Security update for rubygem-yajl-ruby SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:1918-1 Final 1 1 2022-06-02T08:48:36Z current 2022-06-02T08:48:36Z 2022-06-02T08:48:36Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for rubygem-yajl-ruby This update for rubygem-yajl-ruby fixes the following issue: -CVE-2022-24795: Fixed a heap-based buffer overflow when handling large inputs due to an integer overflow (bsc#1198405) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2022-1918,SUSE-OpenStack-Cloud-Crowbar-8-2022-1918,SUSE-OpenStack-Cloud-Crowbar-9-2022-1918 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20221918-1/ Link for SUSE-SU-2022:1918-1 https://lists.suse.com/pipermail/sle-security-updates/2022-June/011222.html E-Mail link for SUSE-SU-2022:1918-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1198405 SUSE Bug 1198405 https://www.suse.com/security/cve/CVE-2022-24795/ SUSE CVE CVE-2022-24795 page SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 ruby2.1-rubygem-yajl-ruby-1.3.1-4.6.1 ruby2.1-rubygem-yajl-ruby-doc-1.3.1-4.6.1 ruby2.1-rubygem-yajl-ruby-testsuite-1.3.1-4.6.1 ruby2.1-rubygem-yajl-ruby-1.3.1-4.6.1 as a component of SUSE OpenStack Cloud Crowbar 8 ruby2.1-rubygem-yajl-ruby-1.3.1-4.6.1 as a component of SUSE OpenStack Cloud Crowbar 9 yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL. CVE-2022-24795 SUSE OpenStack Cloud Crowbar 8:ruby2.1-rubygem-yajl-ruby-1.3.1-4.6.1 SUSE OpenStack Cloud Crowbar 9:ruby2.1-rubygem-yajl-ruby-1.3.1-4.6.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20221918-1/ https://www.suse.com/security/cve/CVE-2022-24795.html CVE-2022-24795 https://bugzilla.suse.com/1198405 SUSE Bug 1198405