Bug 1066565 – VUL-1: CVE-2017-16516: rubygem-yajl-ruby: Crafted JSON file allows to crash ruby process with a SIGABRT in the yajl_string_decode function in yajl_encode.c

Bug 1066565 - (CVE-2017-16516) VUL-1: CVE-2017-16516: rubygem-yajl-ruby: Crafted JSON file allows to crash ruby process with a SIGABRT in the yajl_string_decode function in yajl_encode.c

(CVE-2017-16516)
Summary:	VUL-1: CVE-2017-16516: rubygem-yajl-ruby: Crafted JSON file allows to crash r...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assigned To:	Rick Salevsky
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/194463/
Whiteboard:	CVSSv2:SUSE:CVE-2017-16516:5.0:(AV:N/...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2017-11-06 07:38 UTC by Johannes Segitz
Modified:	2018-03-23 12:31 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
/usr/bin/ruby poc.rb bar (10.00 KB, application/x-tar) 2017-11-06 07:38 UTC, Johannes Segitz	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2017-11-06 07:38:11 UTC

Created attachment 747168 [details]
/usr/bin/ruby poc.rb bar

CVE-2017-16516

In the yajl-ruby gem 1.3.0 for Ruby, when a crafted JSON file is supplied to
Yajl::Parser.new.parse, the whole ruby process crashes with a SIGABRT in the
yajl_string_decode function in yajl_encode.c. This results in the whole ruby
process terminating and potentially a denial of service.

42.3/factory have this and poc triggers. SLE 12 GA probably also affected

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-16516
http://www.cvedetails.com/cve/CVE-2017-16516/
https://github.com/brianmario/yajl-ruby/issues/176
https://rubygems.org/gems/yajl-ruby

Comment 1 Vincent Untz 2017-11-06 08:29:55 UTC

Rick: I guess you're better than me for the gems :-) Feel free to reassign, though.

Comment 2 Rick Salevsky 2017-11-14 11:56:15 UTC

The issue is fixed in 1.3.1, I will make sure to update it everywhere.

Comment 4 Swamp Workflow Management 2017-12-21 20:13:36 UTC

SUSE-RU-2017:3408-1: An update that fixes one vulnerability is now available.

Category: recommended (moderate)
Bug References: 1066565
CVE References: CVE-2017-1651
Sources used:
SUSE OpenStack Cloud 7 (src):    rubygem-yajl-ruby-1.3.1-4.3.2
SUSE OpenStack Cloud 6 (src):    rubygem-yajl-ruby-1.3.1-4.3.2
SUSE Enterprise Storage 4 (src):    rubygem-yajl-ruby-1.3.1-4.3.2
SUSE Enterprise Storage 3 (src):    rubygem-yajl-ruby-1.3.1-4.3.2

Comment 5 Rick Salevsky 2018-03-23 10:40:14 UTC

@Johannes: Can we close this bug?

Comment 6 Johannes Segitz 2018-03-23 12:31:00 UTC

(In reply to Rick Salevsky from comment #5)
yes, can be closed. In general you can assign security issues that are done from you POV to security-team and we take it from here