Lucene search
Ubuntu.comUB:CVE-2024-35328HistoryJun 13, 2024 - 12:00 a.m.
CVE-2024-35328
2024-06-1300:00:00
ubuntu.com
ubuntu.com
2
libyaml vulnerability
ddos
yaml_parser_parse
implementation flaws
design flaws
libyaml v0.2.5 is vulnerable to DDOS. Affected by this issue is the
function yaml_parser_parse of the file /src/libyaml/src/parser.c.
Notes
| Author | Note |
|---|---|
| jdstrand | golang-goyaml is a go translation of libyaml and shouldn’t share implementation flaws, but may share design flaws |
| mdeslaur | There are no details about a fix for this vulnerability or a comment from the upstream developers as of 2024-06-19, but like the other CVEs from the same reporter this is likely a misuse of the API and the CVE will likely get rejected. Marking as deferred for now to make sure. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 16.04 | noarch | golang-goyaml | < any | UNKNOWN |
| ubuntu | 18.04 | noarch | golang-yaml.v2 | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | golang-yaml.v2 | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | golang-yaml.v2 | < any | UNKNOWN |
| ubuntu | 23.10 | noarch | golang-yaml.v2 | < any | UNKNOWN |
| ubuntu | 24.04 | noarch | golang-yaml.v2 | < any | UNKNOWN |
| ubuntu | 16.04 | noarch | golang-yaml.v2 | < any | UNKNOWN |
| ubuntu | 18.04 | noarch | libyaml | < any | UNKNOWN |
| ubuntu | 20.04 | noarch | libyaml | < any | UNKNOWN |
| ubuntu | 22.04 | noarch | libyaml | < any | UNKNOWN |
Related
vulnrichment
vulnrichment
CVE-2024-35328
2024-06-13 00:00:00
cve
cve
CVE-2024-35328
2024-06-13 16:15:11
redhatcve
redhatcve
CVE-2024-35328
2024-06-14 05:12:23
nvd
nvd
CVE-2024-35328
2024-06-13 16:15:11
veracode
veracode
Infinite Loop
2024-06-17 06:56:13
cvelist
cvelist
CVE-2024-35328
2024-06-13 00:00:00