{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-24825", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2026-01-27T08:59:05.366Z", "datePublished": "2026-01-27T09:02:51.165Z", "dateUpdated": "2026-01-27T16:57:43.248Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://github.com/ydb-platform/ydb", "defaultStatus": "unaffected", "modules": ["contrib/libs/yajl"], "product": "ydb", "programFiles": ["yail_tree.c"], "vendor": "ydb-platform", "versions": [{"lessThanOrEqual": "24.4.4.2", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Release of Memory after Effective Lifetime vulnerability in ydb-platform ydb (contrib/libs/yajl modules).<p> This vulnerability is associated with program files <tt>yail_tree.C</tt>.</p><p>This issue affects ydb: through 24.4.4.2.</p>"}], "value": "Missing Release of Memory after Effective Lifetime vulnerability in ydb-platform ydb (contrib/libs/yajl modules). This vulnerability is associated with program files yail_tree.C.\n\nThis issue affects ydb: through 24.4.4.2."}], "metrics": [{"cvssV4_0": {"Automatable": "YES", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 6.9, "baseSeverity": "MEDIUM", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/S:N/AU:Y/R:U/V:D/RE:L/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T09:02:51.165Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/ydb-platform/ydb/pull/17570"}], "source": {"discovery": "UNKNOWN"}, "title": "a memory leak in ydb-platform/ydb with use of yajl_tree_parse function from src/yail module, which will cause out-of-memory in server and cause crash.", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-27T16:57:33.509521Z", "id": "CVE-2026-24825", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T16:57:43.248Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-24825", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-27T16:57:33.509521Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-27T16:57:39.717Z"}}], "cna": {"title": "a memory leak in ydb-platform/ydb with use of yajl_tree_parse function from src/yail module, which will cause out-of-memory in server and cause crash.", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "USER", "baseScore": 6.9, "Automatable": "YES", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/S:N/AU:Y/R:U/V:D/RE:L/U:Amber", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "AMBER", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "ydb-platform", "modules": ["contrib/libs/yajl"], "product": "ydb", "versions": [{"status": "affected", "version": "0", "versionType": "git", "lessThanOrEqual": "24.4.4.2"}], "programFiles": ["yail_tree.c"], "collectionURL": "https://github.com/ydb-platform/ydb", "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/ydb-platform/ydb/pull/17570", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Missing Release of Memory after Effective Lifetime vulnerability in ydb-platform ydb (contrib/libs/yajl modules). This vulnerability is associated with program files yail_tree.C.\n\nThis issue affects ydb: through 24.4.4.2.", "supportingMedia": [{"type": "text/html", "value": "Missing Release of Memory after Effective Lifetime vulnerability in ydb-platform ydb (contrib/libs/yajl modules).<p> This vulnerability is associated with program files <tt>yail_tree.C</tt>.</p><p>This issue affects ydb: through 24.4.4.2.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-401", "description": "CWE-401 Missing Release of Memory after Effective Lifetime"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2026-01-27T09:02:51.165Z"}}}, "cveMetadata": {"cveId": "CVE-2026-24825", "state": "PUBLISHED", "dateUpdated": "2026-01-27T16:57:43.248Z", "dateReserved": "2026-01-27T08:59:05.366Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2026-01-27T09:02:51.165Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Release of Memory after Effective Lifetime vulnerability in ydb-platform ydb (contrib/libs/yajl modules). This vulnerability is associated with program files yail_tree.C.\n\nThis issue affects ydb: through 24.4.4.2."}, {"lang": "es", "value": "Vulnerabilidad de falta de liberaci\u00f3n de memoria despu\u00e9s de la vida \u00fatil efectiva en ydb-platform ydb (m\u00f3dulos contrib/libs/yajl). Esta vulnerabilidad est\u00e1 asociada con los archivos de programa yail_tree.C.\n\nEste problema afecta a ydb: hasta 24.4.4.2."}], "id": "CVE-2026-24825", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "YES", "Recovery": "USER", "Safety": "NEGLIGIBLE", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "AMBER", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:L/U:Amber", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "LOW"}, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2026-01-27T09:15:53.347", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/ydb-platform/ydb/pull/17570"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-401"}], "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}

