Sha256: 20aca1ecd5b97d498431ac0d66f8e1c9e86ede22d309e643355bba751f408714

Contents?: true

Size: 572 Bytes

Versions: 3

Compression:

Stored size: 572 Bytes

Contents

---
gem: yajl-ruby
cve: 2017-16516
url: https://nvd.nist.gov/vuln/detail/CVE-2017-16516
title: Flaw in yajl-ruby gem may cause a DoS
date: 2017-11-03

description: |
  In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to
  Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the 
  yajl_string_decode function in yajl_encode.c. This results in the whole ruby 
  process terminating and potentially a denial of service.

patched_versions:
  - ">= 1.3.1"

related:
  url:
    - https://github.com/brianmario/yajl-ruby/issues/176

Version data entries

3 entries across 3 versions & 2 rubygems

Version Path
bundler-audit-0.7.0.1 data/ruby-advisory-db/gems/yajl-ruby/CVE-2017-16516.yml
bundler-budit-0.6.2 data/ruby-advisory-db/gems/yajl-ruby/CVE-2017-16516.yml
bundler-budit-0.6.1 data/ruby-advisory-db/gems/yajl-ruby/CVE-2017-16516.yml