Lucene search
Ubuntu.comUB:CVE-2024-35326HistoryJun 13, 2024 - 12:00 a.m.
CVE-2024-35326
2024-06-1300:00:00
ubuntu.com
ubuntu.com
1
libyaml
buffer overflow
yaml_emitter_emit
double-free
golang-goyaml
design flaws
libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issue is
the function yaml_emitter_emit of the file /src/libyaml/src/emitter.c. The
manipulation leads to a double-free.
Notes
| Author | Note |
|---|---|
| jdstrand | golang-goyaml is a go translation of libyaml and shouldn’t share implementation flaws, but may share design flaws |
| mdeslaur | There are no details about a fix for this vulnerability or a comment from the upstream developers as of 2024-06-19, but like the other CVEs from the same reporter this is likely a misuse of the API and the CVE will likely get rejected. Marking as deferred for now to make sure. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 16.04 | noarch | golang-goyaml | < any | UNKNOWN |
| ubuntu | 18.04 | noarch | golang-yaml.v2 | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | golang-yaml.v2 | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | golang-yaml.v2 | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | golang-yaml.v2 | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | golang-yaml.v2 | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | golang-yaml.v2 | < any | UNKNOWN |
| ubuntu | 18.04 | noarch | libyaml | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | libyaml | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | libyaml | < any | UNKNOWN |
Related
nvd
nvd
CVE-2024-35326
2024-06-13 17:15:50
cvelist
cvelist
CVE-2024-35326
2024-06-13 00:00:00
redhatcve
redhatcve
CVE-2024-35326
2024-06-14 06:12:33
cve
cve
CVE-2024-35326
2024-06-13 17:15:50
veracode
veracode
Heap Buffer Overflow
2024-06-17 06:54:37
vulnrichment
vulnrichment
CVE-2024-35326
2024-06-13 00:00:00