CVE-2014-9130
6.1 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.018 Low
EPSS
Percentile
88.1%
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
| CPE | Name | Operator | Version |
|---|---|---|---|
| pyyaml:libyaml | pyyaml libyaml | eq | 0.1.6 |
| pyyaml:libyaml | pyyaml libyaml | eq | 0.1.5 |
References
advisories.mageia.org/MGASA-2014-0508.html
linux.oracle.com/errata/ELSA-2015-0100.html
lists.opensuse.org/opensuse-updates/2015-02/msg00078.html
lists.opensuse.org/opensuse-updates/2016-04/msg00050.html
rhn.redhat.com/errata/RHSA-2015-0100.html
rhn.redhat.com/errata/RHSA-2015-0112.html
rhn.redhat.com/errata/RHSA-2015-0260.html
secunia.com/advisories/59947
secunia.com/advisories/60944
secunia.com/advisories/62164
secunia.com/advisories/62174
secunia.com/advisories/62176
secunia.com/advisories/62705
secunia.com/advisories/62723
secunia.com/advisories/62774
www.debian.org/security/2014/dsa-3102
www.debian.org/security/2014/dsa-3103
www.debian.org/security/2014/dsa-3115
www.mandriva.com/security/advisories?name=MDVSA-2014:242
www.mandriva.com/security/advisories?name=MDVSA-2015:060
www.openwall.com/lists/oss-security/2014/11/28/1
www.openwall.com/lists/oss-security/2014/11/28/8
www.openwall.com/lists/oss-security/2014/11/29/3
www.securityfocus.com/bid/71349
www.ubuntu.com/usn/USN-2461-1
www.ubuntu.com/usn/USN-2461-2
www.ubuntu.com/usn/USN-2461-3
bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
exchange.xforce.ibmcloud.com/vulnerabilities/99047
puppet.com/security/cve/cve-2014-9130
Related
6.1 Medium
AI Score
Confidence
Low
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.018 Low
EPSS
Percentile
88.1%