Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5
CVSSv2

CVE-2014-9130

Published: 08/12/2014 Updated: 09/12/2017
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Libyaml

Vulnerability Summary

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent malicious users to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

pyyaml libyaml 0.1.6

pyyaml libyaml 0.1.5

Vendor Advisories

Debian CVElist Bug Report Logs: libyaml-libyaml-perl: CVE-2014-9130: Wrapped strings cause assert failure
Debian Bug report logs - #771365 libyaml-libyaml-perl: CVE-2014-9130: Wrapped strings cause assert failure Package: src:libyaml-libyaml-perl; Maintainer for src:libyaml-libyaml-perl is Debian Perl Group <pkg-perl-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 28 ...
Red Hat: Moderate: libyaml security update
Synopsis Moderate: libyaml security update Type/Severity Security Advisory: Moderate Topic Updated libyaml packages that fix one security issue are now available forRed Hat Enterprise Linux 6 and 7Red Hat Product Security has rated this update as having Moderate securityimpact A Common Vulnerability Scori ...
Red Hat: Moderate: libyaml security update
Synopsis Moderate: libyaml security update Type/Severity Security Advisory: Moderate Topic Updated libyaml packages that fix one security issue are now available forRed Hat Software Collections 1Red Hat Product Security has rated this update as having Moderate securityimpact A Common Vulnerability Scoring ...
Red Hat: Moderate: libyaml security update
Synopsis Moderate: libyaml security update Type/Severity Security Advisory: Moderate Topic Updated libyaml packages that fix one security issue are now available forRed Hat Enterprise Linux OpenStack Platform 40 and 50 for Red HatEnterprise Linux 6Red Hat Product Security has rated this update as having ...
Ubuntu Security Notice: pyyaml vulnerability
Applications using PyYAML could be made to crash if they received specially crafted input ...
Ubuntu Security Notice: libyaml-libyaml-perl vulnerability
Applications using libyaml-libyaml-perl could be made to crash if they received specially crafted input ...
Ubuntu Security Notice: libyaml vulnerability
Applications using LibYAML could be made to crash if they received specially crafted input ...
Debian Security Advisories: DSA-3102-1 libyaml -- security update
Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 11 parser and emitter library An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash For the stable distribution (wheezy), this problem has been fixed i ...
Debian Security Advisories: DSA-3103-1 libyaml-libyaml-perl -- security update
Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in LibYAML, a fast YAML 11 parser and emitter library An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash This update corrects this flaw in the copy that is embedded in the ...
Amazon Linux AMI: ALAS-2015-481
An assertion failure was found in the way the libyaml library parsed wrapped strings An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash (CVE-2014-9130) ...
Amazon Linux AMI: ALAS-2015-482
An assertion failure was found in the way the libyaml library parsed wrapped strings An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash ...

References

CWE-20http://www.openwall.com/lists/oss-security/2014/11/29/3http://www.openwall.com/lists/oss-security/2014/11/28/8https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2http://www.securityfocus.com/bid/71349http://secunia.com/advisories/59947https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failurehttp://secunia.com/advisories/60944http://www.openwall.com/lists/oss-security/2014/11/28/1http://linux.oracle.com/errata/ELSA-2015-0100.htmlhttp://secunia.com/advisories/62723http://secunia.com/advisories/62705http://secunia.com/advisories/62774http://www.ubuntu.com/usn/USN-2461-2http://www.ubuntu.com/usn/USN-2461-3http://www.ubuntu.com/usn/USN-2461-1http://rhn.redhat.com/errata/RHSA-2015-0100.htmlhttp://www.debian.org/security/2014/dsa-3103http://rhn.redhat.com/errata/RHSA-2015-0112.htmlhttp://www.debian.org/security/2014/dsa-3102http://www.debian.org/security/2014/dsa-3115http://rhn.redhat.com/errata/RHSA-2015-0260.htmlhttp://lists.opensuse.org/opensuse-updates/2015-02/msg00078.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2015:060http://www.mandriva.com/security/advisories?name=MDVSA-2014:242http://advisories.mageia.org/MGASA-2014-0508.htmlhttp://lists.opensuse.org/opensuse-updates/2016-04/msg00050.htmlhttp://secunia.com/advisories/62176http://secunia.com/advisories/62174http://secunia.com/advisories/62164https://exchange.xforce.ibmcloud.com/vulnerabilities/99047https://puppet.com/security/cve/cve-2014-9130https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771365https://nvd.nist.govhttps://usn.ubuntu.com/2461-3/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4654CVE-2023-49606encryptionNULL pointer dereferenceCVE-2024-4439CVE-2024-4649race conditionCVE-2024-27202CVE-2024-34566
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook