2 matches found
CVE-2018-20993
The CVE-2018-20993 entry concerns the yaml-rust crate for Rust, where versions before 0.4.1 allow uncontrolled recursion during deserialization. Affected is the yaml-rust crate (pre-0.4.1); impact is potential disruption/crash due to recursion depth. Remediation: upgrade to 0.4.1 or newer; if upg...
CVE-2019-1010182
Yaml-rust 0.4.0 and earlier are affected by Uncontrolled Recursion in YamlLoader::load_from_str. The impact is a Denial of Service via an uncatchable abort, triggered by parsing a malicious YAML document. The fix is in 0.4.1 and later. This aligns across Red Hat, Debian, Ubuntu, OSV, and NVD entr...