CVE-2022-24795: CWE-122: Heap-based Buffer Overflow in brianmario yajl-ruby
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.
AI Analysis
Technical Summary
CVE-2022-24795 is a medium-severity heap-based buffer overflow vulnerability affecting the yajl-ruby library, which provides C bindings to the YAJL JSON parsing and generation library. The vulnerability arises from an integer overflow in the reallocation logic within the yajl_buf.c source file, specifically at line 64. When processing very large JSON inputs approaching 2GB in size (~0x80000000 bytes), the 32-bit integer variable 'need' used for buffer size calculation can wrap around to zero due to integer overflow. This causes the buffer reallocation to allocate a much smaller heap chunk than required. Subsequently, when the buffer is populated based on the original large size, heap memory corruption occurs. This issue primarily affects 32-bit builds of yajl-ruby where size_t is a 32-bit integer. In contrast, 64-bit builds use a 64-bit size_t, which effectively prevents this overflow from triggering. The vulnerability mainly impacts process availability by causing crashes or memory corruption, but maintainers consider exploitation for arbitrary code execution unlikely. The affected versions are yajl-ruby versions up to and including 1.4.1. A patch is expected in version 1.4.2. As a temporary mitigation, users are advised to avoid passing extremely large JSON inputs (~2GB) to the library. No known exploits have been reported in the wild. This vulnerability is categorized under CWE-122 (heap-based buffer overflow) and CWE-190 (integer overflow or wraparound).
Potential Impact
For European organizations, the primary impact of this vulnerability is potential denial of service (DoS) due to application crashes or instability when processing large JSON payloads using vulnerable versions of yajl-ruby on 32-bit systems. This could disrupt services that rely on JSON parsing, such as web applications, APIs, or data processing pipelines. While arbitrary code execution is considered unlikely, the memory corruption could still lead to unpredictable behavior or data integrity issues. Organizations using legacy or embedded 32-bit environments are at higher risk. The impact is less severe on modern 64-bit systems where the vulnerability is effectively mitigated by the larger size_t type. However, any critical infrastructure or services in Europe that still rely on 32-bit builds of yajl-ruby, especially in sectors like finance, healthcare, or government, could face availability disruptions. Additionally, supply chain dependencies that incorporate yajl-ruby in their software stacks may propagate the risk. Given the lack of known exploits, the immediate threat level is moderate, but unpatched systems remain vulnerable to potential targeted DoS attacks or accidental crashes from malformed large JSON inputs.
Mitigation Recommendations
1. Upgrade yajl-ruby to version 1.4.2 or later as soon as it becomes available to apply the official patch addressing the integer overflow and buffer reallocation logic. 2. In the interim, implement input validation to restrict JSON payload sizes well below the ~2GB threshold that triggers the vulnerability, effectively preventing the integer overflow condition. 3. Where possible, migrate affected applications from 32-bit to 64-bit environments to leverage the inherent protection from larger size_t types. 4. Employ runtime memory protection mechanisms such as AddressSanitizer or heap protection tools during development and testing to detect and mitigate heap corruption issues early. 5. Monitor application logs and crash reports for signs of heap corruption or unexpected terminations related to JSON parsing. 6. Review and audit third-party dependencies and supply chains to identify indirect usage of vulnerable yajl-ruby versions, and coordinate patching accordingly. 7. For critical services, consider implementing rate limiting or input size restrictions at the network or application layer to prevent large JSON payloads from reaching vulnerable parsers. 8. Educate development teams about safe JSON handling practices and the risks of processing excessively large inputs.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Belgium, Sweden, Finland
CVE-2022-24795: CWE-122: Heap-based Buffer Overflow in brianmario yajl-ruby
Description
yajl-ruby is a C binding to the YAJL JSON parsing and generation library. The 1.x branch and the 2.x branch of `yajl` contain an integer overflow which leads to subsequent heap memory corruption when dealing with large (~2GB) inputs. The reallocation logic at `yajl_buf.c#L64` may result in the `need` 32bit integer wrapping to 0 when `need` approaches a value of 0x80000000 (i.e. ~2GB of data), which results in a reallocation of buf->alloc into a small heap chunk. These integers are declared as `size_t` in the 2.x branch of `yajl`, which practically prevents the issue from triggering on 64bit platforms, however this does not preclude this issue triggering on 32bit builds on which `size_t` is a 32bit integer. Subsequent population of this under-allocated heap chunk is based on the original buffer size, leading to heap memory corruption. This vulnerability mostly impacts process availability. Maintainers believe exploitation for arbitrary code execution is unlikely. A patch is available and anticipated to be part of yajl-ruby version 1.4.2. As a workaround, avoid passing large inputs to YAJL.
AI-Powered Analysis
Technical Analysis
CVE-2022-24795 is a medium-severity heap-based buffer overflow vulnerability affecting the yajl-ruby library, which provides C bindings to the YAJL JSON parsing and generation library. The vulnerability arises from an integer overflow in the reallocation logic within the yajl_buf.c source file, specifically at line 64. When processing very large JSON inputs approaching 2GB in size (~0x80000000 bytes), the 32-bit integer variable 'need' used for buffer size calculation can wrap around to zero due to integer overflow. This causes the buffer reallocation to allocate a much smaller heap chunk than required. Subsequently, when the buffer is populated based on the original large size, heap memory corruption occurs. This issue primarily affects 32-bit builds of yajl-ruby where size_t is a 32-bit integer. In contrast, 64-bit builds use a 64-bit size_t, which effectively prevents this overflow from triggering. The vulnerability mainly impacts process availability by causing crashes or memory corruption, but maintainers consider exploitation for arbitrary code execution unlikely. The affected versions are yajl-ruby versions up to and including 1.4.1. A patch is expected in version 1.4.2. As a temporary mitigation, users are advised to avoid passing extremely large JSON inputs (~2GB) to the library. No known exploits have been reported in the wild. This vulnerability is categorized under CWE-122 (heap-based buffer overflow) and CWE-190 (integer overflow or wraparound).
Potential Impact
For European organizations, the primary impact of this vulnerability is potential denial of service (DoS) due to application crashes or instability when processing large JSON payloads using vulnerable versions of yajl-ruby on 32-bit systems. This could disrupt services that rely on JSON parsing, such as web applications, APIs, or data processing pipelines. While arbitrary code execution is considered unlikely, the memory corruption could still lead to unpredictable behavior or data integrity issues. Organizations using legacy or embedded 32-bit environments are at higher risk. The impact is less severe on modern 64-bit systems where the vulnerability is effectively mitigated by the larger size_t type. However, any critical infrastructure or services in Europe that still rely on 32-bit builds of yajl-ruby, especially in sectors like finance, healthcare, or government, could face availability disruptions. Additionally, supply chain dependencies that incorporate yajl-ruby in their software stacks may propagate the risk. Given the lack of known exploits, the immediate threat level is moderate, but unpatched systems remain vulnerable to potential targeted DoS attacks or accidental crashes from malformed large JSON inputs.
Mitigation Recommendations
1. Upgrade yajl-ruby to version 1.4.2 or later as soon as it becomes available to apply the official patch addressing the integer overflow and buffer reallocation logic. 2. In the interim, implement input validation to restrict JSON payload sizes well below the ~2GB threshold that triggers the vulnerability, effectively preventing the integer overflow condition. 3. Where possible, migrate affected applications from 32-bit to 64-bit environments to leverage the inherent protection from larger size_t types. 4. Employ runtime memory protection mechanisms such as AddressSanitizer or heap protection tools during development and testing to detect and mitigate heap corruption issues early. 5. Monitor application logs and crash reports for signs of heap corruption or unexpected terminations related to JSON parsing. 6. Review and audit third-party dependencies and supply chains to identify indirect usage of vulnerable yajl-ruby versions, and coordinate patching accordingly. 7. For critical services, consider implementing rate limiting or input size restrictions at the network or application layer to prevent large JSON payloads from reaching vulnerable parsers. 8. Educate development teams about safe JSON handling practices and the risks of processing excessively large inputs.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2022-02-10T00:00:00.000Z
- Cisa Enriched
- true
Threat ID: 682d9848c4522896dcbf6351
Added to database: 5/21/2025, 9:09:28 AM
Last enriched: 6/22/2025, 2:36:55 AM
Last updated: 8/14/2025, 10:33:34 PM
Views: 16
Related Threats
CVE-2025-8293: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Theerawat Patthawee Intl DateTime Calendar
MediumCVE-2025-7686: CWE-352 Cross-Site Request Forgery (CSRF) in lmyoaoa weichuncai(WP伪春菜)
MediumCVE-2025-7684: CWE-352 Cross-Site Request Forgery (CSRF) in remysharp Last.fm Recent Album Artwork
MediumCVE-2025-7683: CWE-352 Cross-Site Request Forgery (CSRF) in janyksteenbeek LatestCheckins
MediumCVE-2025-7668: CWE-352 Cross-Site Request Forgery (CSRF) in timothyja Linux Promotional Plugin
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.