6.5
CVE-2023-33460
- EPSS 1.13%
- Veröffentlicht 06.06.2023 12:15:09
- Zuletzt bearbeitet 08.01.2025 17:15:12
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Yajl Project ≫ Yajl Version2.1.0
Fedoraproject ≫ Fedora Version37
Fedoraproject ≫ Fedora Version38
Debian ≫ Debian Linux Version10.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.13% | 0.621 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
https://lists.debian.org/debian-lts-announce/2023/07/msg00013.html
https://lists.debian.org/debian-lts-announce/2023/08/msg00003.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLE3C4CECEJ4EUYI56KXI6OWACWXX7WN/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO32YDJ74DADC7CMJNLSLBVWN5EXGF5J/
https://github.com/lloyd/yajl/issues/250
https://lists.debian.org/debian-lts-announce/2023/07/msg00000.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IBUUHG27RM4ROEYKMVRROR27AX6R63MB/