Lucene search

K
nodejsIvan FratricNODEJS:21
HistoryOct 17, 2015 - 7:41 p.m.

Heap Based Buffer Overflow

2015-10-1719:41:46
Ivan Fratric
www.npmjs.com
18

0.031 Low

EPSS

Percentile

91.1%

Overview

Versions 0.2.2 and earlier depend on native libyaml version 0.1.5 or earlier. As such, they are affected by a heap-based buffer overflow vulnerability that may result in a crash or arbitrary code execution when parsing YAML tags.

Recommendation

  • Update to version 0.2.3 that includes a version of LibYAML that contains a fix for this issue.

References

CPENameOperatorVersion
libyamllt0.2.3