CVE-2017-16516: Denial of Service via SIGABRT

November 3, 2017 (updated March 10, 2020)

In the yajl-ruby gem for Ruby, when a crafted JSON file is supplied to Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the yajl_string_decodefunction inyajl_encode.c.` This results in the whole ruby process terminating and potentially a denial of service.

References

github.com/brianmario/yajl-ruby/issues/176
nvd.nist.gov/vuln/detail/CVE-2017-16516

Detect and mitigate CVE-2017-16516 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →