ydb - Mirror of YDB github repos

diff options

author	npt-1707 <npthanh132@gmail.com>	2025-04-25 10:58:12 +0300
committer	elen-volodina <elen-volodina@yandex-team.com>	2025-04-25 11:26:12 +0300
commit	cfebe541fcfef308a239dfa26d420782308114da (patch)
tree	f87ec96637966d87e2a5bcd1f72670c5bbe15bde /contrib/tools/python3/Python/pythonrun.c
parent	572c8fcca66153dcd453df8f7ec3a467f97e9876 (diff)
download	ydb-cfebe541fcfef308a239dfa26d420782308114da.tar.gz

Fix for CVE-2023-33460: Memory leak in yajl 2.1.0 with use of yajl_tree_parse function

### Changelog entry ... ### Changelog category * Bugfix ### Description for reviewers This PR fixes a security vulnerability in yajl\_tree\_parse() that was cloned from yaml but did not receive the security patch. The original issue was reported and fixed under [likema/yajl@31531a6](https://github.com/likema/yajl/commit/31531a6e6b5641398237ce15b7e62da02d975fc6). This PR applies the same patch to eliminate the vulnerability. References [GHSA-cqgm-m7h3-xgwm](https://github.com/advisories/GHSA-cqgm-m7h3-xgwm "GHSA-cqgm-m7h3-xgwm") <https://nvd.nist.gov/vuln/detail/CVE-2023-33460> [likema/yajl@31531a6](https://github.com/likema/yajl/commit/31531a6e6b5641398237ce15b7e62da02d975fc6) --- Pull Request resolved: <https://github.com/ydb-platform/ydb/pull/17570> commit_hash:d022109c9836673d185db1ffab7e1064ab8f561d

Diffstat (limited to 'contrib/tools/python3/Python/pythonrun.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: