CVE-2026-24825

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2026-24825

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24825.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2026-24825

Published

2026-01-27T09:15:53.347Z

Modified

2026-03-13T04:09:04.823292Z

Severity

6.9 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:Y/R:U/V:D/RE:L/U:Amber CVSS Calculator

Summary

[none]

Details

Missing Release of Memory after Effective Lifetime vulnerability in ydb-platform ydb (contrib/libs/yajl modules). This vulnerability is associated with program files yail_tree.C.

This issue affects ydb: through 24.4.4.2.

References

https://github.com/ydb-platform/ydb/pull/17570

Affected packages

Git / github.com/ydb-platform/ydb

Affected ranges

Type

GIT

Repo

https://github.com/ydb-platform/ydb

Events

Introduced

Last affected

fd1e65b06629d970ecd292e285fc34861850c950

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "24.4.4.2."
        }
    ]
}

Affected versions

24.*

24.1.1

24.3.10

24.3.11

24.3.12

24.3.13

24.3.14

24.3.15

24.3.3

24.3.4

24.3.5

24.3.6

24.3.7

24.3.8

24.3.9

24.4.1

24.4.2

24.4.3

24.4.4

24.4.4.1

24.4.4.2

CLI_2.*

CLI_2.0.1

CLI_2.1.0

CLI_2.1.1

CLI_2.10.0

CLI_2.2.0

CLI_2.3.0

CLI_2.4.0

CLI_2.5.0

CLI_2.6.0

CLI_2.7.0

CLI_2.8.0

CLI_2.9.0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-24825.json"