Description
In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service.
References (5)
Core 5
Core References
Exploit, Third Party Advisory
https://github.com/brianmario/yajl-ruby/issues/176
Third Party Advisory
https://rubygems.org/gems/yajl-ruby
Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2017/11/msg00010.html
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/07/msg00013.html
Mailing List mailing-list
https://lists.debian.org/debian-lts-announce/2023/08/msg00003.html
Scores
CVSS v3
7.5
EPSS
0.0377
EPSS Percentile
88.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-134
Status
published
Products (3)
debian/debian_linux
7.0
rubygems/yajl-ruby
0 - 1.3.1RubyGems
yajl-ruby_project/yajl-ruby
1.3.0
Published
Nov 03, 2017
Tracked Since
Feb 18, 2026