Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2014-2525

Published: 28/03/2014 Updated: 30/10/2018
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Pyyaml

Vulnerability Summary

Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML prior to 0.1.6 allows context-dependent malicious users to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pyyaml libyaml 0.1.3

pyyaml libyaml 0.1.2

pyyaml libyaml

pyyaml libyaml 0.1.4

pyyaml libyaml 0.1.1

pyyaml libyaml 0.0.1

opensuse opensuse 13.2

opensuse opensuse 13.1

opensuse leap 42.1

Vendor Advisories

Debian CVElist Bug Report Logs: libyaml: CVE-2014-2525: input sanitization errors
Debian Bug report logs - #742732 libyaml: CVE-2014-2525: input sanitization errors Package: libyaml; Maintainer for libyaml is Anders Kaseorg <andersk@mitedu>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 26 Mar 2014 19:03:01 UTC Severity: grave Tags: fixed-upstream, patch, security, upstream Fo ...
Ubuntu Security Notice: libyaml vulnerability
LibYAML could be made to crash or run programs if it opened a specially crafted YAML document ...
Ubuntu Security Notice: libyaml-libyaml-perl vulnerabilities
libyaml-libyaml-perl could be made to crash or run programs if it opened a specially crafted YAML file ...
Debian Security Advisories: DSA-2885-1 libyaml-libyaml-perl -- security update
Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 11 parser and emitter library A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with ...
Amazon Linux AMI: ALAS-2014-324
The yaml_parser_scan_tag_uri function in scannerc in LibYAML before 015 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow Heap-based buffer overflow in the yaml_parser_scan ...
Amazon Linux AMI: ALAS-2014-321
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 016 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file ...

References

CWE-119https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048http://www.debian.org/security/2014/dsa-2885http://www.debian.org/security/2014/dsa-2884http://www.ocert.org/advisories/ocert-2014-003.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0353.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0355.htmlhttp://www.ubuntu.com/usn/USN-2160-1http://rhn.redhat.com/errata/RHSA-2014-0354.htmlhttp://lists.opensuse.org/opensuse-updates/2014-04/msg00022.htmlhttp://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/http://secunia.com/advisories/57968http://secunia.com/advisories/57836http://secunia.com/advisories/57966http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/http://support.apple.com/kb/HT6443http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:060http://advisories.mageia.org/MGASA-2014-0150.htmlhttp://www.securityfocus.com/bid/66478http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.htmlhttps://puppet.com/security/cve/cve-2014-2525https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742732https://nvd.nist.govhttps://usn.ubuntu.com/2160-1/
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
authentication bypassCVE-2024-30051remoteCVE-2024-27954CVE-2023-51483CVE-2023-47782SSRFCVE-2024-24715CVE-2023-52424
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook