CVE-2023-33460: There's a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash. Seems there's a patch available.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=292d37d5785fef12129973cd07a2f7731303d989 commit 292d37d5785fef12129973cd07a2f7731303d989 Author: Hans de Graaff <graaff@gentoo.org> AuthorDate: 2023-07-09 05:55:48 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-07-09 05:55:57 +0000 dev-libs/yajl: update EAPI 7 -> 8, fix memory leak Bug: https://bugs.gentoo.org/908036 Signed-off-by: Hans de Graaff <graaff@gentoo.org> dev-libs/yajl/files/yajl-2.1.0-memory-leak.patch | 23 +++++++++++++++ dev-libs/yajl/yajl-2.1.0-r4.ebuild | 37 ++++++++++++++++++++++++ 2 files changed, 60 insertions(+)
Cleanup done.
GLSA vote: no.