Lucene search

K
githubGitHub Advisory DatabaseGHSA-M75H-CGHQ-C8H5
HistoryAug 31, 2020 - 10:51 p.m.

Heap Based Buffer Overflow in libyaml

2020-08-3122:51:50
CWE-119
GitHub Advisory Database
github.com
61

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.031 Low

EPSS

Percentile

90.8%

Versions 0.2.2 and earlier depend on native libyaml version 0.1.5 or earlier. As such, they are affected by a heap-based buffer overflow vulnerability that may result in a crash or arbitrary code execution when parsing YAML tags.

Recommendation

  • Update to version 0.2.3 that includes a version of LibYAML that contains a fix for this issue.
CPENameOperatorVersion
libyamllt0.2.3

References

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.031 Low

EPSS

Percentile

90.8%

Related for GHSA-M75H-CGHQ-C8H5