CVE-2012-1152

Name of the Vulnerable Software and Affected Versions YAML::LibYAML module version 0.38

Description The issue concerns multiple format string vulnerabilities in the error reporting functionality of the YAML::LibYAML module. These vulnerabilities allow remote attackers to cause a denial of service, resulting in a process crash. The vulnerabilities can be exploited through format string specifiers in various YAML elements, including a YAML stream to the Load function, a YAML node to the load node function, a YAML mapping to the load mapping function, or a YAML sequence to the load sequence function.

Recommendations For YAML::LibYAML module version 0.38, consider updating to a newer version that addresses these vulnerabilities. As a temporary workaround, restrict the use of the Load, load node, load mapping, and load sequence functions to minimize the risk of exploitation. Avoid using format string specifiers in YAML streams, nodes, mappings, and sequences until the issue is resolved.