CVE-2023-33460

Description

There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.

How to fix CVE-2023-33460

To remediate CVE-2023-33460, upgrade the affected package to a fixed version below.

• Alpine/yajl—upgrade to 2.1.0-r9 or later
• Debian/r-cran-jsonlite—no fix listed
• —upgrade to 2.1.0-3+deb11u2 or later
• —upgrade to 2.1.0-3+deb10u1 or later

Is CVE-2023-33460 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (4)

• from 0, < 2.1.0-r9
• from 0
• from 0, < 2.1.0-3+deb11u2
• from 0, < 2.1.0-3+deb10u1

CVSS scores

References (2)

• ADVISORYsecurity.alpinelinux.org/vuln/CVE-2023-33460
• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2023-33460