mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-29 17:50:34 +00:00
816 B
816 B
CVE-2024-25713
Description
yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and pool_realloc.)
POC
Reference
- https://github.com/ibireme/yyjson/security/advisories/GHSA-q4m7-9pcm-fpxh
- https://github.com/ibireme/yyjson/security/advisories/GHSA-q4m7-9pcm-fpxh