CVE-2024-25713: yyjson has a Double Free vulnerability
(updated )
The pool series allocator (pool_malloc/pool_free/pool_realloc) by yysjon has a Double Free vulnerability, which may lead to arbitrary address writing and Denial of Service (DoS) attacks. Arbitrary address writing, combined with other legitimate or illegitimate operations of programs using this library, can lead to remote code execution.
References
- github.com/advisories/GHSA-whx6-m9j4-w2m2
- github.com/ibireme/yyjson
- github.com/ibireme/yyjson/commit/0eca326fe57aeeb866e6f04c9ef9ea9f8343157e
- github.com/ibireme/yyjson/security/advisories/GHSA-q4m7-9pcm-fpxh
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KQ67T4R7QEWURW5NMCCVLTBASL4ECHE
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NNICQVIF7BRYFWYRL3HPVAJIPXN4OVTX
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKQPEREDUDKGYJMFNFDQVYCVLWDRO2Y2
- nvd.nist.gov/vuln/detail/CVE-2024-25713
Detect and mitigate CVE-2024-25713 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →