CVE-2023-33460

Published: 6 June 2023

There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.

Notes

Author	Note
alexmurray	argyll and r-cran-jsonlite appear to vendor a copy of yajl
mdeslaur	as of 2023-06-07, there is no fix available from the upstream yajl project

6.5

Package	Release	Status
yajl Launchpad, Ubuntu, Debian	focal	Needed
	jammy	Needed
	kinetic	Ignored (end of life, was needed)
	lunar	Needed
	trusty	Released (2.0.4-4ubuntu0.1~esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
	xenial	Released (2.1.0-2ubuntu0.16.04.1~esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
	bionic	Released (2.1.0-2ubuntu0.18.04.1~esm1) Available with Ubuntu Pro or Ubuntu Pro (Infra-only)
	upstream	Released (2.1.0-3+deb10u2)
	Patches: other: https://github.com/openEuler-BaseService/yajl/commit/3d65cb0c6db4d433e5e42ee7d91d8a04e21337cf other: https://github.com/openEuler-BaseService/yajl/commit/23a122eddaa28165a6c219000adcc31ff9a8a698
argyll Launchpad, Ubuntu, Debian	trusty	Ignored (end of standard support)
	xenial	Needs triage
	bionic	Needs triage
	focal	Needs triage
	jammy	Needs triage
	kinetic	Ignored (end of life, was needs-triage)
	lunar	Needs triage
	upstream	Needs triage
r-cran-jsonlite Launchpad, Ubuntu, Debian	trusty	Ignored (end of standard support)
	xenial	Needs triage
	bionic	Needs triage
	focal	Needs triage
	jammy	Needs triage
	kinetic	Ignored (end of life, was needs-triage)
	lunar	Needs triage
	upstream	Needs triage

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.