libyaml v0.2.5 is vulnerable to DDOS. Affected by this issue is the
function yaml_parser_parse of the file /src/libyaml/src/parser.c.
Notes
Author |
Note |
jdstrand |
golang-goyaml is a go translation of libyaml and shouldn’t share implementation flaws, but may share design flaws |
mdeslaur |
There are no details about a fix for this vulnerability or a comment from the upstream developers as of 2024-06-19, but like the other CVEs from the same reporter this is likely a misuse of the API and the CVE will likely get rejected. Marking as deferred for now to make sure. |