Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

CVE-2024-35325 (GCVE-0-2024-35325)

Vulnerability from cvelistv5 – Published: 2024-06-13 00:00 – Updated: 2024-08-28 15:36

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2024-08-28T15:36:54.609579",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-35325",
    "datePublished": "2024-06-13T00:00:00",
    "dateRejected": "2024-08-28T00:00:00",
    "dateReserved": "2024-05-17T00:00:00",
    "dateUpdated": "2024-08-28T15:36:54.609579",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35326 (GCVE-0-2024-35326)

Vulnerability from cvelistv5 – Published: 2024-06-13 00:00 – Updated: 2024-08-28 15:38

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2024-08-28T15:38:17.799524",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-35326",
    "datePublished": "2024-06-13T00:00:00",
    "dateRejected": "2024-08-28T00:00:00",
    "dateReserved": "2024-05-17T00:00:00",
    "dateUpdated": "2024-08-28T15:38:17.799524",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2024-35328 (GCVE-0-2024-35328)

Vulnerability from cvelistv5 – Published: 2024-06-13 00:00 – Updated: 2024-08-28 15:40

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2024-08-28T15:40:05.988808",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2024-35328",
    "datePublished": "2024-06-13T00:00:00",
    "dateRejected": "2024-08-28T00:00:00",
    "dateReserved": "2024-05-17T00:00:00",
    "dateUpdated": "2024-08-28T15:40:05.988808",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-14343 (GCVE-0-2020-14343)

Vulnerability from cvelistv5 – Published: 2021-02-09 00:00 – Updated: 2024-08-04 12:39

Summary

A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747.

Severity ?

No CVSS data available.

CWE

CWE-20

Assigner

redhat

References

URL

Tags

	https://github.com/yaml/pyyaml/issues/420
	https://bugzilla.redhat.com/show_bug.cgi?id=1860466
	https://www.oracle.com/security-alerts/cpuapr2022.html
	https://www.oracle.com/security-alerts/cpujul2022.html
	https://github.com/SeldonIO/seldon-core/issues/2252

Impacted products

	Vendor	Product	Version
	n/a	PyYAML	Affected: PyYAML 5.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:39:36.530Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/yaml/pyyaml/issues/420"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860466"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/SeldonIO/seldon-core/issues/2252"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PyYAML",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "PyYAML 5.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor. This flaw is due to an incomplete fix for CVE-2020-1747."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-06T00:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://github.com/yaml/pyyaml/issues/420"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860466"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "url": "https://github.com/SeldonIO/seldon-core/issues/2252"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-14343",
    "datePublished": "2021-02-09T00:00:00",
    "dateReserved": "2020-06-17T00:00:00",
    "dateUpdated": "2024-08-04T12:39:36.530Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2020-1747 (GCVE-0-2020-1747)

Vulnerability from cvelistv5 – Published: 2020-03-24 13:56 – Updated: 2024-08-04 06:46

Summary

A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor.

Severity ?

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-20

Assigner

redhat

References

URL

Tags

	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://www.oracle.com/security-alerts/cpujul2022.html	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2…	x_refsource_CONFIRM
	https://github.com/yaml/pyyaml/pull/386	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Red Hat	PyYAML	Affected: 5.3.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:46:30.893Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "FEDORA-2020-40c35d7b37",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WORRFHPQVAFKKXXWLSSW6XKUYLWM6CSH/"
          },
          {
            "name": "FEDORA-2020-bdb0bfa928",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBJA3SGNJKCAYPSHOHWY3KBCWNM5NYK2/"
          },
          {
            "name": "FEDORA-2020-e9741a6a15",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K5HEPD7LEVDPCITY5IMDYWXUMX37VFMY/"
          },
          {
            "name": "openSUSE-SU-2020:0507",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00017.html"
          },
          {
            "name": "openSUSE-SU-2020:0630",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00017.html"
          },
          {
            "name": "FEDORA-2021-3342569a0f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMQXSZXNJT6ERABJZAAICI3DQSQLCP3D/"
          },
          {
            "name": "FEDORA-2021-eed7193502",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7PPAS6C4SZRDQLR7C22A5U3QOLXY33JX/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1747"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/yaml/pyyaml/pull/386"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PyYAML",
          "vendor": "Red Hat",
          "versions": [
            {
              "status": "affected",
              "version": "5.3.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:14:43",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "FEDORA-2020-40c35d7b37",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WORRFHPQVAFKKXXWLSSW6XKUYLWM6CSH/"
        },
        {
          "name": "FEDORA-2020-bdb0bfa928",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBJA3SGNJKCAYPSHOHWY3KBCWNM5NYK2/"
        },
        {
          "name": "FEDORA-2020-e9741a6a15",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/K5HEPD7LEVDPCITY5IMDYWXUMX37VFMY/"
        },
        {
          "name": "openSUSE-SU-2020:0507",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00017.html"
        },
        {
          "name": "openSUSE-SU-2020:0630",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00017.html"
        },
        {
          "name": "FEDORA-2021-3342569a0f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MMQXSZXNJT6ERABJZAAICI3DQSQLCP3D/"
        },
        {
          "name": "FEDORA-2021-eed7193502",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7PPAS6C4SZRDQLR7C22A5U3QOLXY33JX/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1747"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/yaml/pyyaml/pull/386"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-1747",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PyYAML",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.3.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Red Hat"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability was discovered in the PyYAML library in versions before 5.3.1, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. An attacker could use this flaw to execute arbitrary code on the system by abusing the python/object/new constructor."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "9.8/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "FEDORA-2020-40c35d7b37",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WORRFHPQVAFKKXXWLSSW6XKUYLWM6CSH/"
            },
            {
              "name": "FEDORA-2020-bdb0bfa928",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBJA3SGNJKCAYPSHOHWY3KBCWNM5NYK2/"
            },
            {
              "name": "FEDORA-2020-e9741a6a15",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K5HEPD7LEVDPCITY5IMDYWXUMX37VFMY/"
            },
            {
              "name": "openSUSE-SU-2020:0507",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00017.html"
            },
            {
              "name": "openSUSE-SU-2020:0630",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00017.html"
            },
            {
              "name": "FEDORA-2021-3342569a0f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMQXSZXNJT6ERABJZAAICI3DQSQLCP3D/"
            },
            {
              "name": "FEDORA-2021-eed7193502",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7PPAS6C4SZRDQLR7C22A5U3QOLXY33JX/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1747",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1747"
            },
            {
              "name": "https://github.com/yaml/pyyaml/pull/386",
              "refsource": "MISC",
              "url": "https://github.com/yaml/pyyaml/pull/386"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-1747",
    "datePublished": "2020-03-24T13:56:37",
    "dateReserved": "2019-11-27T00:00:00",
    "dateUpdated": "2024-08-04T06:46:30.893Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-20477 (GCVE-0-2019-20477)