{"bugzilla": {"description": "ydb: ydb: Denial of Service via memory leak", "id": "2433231", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2433231"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "CWE-401", "details": ["No description is available for this CVE."], "name": "CVE-2026-24825", "package_state": [{"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Under investigation", "package_name": "openshift-logging/cluster-logging-operator-bundle", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Under investigation", "package_name": "openshift-logging/cluster-logging-rhel9-operator", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Under investigation", "package_name": "openshift-logging/eventrouter-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Under investigation", "package_name": "openshift-logging/fluentd-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Under investigation", "package_name": "openshift-logging/fluentd-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Under investigation", "package_name": "openshift-logging/log-file-metric-exporter-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Under investigation", "package_name": "openshift-logging/logging-view-plugin-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Under investigation", "package_name": "openshift-logging/vector-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Under investigation", "package_name": "3scale-amp20/backend", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Under investigation", "package_name": "3scale-amp21/backend", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Under investigation", "package_name": "3scale-amp21/zync", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Under investigation", "package_name": "3scale-amp22/backend", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Under investigation", "package_name": "3scale-amp22/zync", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Under investigation", "package_name": "3scale-amp24/backend", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Under investigation", "package_name": "3scale-amp24/zync", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Under investigation", "package_name": "3scale-amp25/backend", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Under investigation", "package_name": "3scale-amp25/zync", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Under investigation", "package_name": "3scale-amp26/backend", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Under investigation", "package_name": "3scale-amp26/zync", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Under investigation", "package_name": "3scale-amp2/backend-rhel7", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Under investigation", "package_name": "3scale-amp2/backend-rhel8", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Under investigation", "package_name": "3scale-amp2/zync-rhel7", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Under investigation", "package_name": "3scale-amp2/zync-rhel8", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Under investigation", "package_name": "3scale-amp2/zync-rhel9", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "yajl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "yajl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Under investigation", "package_name": "yajl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Under investigation", "package_name": "yajl", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Under investigation", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-01-27T09:02:51Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-24825\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-24825\nhttps://github.com/ydb-platform/ydb/pull/17570"], "statement": "This MODERATE impact memory leak in the yajl modules of ydb can lead to a Denial of Service. A remote attacker could exploit this vulnerability by repeatedly triggering memory allocations without proper deallocation, causing resource exhaustion..", "threat_severity": "Moderate"}

{"analysis": {"en": {"generated_at": "2026-04-18T14:52:29.348546+00:00", "value": {"mitigation_remediation": ["Apply the vendor\u2019s latest release or patch that fixes the memory leak in the yajl_tree_parse component.", "As an interim control, constrain the size of JSON data accepted by the server or pre-validate incoming data to prevent excessive memory allocation.", "Implement monitoring of server memory usage and configure alerts for sudden memory spikes to detect leaks early."], "summary": {"action": "Apply Patch", "impact": "Denial of Service due to out-of-memory crash"}, "threat_synthesis": {"affected_systems": "ydb-platform ydb versions up to and including 24.4.4.2 are affected. All installations of this version running the default server component are susceptible to the memory leak unless a newer release is deployed.", "description_and_impact": "The vulnerability is a missing release of memory after the effective lifetime in the yajl_tree_parse function within the ydb-platform/ydb contrib/libs/yajl modules. When the server processes input that triggers this function, the allocated memory is never freed, leading to progressive exhaustion of system memory and eventually causing the server to crash. The primary consequence of this flaw is a denial of service, where legitimate services become unavailable as the database process terminates.", "risk_and_exploitability": "With a CVSS score of 6.9, the flaw poses a medium severity risk. The EPSS score of less than 1% indicates a low probability of exploitation at this time, and the vulnerability is not currently listed in the CISA KEV catalog. The likely attack vector is through parsing of malicious or overly large JSON payloads processed by the server, which can be triggered remotely over the network if the input endpoint is exposed. No known mitigations are publicly documented beyond applying a patch that releases the allocated memory."}}}}, "created": "2026-01-27T20:16:50.897155+00:00", "updated": "2026-04-18T15:00:03.445011+00:00", "vendors": ["ydb", "ydb$PRODUCT$ydb"]}