How severe is CVE-2022-24795?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2022-24795?

This is classified as CWE-122, which is a common weakness in software security.

CVE-2022-24795

HIGH Year: 2022

CVSS v3 Score

7.5

High

CVSS v2 Score

5.0

Medium

Weakness Type

CWE-122

View all →

Vulnerability Description

yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.

CVE-2017-2591

HIGH

CVSS:7.5(High)

389-ds-base before version 1.3.6 is vulnerable to an improperly NULL terminated array in the uniqueness_entry_to_config() function in the "attribute uniqueness" plugin of 389 Directory Server. An auth...

CWE-1222017

CVE-2018-1089

HIGH

CVSS:7.5(High)

389-ds-base before versions 1.4.0.9, 1.3.8.1, 1.3.6.15 did not properly handle long search filters with characters needing escapes, possibly leading to buffer overflows. A remote, unauthenticated atta...

CWE-1222018

CVE-2018-1123

HIGH

CVSS:7.5(High)

procps-ng before version 3.3.15 is vulnerable to a denial of service in ps via mmap buffer overflow. Inbuilt protection in ps maps a guard page at the end of the overflowed buffer, ensuring that the i...

CWE-1222018

CVE-2018-14821

HIGH

CVSS:7.5(High)

Rockwell Automation RSLinx Classic Versions 4.00.01 and prior. This vulnerability may allow a remote, unauthenticated threat actor to intentionally send a malformed CIP packet to Port 44818, causing t...

CWE-1222018

CVE-2018-18981

HIGH

CVSS:7.5(High)

In Rockwell Automation FactoryTalk Services Platform 2.90 and earlier, a remote unauthenticated attacker could send numerous crafted packets to service ports resulting in memory consumption that could...

CWE-1222018

CVE-2018-19093

HIGH

CVSS:7.5(High)

An issue has been found in libIEC61850 v1.3. It is a SEGV in ControlObjectClient_setCommandTerminationHandler in client/client_control.c. NOTE: the software maintainer disputes this because it require...

CWE-1222018

CVE-2022-24795

Vulnerability Description

Related Vulnerabilities

CVE-2017-2591

CVE-2018-1089

CVE-2018-1123

CVE-2018-14821

CVE-2018-18981

CVE-2018-19093