Rubysec

Providing security resources for the Ruby community.
Follow us @rubysec or email us via info at rubysec.com

Advisory Archive

Back

---
gem: yajl-ruby
date: 2017-11-03
url: https://nvd.nist.gov/vuln/detail/CVE-2017-16516
cve: 2017-16516
title: Flaw in yajl-ruby gem may cause a DoS
description: "In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied
  to\nYajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the
  \nyajl_string_decode function in yajl_encode.c. This results in the whole ruby \nprocess
  terminating and potentially a denial of service.\n"
patched_versions:
- ">= 1.3.1"
related:
  url: '["https://github.com/brianmario/yajl-ruby/issues/176"]'