A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is
the function yaml_event_delete of the file /src/libyaml/src/api.c. The
manipulation leads to a double-free.
Author | Note |
---|---|
jdstrand | golang-goyaml is a go translation of libyaml and shouldn’t share implementation flaws, but may share design flaws |
mdeslaur | This is a misuse of the API per the upstream libyaml developers. This CVE is likely to get rejected, marking as deferred to make sure. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 16.04 | noarch | golang-goyaml | < any | UNKNOWN |
ubuntu | 18.04 | noarch | golang-yaml.v2 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | golang-yaml.v2 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | golang-yaml.v2 | < any | UNKNOWN |
ubuntu | 23.10 | noarch | golang-yaml.v2 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | golang-yaml.v2 | < any | UNKNOWN |
ubuntu | 16.04 | noarch | golang-yaml.v2 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | libyaml | < any | UNKNOWN |
ubuntu | 20.04 | noarch | libyaml | < any | UNKNOWN |
ubuntu | 22.04 | noarch | libyaml | < any | UNKNOWN |