Computer Security
[EN] securityvulns.ru no-pyccku


libYAML buffer overflow
updated since 10.02.2014
Published:31.03.2014
Source:
SecurityVulns ID:13563
Type:library
Threat Level:
6/10
Description:Buffer oveflow on oversized tag.
Affected:YAML : LibYAML 0.1
CVE:CVE-2014-2525 (Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.)
 CVE-2013-6393 (The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.)
Original documentdocumentAndrea Barisani, [oCERT-2014-003] LibYAML input sanitization errors (31.03.2014)
 documentDEBIAN, [SECURITY] [DSA 2885-1] libyaml-libyaml-perl security update (27.03.2014)
 documentDEBIAN, [SECURITY] [DSA 2884-1] libyaml security update (27.03.2014)
 documentUBUNTU, [USN-2098-1] LibYAML vulnerability (10.02.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod