PT-2014-8840 · None+5 · Libyaml+5

Published

2014-12-05

Updated

2024-06-15

CVE-2014-9130

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions LibYAML versions 0.1.5 through 0.1.6

Description The issue allows context-dependent attackers to cause a denial of service, resulting in an assertion failure and crash. This can be achieved through vectors involving line-wrapping.

Recommendations For LibYAML versions 0.1.5 and 0.1.6, consider updating to a newer version to mitigate the risk, however, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALT-PU-2016-2012

CESA-2015_0100

CVE-2014-9130

DLA-109-1

DLA-110-1

DLA-127-1

DSA-3102-1

DSA-3103-1

DSA-3115-1

MGASA-2014-0508

MGASA-2015-0004

OPENSUSE-SU-2024:10029-1

OPENSUSE-SU-2024:10520-1

RHSA-2015:0100

RHSA-2015:0112

RHSA-2015:0260

RHSA-2015_0100

SUSE-RU-2015:0611-1

SUSE-SU-2014_1699-3

SUSE-SU-2015:0699-1

SUSE-SU-2015:0925-1

SUSE-SU-2015:0925-2

SUSE-SU-2015:0953-1

SUSE-SU-2015:0953-2

SUSE-SU-2015_0013-1

SUSE-SU-2015_0925-1

USN-2461-1

USN-2461-2

USN-2461-3

Affected Products

Alt Linux

Centos

Libyaml

Red Hat

Suse

Ubuntu

PT-2014-8840 · None+5 · Libyaml+5

CVE-2014-9130

Weakness Enumeration

Related Identifiers

Affected Products

References · 96