PT-2025-39506 · Crates.Io · Libyaml
Publicado
2025-09-15
·
Atualizado
2025-09-15
CVSS v4.0
8.7
Alta
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
In version 0.0.4,
libyml::string::yaml string extend was revised resulting in undefined behaviour, which is unsound.The GitHub project for
libyml was archived after unsoundness issues were raised.If you rely on this crate, it is highly recommended switching to a maintained alternative.
Recommended alternatives
libyaml-saferunsafe-libyaml-norway- Maintained fork ofunsafe-libyaml
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Libyaml