CVE-2014-2525

Name of the Vulnerable Software and Affected Versions LibYAML versions prior to 0.1.6

Description The issue is related to a heap-based buffer overflow in the yaml parser scan uri escapes function. This allows attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file. The vulnerability can be exploited remotely and may lead to a breach of confidentiality, integrity, and availability of protected information.

Recommendations For LibYAML versions prior to 0.1.6, update to version 0.1.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of YAML files with long sequences of percent-encoded characters in URIs until a patch is applied. Avoid using the yaml parser scan uri escapes function with untrusted input until the issue is resolved.