Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Ubuntu 23.10: 2024-4723b80128 Critical Vulnerability in json_parser

fedora
Calendar Grey April 17, 2024
Dist Fedora Esm H88
Patch for CVE-2024-25713 in yyjson version 0.9.0 has been released for Fedora. Users can now update and install it through DNF package manager.
Update to 0.9.0; fix rhbz#2274045 and rhbz#2266791; Security fix for CVE-2024-25713

Summary

A high performance JSON library written in ANSI C.

Features

- Fast: can read or write gigabytes per second JSON data on modern CPUs.

- Portable: complies with ANSI C (C89) for cross-platform compatibility.

- Strict: complies with RFC 8259 JSON standard, ensuring strict number format

and UTF-8 validation.

- Extendable: offers options to allow comments, trailing commas, NaN/Inf, and

custom memory allocator.

- Accuracy: can accurately read and write int64, uint64, and double numbers.

- Flexible: supports unlimited JSON nesting levels, \u0000 characters, and non

null-terminated strings.

- Manipulation: supports querying and modifying using JSON Pointer, JSON Patch

and JSON Merge Patch.

- Developer-Friendly: easy integration with only one h and one c file.

Update Information:

Update to 0.9.0; fix rhbz#2274045 and rhbz#2266791; Security fix for CVE-2024-25713

Topics%20covered

Topics Covered

security advisory fedora remote code execution yyjson 2010 risk

Change Log

* Tue Apr 9 2024 topazus - 0.9.0-1 - Update to 0.9.0; fix rhbz#2274045 and rhbz#2266791 * Tue Jan 30 2024 topazus - 0.8.0-3 - Fix error of -Wno-implicit-int and -Wno-implicit-function-declaration * Sat Jan 27 2024 Fedora Release Engineering - 0.8.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild

References


[ 1 ] Bug #2266791 - CVE-2024-25713 yyjson: double free leading to remote code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2266791 [ 2 ] Bug #2274045 - yyjson-0.9.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2274045

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-4691d60717' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: yyjson
Product: Fedora 38
Version: 0.9.0
Release: 1.fc38
URL: https://github.com/ibireme/yyjson
Summary: A high performance JSON library written in ANSI C

Topics%20covered

Topics Covered

security advisory fedora remote code execution yyjson 2010 risk

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here