PT-2017-12181 · Yaml Cpp+2 · Yaml-Cpp+2
Zhouatop
·
Publicado
2017-07-28
·
Atualizado
2025-11-14
·
CVE-2017-11692
CVSS v3.1
7.5
Alta
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
yaml-cpp versions 0.5.3 and earlier
Description
The issue allows remote attackers to cause a denial of service, resulting in an assertion failure and application exit. This is achieved by providing a specific string, '!2', which exploits the
Token& Scanner::peek function in scanner.cpp.Recommendations
For yaml-cpp versions 0.5.3 and earlier, consider updating to a newer version to resolve the issue. As a temporary workaround, restrict the input to the
Token& Scanner::peek function to prevent the '!2' string from being processed.Exploit
Correção
DoS
Assertion Failure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Astra Linux
Yaml-Cpp