issue tracker also indicates that there might be other vulnerabilies (without CVEs or unknown CVEs), but I did not investiage further: https://github.com/lloyd/yajl/issues/206 (double free) https://github.com/lloyd/yajl/issues/204 (Uninitialized memory reads and out-of-bound) It seems that the code is unmaintained upstream. It might be a good idea to evaluate if any of the forks are more active and whether Debian should move there. Cheers, -- tobi [1] https://github.com/lloyd/yajl/issues/248 Potential fix: https://github.com/brianmario/yajl-ruby/commit/a8ca8f476655adaa187eedc60bdc770fff3c51ce [2] https://github.com/lloyd/yajl/issues/239 Potential fix (howver the use of abort() can cause issues.) https://github.com/lloyd/yajl/pull/240 -- System Information: Debian Release: 12.0 APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'oldstable-security'), (500, 'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500, 'oldstable'), (100, 'bullseye-fasttrack'), (100, 'bullseye-backports-staging'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.1.0-9-amd64 (SMP w/12 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
