Red Hat Security Advisory 2024-2580-03 - An update for yajl is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a memory leak vulnerability.
3cbbbe94260d433bbf0453d1c08e057a80bd9cda9267f8cb219291893c029e43
Ubuntu Security Notice 6233-2 - USN-6233-1 fixed vulnerabilities in YAJL. This update provides the corresponding updates for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 23.04. It was discovered that YAJL was not properly performing bounds checks when decoding a string with escape sequences. If a user or automated system using YAJL were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service .
1a79b120418384147adf55646f48f838ca04a6cd9e3d760d119309f406d0434a
Red Hat Security Advisory 2023-7057-01 - An update for yajl is now available for Red Hat Enterprise Linux 8. Issues addressed include a memory leak vulnerability.
f30c33ac99b2602702e4072df820cdb74c7dbfcf30e2c94bcc918b11713c38b0
Red Hat Security Advisory 2023-6551-01 - An update for yajl is now available for Red Hat Enterprise Linux 9. Issues addressed include a memory leak vulnerability.
623bd081c791673f21caed8805524f984b8a91c207d92d64625287c7dc3a3c9c
Ubuntu Security Notice 6233-1 - It was discovered that YAJL was not properly performing bounds checks when decoding a string with escape sequences. If a user or automated system using YAJL were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service. It was discovered that YAJL was not properly handling memory allocation when dealing with large inputs, which could lead to heap memory corruption. If a user or automated system using YAJL were tricked into running a specially crafted large input, an attacker could possibly use this issue to cause a denial of service.
dc76af79630bbfeaaf462528d36963309713ef6633d5dd1d737257cd112afad5