PT-2014-1788 · Libyaml+3 · Libyaml+3

Florian Weimer

Publicado

2014-02-06

Atualizado

2024-06-15

CVE-2013-6393

CVSS v2.0

6.8

Média

Vetor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions LibYAML versions prior to 0.1.5

Description The issue is related to an incorrect cast in the yaml parser scan tag uri function, which can lead to a denial of service (application crash) and possibly allow remote attackers to execute arbitrary code via crafted tags in a YAML document, triggering a heap-based buffer overflow. Multiple vulnerabilities in the libyaml package may compromise the confidentiality, integrity, and availability of protected information, and exploitation can be done remotely.

Recommendations

Update to version 0.1.5 or later, which includes a fix for the heap-based buffer overflow vulnerability.
For versions 0.2.2 and earlier that depend on native libyaml version 0.1.5 or earlier, update to version 0.2.3 that includes a version of LibYAML with the fix.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

ALT-PU-2014-1162

BDU:2015-04120

CESA-2014_0355

CVE-2013-6393

DSA-2850-1

DSA-2870-1

GHSA-M75H-CGHQ-C8H5

MGASA-2014-0040

MGASA-2014-0154

OPENSUSE-SU-2024:10029-1

OPENSUSE-SU-2024:10520-1

RHSA-2014:0353

RHSA-2014:0354

RHSA-2014:0355

RHSA-2014:0364

RHSA-2014:0415

SUSE-SU-2015:0953-1

SUSE-SU-2015:0953-2

SUSE-SU-2015_0953-1

SUSE-SU-2015_0953-2

Produtos afetados

Alt Linux

Centos

Libyaml

Suse

PT-2014-1788 · Libyaml+3 · Libyaml+3

CVE-2013-6393

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 74