yajl-2.1.0-11.el8
エラータID: AXSA:2022-4173:02
リリース日:
2022/11/28 Monday - 07:36
題名:
yajl-2.1.0-11.el8
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- yajl-ruby の yajl_buf.c には、ヒープバッファ
オーバーフローの問題があるため、リモートの攻撃者により、
2GByte 以上のデータの入力を介して、メモリ破壊や任意の
コード実行を可能とする脆弱性が存在します。
(CVE-2022-24795)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-24795
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.
追加情報:
N/A
ダウンロード:
SRPMS
- yajl-2.1.0-11.el8.src.rpm
MD5: 0b07df9a8dcfe63cd49793c13164bf62
SHA-256: 0e54a19cd3a210e32f3025884d6cd46eab808eccc95d26eca8cf9e741111db18
Size: 96.25 kB
Asianux Server 8 for x86_64
- yajl-2.1.0-11.el8.x86_64.rpm
MD5: 47f32b60b087cc86c090e05f8a4cf45d
SHA-256: ca81ff0e96cf97219a48a971d6d1597a52d77139244a725355638117a9f804e8
Size: 39.66 kB - yajl-devel-2.1.0-11.el8.x86_64.rpm
MD5: 3591467e8156c8452f9580869038f67c
SHA-256: ccea2560173006493cc09b06094b8a050503066753b4aad466029df20e8da6ad
Size: 18.00 kB - yajl-2.1.0-11.el8.i686.rpm
MD5: 67884daad34f649a06216679e8f684e7
SHA-256: 0e0fca711944479652fc3f86d94734f0a251e00f33e49c48d584a174abcb2c18
Size: 40.65 kB - yajl-devel-2.1.0-11.el8.i686.rpm
MD5: 5f102cd849620466ff7fcd11865a9688
SHA-256: ecfd19bf47fbb4697ecd1f243a6387c1ea7e7d82f93b9390b0718cb25480b632
Size: 18.03 kB
English