{"id":"CVE-2022-24795","summary":"Buffer Overflow and Integer Overflow in yajl-ruby","details":"yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf-\u003ealloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.","aliases":["GHSA-jj47-x69x-mxrm"],"modified":"2026-04-02T07:52:02.845437Z","published":"2022-04-05T00:00:00Z","related":["ALSA-2022:7524","ALSA-2022:8252","SUSE-SU-2022:1746-1","SUSE-SU-2022:1918-1","SUSE-SU-2022:3162-1","openSUSE-SU-2024:12258-1"],"database_specific":{"cna_assigner":"GitHub_M","cwe_ids":["CWE-122","CWE-190"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24795.json"},"references":[{"type":"WEB","url":"https://github.com/brianmario/yajl-ruby/blob/7168bd79b888900aa94523301126f968a93eb3a6/ext/yajl/yajl_buf.c#L64"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/24xxx/CVE-2022-24795.json"},{"type":"ADVISORY","url":"https://github.com/brianmario/yajl-ruby/security/advisories/GHSA-jj47-x69x-mxrm"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KLE3C4CECEJ4EUYI56KXI6OWACWXX7WN/"},{"type":"ADVISORY","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YO32YDJ74DADC7CMJNLSLBVWN5EXGF5J/"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-24795"},{"type":"FIX","url":"https://github.com/brianmario/yajl-ruby/commit/7168bd79b888900aa94523301126f968a93eb3a6"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00013.html"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2023/08/msg00003.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/brianmario/yajl-ruby","events":[{"introduced":"0"},{"fixed":"7168bd79b888900aa94523301126f968a93eb3a6"}]},{"type":"GIT","repo":"https://github.com/brianmario/yajl-ruby","events":[{"introduced":"0"},{"fixed":"7168bd79b888900aa94523301126f968a93eb3a6"}]}],"versions":["0.1.0","0.2.0","0.2.1","0.3.0","0.3.1","0.3.2","0.3.3","0.3.4","0.4.0","0.4.1","0.4.2","0.4.3","0.4.4","0.4.5","0.4.6","0.4.7","0.4.8","0.4.9","0.5.0","0.5.1","0.5.10","0.5.11","0.5.12","0.5.2","0.5.3","0.5.4","0.5.5","0.5.6","0.5.7","0.5.8","0.5.9","0.6.0","0.6.1","0.6.2","0.6.3","0.6.4","0.6.5","0.6.6","0.6.7","0.6.8","0.6.9","0.7.0","0.7.1","0.7.2","0.7.3","0.7.4","0.7.5","0.7.6","0.7.7","0.7.8","0.7.9","0.8.0","0.8.1","0.8.2","0.8.3","1.0.0","1.1.0","1.2.0","1.2.1","1.2.2","1.2.3","1.3.0","1.3.1","1.4.0","1.4.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-24795.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}