{"id":"CVE-2017-16516","details":"In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decode function in yajl_encode.c. This results in the whole ruby process terminating and potentially a denial of service.","aliases":["GHSA-wwh7-4jw9-33x6"],"modified":"2026-03-15T14:26:45.178518Z","published":"2017-11-03T15:29:00.233Z","related":["MGASA-2024-0066"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00013.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00003.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00010.html"},{"type":"ADVISORY","url":"https://rubygems.org/gems/yajl-ruby"},{"type":"EVIDENCE","url":"https://github.com/brianmario/yajl-ruby/issues/176"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/brianmario/yajl-ruby","events":[{"introduced":"0"},{"last_affected":"35cf1c23efbf946785d3210b610783fedde51321"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.3.0"}]}}],"versions":["0.1.0","0.2.0","0.2.1","0.3.0","0.3.1","0.3.2","0.3.3","0.3.4","0.4.0","0.4.1","0.4.2","0.4.3","0.4.4","0.4.5","0.4.6","0.4.7","0.4.8","0.4.9","0.5.0","0.5.1","0.5.10","0.5.11","0.5.12","0.5.2","0.5.3","0.5.4","0.5.5","0.5.6","0.5.7","0.5.8","0.5.9","0.6.0","0.6.1","0.6.2","0.6.3","0.6.4","0.6.5","0.6.6","0.6.7","0.6.8","0.6.9","0.7.0","0.7.1","0.7.2","0.7.3","0.7.4","0.7.5","0.7.6","0.7.7","0.7.8","0.7.9","0.8.0","0.8.1","0.8.2","0.8.3","1.0.0","1.1.0","1.2.0","1.2.1","1.3.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-16516.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}