yajl-2.1.0-21.el9
エラータID: AXSA:2022-4468:03
リリース日:
2022/12/20 Tuesday - 11:16
題名:
yajl-2.1.0-21.el9
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- yajl-ruby の yajl_buf.c には、ヒープバッファオーバーフローの問題
があるため、リモートの攻撃者により、2GByte 以上のデータの入力
を介して、メモリ破壊や任意のコード実行を可能とする脆弱性が存在
します。(CVE-2022-24795)
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2022-24795
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.
追加情報:
N/A
ダウンロード:
SRPMS
- yajl-2.1.0-21.el9.src.rpm
MD5: 548b80914572f08b0e4c5ea0e1f50479
SHA-256: 54824147ec9ace8a0c11d8a7f71125541aed772270c4fabc75fc7742b53cdbd1
Size: 94.99 kB
Asianux Server 9 for x86_64
- yajl-2.1.0-21.el9.x86_64.rpm
MD5: 41fffd27402a66a3727be3132c7f9d48
SHA-256: c2fe92a09befcb865953c52bc08f61e9bb46bbd74b4bd04f9bdd712b483145b5
Size: 37.27 kB - yajl-devel-2.1.0-21.el9.x86_64.rpm
MD5: e61acd07fc399934975c5b1f07e5111b
SHA-256: 115db6f682a9c1edfa4f2e320f6fdcf29cbe6ebb4ea28fbffec596dca003a469
Size: 16.01 kB - yajl-2.1.0-21.el9.i686.rpm
MD5: 4faabcceef8ec6fb1c142f87c05dad0f
SHA-256: 7d14ced41fa04d88ad4226456418bb8b4a1f1a5afae2dea3dcc46f0534ba8e7c
Size: 38.27 kB - yajl-devel-2.1.0-21.el9.i686.rpm
MD5: f52e5f2fc7a6674125141ff6a89ac408
SHA-256: 127996101f644a6aada6c60ab2707c76974839543bb6180b08c276686486c3a4
Size: 16.02 kB
English