CVE-2023-33460

Theres a memory leak in yajl 2.1.0 with use of yajl_tree_parse function. which will cause out-of-memory in server and cause crash.

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

Name	Vendor	Start Version	End Version
Yajl	Yajl_project	2.1.0 (including)	2.1.0 (including)
Red Hat Enterprise Linux 8	RedHat	yajl-0:2.1.0-12.el8	*
Red Hat Enterprise Linux 8.6 Extended Update Support	RedHat	yajl-0:2.1.0-13.el8_6	*
Red Hat Enterprise Linux 8.8 Extended Update Support	RedHat	yajl-0:2.1.0-12.el8_8	*
Red Hat Enterprise Linux 9	RedHat	yajl-0:2.1.0-22.el9	*
Argyll	Ubuntu	bionic	*
Argyll	Ubuntu	kinetic	*
Argyll	Ubuntu	lunar	*
Argyll	Ubuntu	mantic	*
Argyll	Ubuntu	trusty	*
Argyll	Ubuntu	xenial	*
R-cran-jsonlite	Ubuntu	bionic	*
R-cran-jsonlite	Ubuntu	kinetic	*
R-cran-jsonlite	Ubuntu	lunar	*
R-cran-jsonlite	Ubuntu	mantic	*
R-cran-jsonlite	Ubuntu	trusty	*
R-cran-jsonlite	Ubuntu	xenial	*
Yajl	Ubuntu	bionic	*
Yajl	Ubuntu	esm-infra/bionic	*
Yajl	Ubuntu	esm-infra/xenial	*
Yajl	Ubuntu	focal	*
Yajl	Ubuntu	jammy	*
Yajl	Ubuntu	kinetic	*
Yajl	Ubuntu	lunar	*
Yajl	Ubuntu	trusty	*
Yajl	Ubuntu	trusty/esm	*
Yajl	Ubuntu	upstream	*
Yajl	Ubuntu	xenial	*

Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.
For example, glibc in Linux provides protection against free of invalid pointers.
When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].
To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.

NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-33460
CWE	https://cwe.mitre.org/data/definitions/401.html

Missing Release of Memory after Effective Lifetime