exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 11 of 11 RSS Feed

CVE-2014-9130

Status Candidate

Overview

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.

Related Files

Mandriva Linux Security Advisory 2015-060
Posted Mar 16, 2015
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2015-060 - Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.

tags | advisory, remote, overflow, arbitrary
systems | linux, redhat, mandriva
advisories | CVE-2013-6393, CVE-2014-2525, CVE-2014-9130
SHA-256 | 56470a30e5f6b760649df63508ee009d83bf4056c3e840432b96b2d9ef9768bb
Red Hat Security Advisory 2015-0260-01
Posted Feb 24, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0260-01 - YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. All libyaml users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the libyaml library must be restarted for this update to take effect.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-9130
SHA-256 | 792f9e6798b5e25740435a9e04fbf407a18a4febd6f6f49612ad6f8f36b8e4f4
Red Hat Security Advisory 2015-0112-01
Posted Feb 2, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0112-01 - YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. All libyaml users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the libyaml library must be restarted for this update to take effect.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-9130
SHA-256 | e7e47fedd99a2e7ae8058064043acac9bb0a9789eccc788ad6f1782ad6ec2f6c
Red Hat Security Advisory 2015-0100-01
Posted Jan 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-0100-01 - YAML is a data serialization format designed for human readability and interaction with scripting languages. LibYAML is a YAML parser and emitter written in C. An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. All libyaml users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. All running applications linked against the libyaml library must be restarted for this update to take effect.

tags | advisory
systems | linux, redhat
advisories | CVE-2014-9130
SHA-256 | f99e14e79ad38221edda7624248f82e2ac3c99c67404e44d0ef285df877f138d
Ubuntu Security Notice USN-2461-3
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2461-3 - Stanislaw Pitucha and Jonathan Gray discovered that PyYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-9130
SHA-256 | 94388bafb691cbdc91477eab2a842c6ff957d642eb82cd9053ce4d95dff49efc
Ubuntu Security Notice USN-2461-1
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2461-1 - Stanislaw Pitucha and Jonathan Gray discovered that LibYAML did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.

tags | advisory, denial of service
systems | linux, ubuntu
advisories | CVE-2014-9130
SHA-256 | 1912ea1c0b403d856ee57fee50e164735f11c6866145ffe051d0d6582aa36d54
Ubuntu Security Notice USN-2461-2
Posted Jan 13, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2461-2 - Stanislaw Pitucha and Jonathan Gray discovered that libyaml-libyaml-perl did not properly handle wrapped strings. An attacker could create specially crafted YAML data to trigger an assert, causing a denial of service.

tags | advisory, denial of service, perl
systems | linux, ubuntu
advisories | CVE-2014-9130
SHA-256 | 191712b310456bed505292d7ad3776e02d33b05d362fa3e709ea54c23a287610
Debian Security Advisory 3115-1
Posted Dec 31, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3115-1 - Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in Python-YAML, a YAML parser and emitter for Python. An attacker able to load specially crafted YAML input into an application using python-yaml could cause the application to crash.

tags | advisory, python
systems | linux, debian
advisories | CVE-2014-9130
SHA-256 | 49ad22f3dd836f0d44e1d28a7e4a30bff012d8ec8e5bbb52b850fe99bc1e870b
Mandriva Linux Security Advisory 2014-242
Posted Dec 15, 2014
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2014-242 - An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. The perl-YAML-LibYAML package is also affected, as it was derived from the same code. Both have been patched to fix this issue.

tags | advisory, perl
systems | linux, mandriva
advisories | CVE-2014-9130
SHA-256 | 1a8807c1c97e97b6cf8af38ad94c0f12afed0808ef6f0169b73e64b3b4d7a808
Debian Security Advisory 3103-1
Posted Dec 14, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3103-1 - Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and emitter library. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.

tags | advisory
systems | linux, debian
advisories | CVE-2014-9130
SHA-256 | a1ddf6c50b16ffa24a96002cafff871f602e1595d5aafacc8d319fc27d8cbab0
Debian Security Advisory 3102-1
Posted Dec 14, 2014
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3102-1 - Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and emitter library. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.

tags | advisory
systems | linux, debian
advisories | CVE-2014-9130
SHA-256 | c1980d775778424421c5584e68774bb782a7e149bd23a685210320f6c9af1dde
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close