nvd-json-data-feeds/CVE-2024/CVE-2024-257xx/CVE-2024-25713.json

{
  "id": "CVE-2024-25713",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-02-29T01:44:16.333",
  "lastModified": "2024-04-19T23:15:10.380",
  "vulnStatus": "Awaiting Analysis",
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and pool_realloc.)"
    },
    {
      "lang": "es",
      "value": "yyjson hasta 0.8.0 tiene un doble free, lo que lleva a la ejecuci\u00f3n remota de c\u00f3digo en algunos casos, porque la funci\u00f3n pool_free carece de comprobaciones de bucle. (pool_free es parte del asignador de series de grupos, junto con pool_malloc y pool_realloc)."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://github.com/ibireme/yyjson/security/advisories/GHSA-q4m7-9pcm-fpxh",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KQ67T4R7QEWURW5NMCCVLTBASL4ECHE/",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NNICQVIF7BRYFWYRL3HPVAJIPXN4OVTX/",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TKQPEREDUDKGYJMFNFDQVYCVLWDRO2Y2/",
      "source": "cve@mitre.org"
    }
  ]
}