Bug 1066565 - (CVE-2017-16516) VUL-1: CVE-2017-16516: rubygem-yajl-ruby: Crafted JSON file allows to crash ruby process with a SIGABRT in the yajl_string_decode function in yajl_encode.c
VUL-1: CVE-2017-16516: rubygem-yajl-ruby: Crafted JSON file allows to crash r...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
Other Other
: P4 - Low : Normal
: ---
Assigned To: Rick Salevsky
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2017-11-06 07:38 UTC by Johannes Segitz
Modified: 2018-03-23 12:31 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

/usr/bin/ruby poc.rb bar (10.00 KB, application/x-tar)
2017-11-06 07:38 UTC, Johannes Segitz

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2017-11-06 07:38:11 UTC
Created attachment 747168 [details]
/usr/bin/ruby poc.rb bar


In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to
Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the
yajl_string_decode function in yajl_encode.c. This results in the whole ruby
process terminating and potentially a denial of service.

42.3/factory have this and poc triggers. SLE 12 GA probably also affected

Comment 1 Vincent Untz 2017-11-06 08:29:55 UTC
Rick: I guess you're better than me for the gems :-) Feel free to reassign, though.
Comment 2 Rick Salevsky 2017-11-14 11:56:15 UTC
The issue is fixed in 1.3.1, I will make sure to update it everywhere.
Comment 4 Swamp Workflow Management 2017-12-21 20:13:36 UTC
SUSE-RU-2017:3408-1: An update that fixes one vulnerability is now available.

Category: recommended (moderate)
Bug References: 1066565
CVE References: CVE-2017-1651
Sources used:
SUSE OpenStack Cloud 7 (src):    rubygem-yajl-ruby-1.3.1-4.3.2
SUSE OpenStack Cloud 6 (src):    rubygem-yajl-ruby-1.3.1-4.3.2
SUSE Enterprise Storage 4 (src):    rubygem-yajl-ruby-1.3.1-4.3.2
SUSE Enterprise Storage 3 (src):    rubygem-yajl-ruby-1.3.1-4.3.2
Comment 5 Rick Salevsky 2018-03-23 10:40:14 UTC
@Johannes: Can we close this bug?
Comment 6 Johannes Segitz 2018-03-23 12:31:00 UTC
(In reply to Rick Salevsky from comment #5)
yes, can be closed. In general you can assign security issues that are done from you POV to security-team and we take it from here