PT-2025-39506 · Crates.Io · Libyaml
Published
2025-09-15
·
Updated
2025-09-15
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N |
In version 0.0.4,
libyml::string::yaml string extend was revised resulting in undefined behaviour, which is unsound.The GitHub project for
libyml was archived after unsoundness issues were raised.If you rely on this crate, it is highly recommended switching to a maintained alternative.
Recommended alternatives
libyaml-saferunsafe-libyaml-norway- Maintained fork ofunsafe-libyaml
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Libyaml