LibYAML input sanitization errors

🗓️ 11 Mar 2014 00:00:00Reported by FreeBSDType

The LibYAML project in C is affected by a heap-based buffer overflow due to input sanitization errors, allowing arbitrary code execution via specially crafted YAML files

Reporter	Title	Published	Views	Family All 108
Tenable Nessus	Slackware 13.1 / 13.37 / 14.0 / 14.1 / current : libyaml (SSA:2014-111-01)	22 Apr 201400:00	–	nessus
Tenable Nessus	Mandriva Linux Security Advisory : yaml (MDVSA-2014:071)	10 Apr 201400:00	–	nessus
Tenable Nessus	Fedora 20 : libyaml-0.1.6-1.fc20 (2014-4440)	7 Apr 201400:00	–	nessus
Tenable Nessus	FreeBSD : LibYAML input sanitization errors (580cc46b-bb1e-11e3-b144-2c4138874f7d)	4 Apr 201400:00	–	nessus
Tenable Nessus	Ubuntu 12.04 LTS / 12.10 / 13.10 : libyaml vulnerability (USN-2160-1)	4 Apr 201400:00	–	nessus
Tenable Nessus	Amazon Linux AMI : libyaml (ALAS-2014-321)	23 Apr 201400:00	–	nessus
Tenable Nessus	Fedora 19 : libyaml-0.1.6-1.fc19 (2014-4438)	7 Apr 201400:00	–	nessus
Tenable Nessus	Debian DSA-2885-1 : libyaml-libyaml-perl - security update	27 Mar 201400:00	–	nessus
Tenable Nessus	openSUSE Security Update : libyaml (openSUSE-SU-2014:0500-1)	13 Jun 201400:00	–	nessus
Tenable Nessus	GLSA-201405-27 : LibYAML: Arbitrary code execution	25 May 201400:00	–	nessus

Source	Link
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

OS	OS Version	Architecture	Package	Package Version	Filename
FreeBSD	any	noarch	libyaml	0.1.6	UNKNOWN
FreeBSD	any	noarch	mingw32-libyaml	0.1.6	UNKNOWN

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

11 Mar 2014 00:00Current

8High risk

Vulners AI Score8

CVSS26.8

EPSS0.35654