Vulnerability from cvelistv5 – Published: 2020-02-19 03:09 – Updated: 2024-08-05 02:39

Summary

PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://github.com/yaml/pyyaml/blob/master/CHANGES	x_refsource_MISC
	https://www.exploit-db.com/download/47655	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T02:39:10.138Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/yaml/pyyaml/blob/master/CHANGES"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/download/47655"
          },
          {
            "name": "FEDORA-2020-3162499159",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52N5XS73Z5S4ZN7I7R56ICCPCTKCUV4H/"
          },
          {
            "name": "FEDORA-2020-e84e90dc4a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33VBUY73AA6CTTYL3LRWHNFDULV7PFPN/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-01T00:06:04",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/yaml/pyyaml/blob/master/CHANGES"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.exploit-db.com/download/47655"
        },
        {
          "name": "FEDORA-2020-3162499159",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/52N5XS73Z5S4ZN7I7R56ICCPCTKCUV4H/"
        },
        {
          "name": "FEDORA-2020-e84e90dc4a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/33VBUY73AA6CTTYL3LRWHNFDULV7PFPN/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-20477",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/yaml/pyyaml/blob/master/CHANGES",
              "refsource": "MISC",
              "url": "https://github.com/yaml/pyyaml/blob/master/CHANGES"
            },
            {
              "name": "https://www.exploit-db.com/download/47655",
              "refsource": "MISC",
              "url": "https://www.exploit-db.com/download/47655"
            },
            {
              "name": "FEDORA-2020-3162499159",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/52N5XS73Z5S4ZN7I7R56ICCPCTKCUV4H/"
            },
            {
              "name": "FEDORA-2020-e84e90dc4a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/33VBUY73AA6CTTYL3LRWHNFDULV7PFPN/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-20477",
    "datePublished": "2020-02-19T03:09:21",
    "dateReserved": "2020-02-19T00:00:00",
    "dateUpdated": "2024-08-05T02:39:10.138Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2017-18342 (GCVE-0-2017-18342)

Vulnerability from cvelistv5 – Published: 2018-06-27 12:00 – Updated: 2024-08-05 21:20

Summary

In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the 'UnsafeLoader' has been introduced for backward compatibility with the function.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://github.com/yaml/pyyaml/pull/74	x_refsource_MISC
	https://github.com/yaml/pyyaml/blob/master/CHANGES	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://github.com/marshmallow-code/apispec/issues/278	x_refsource_MISC
	https://github.com/yaml/pyyaml/issues/193	x_refsource_MISC
	https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.l…	x_refsource_MISC
	https://security.gentoo.org/glsa/202003-45	vendor-advisoryx_refsource_GENTOO

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T21:20:50.850Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/yaml/pyyaml/pull/74"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/yaml/pyyaml/blob/master/CHANGES"
          },
          {
            "name": "FEDORA-2019-bed9afe622",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M6JCFGEIEOFMWWIXGHSELMKQDD4CV2BA/"
          },
          {
            "name": "FEDORA-2019-779a9db46a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSQQMRUQSXBSUXLCRD3TSZYQ7SEZRKCE/"
          },
          {
            "name": "FEDORA-2019-44643e8bcb",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEX7IPV5P2QJITAMA5Z63GQCZA5I6NVZ/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/marshmallow-code/apispec/issues/278"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/yaml/pyyaml/issues/193"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load%28input%29-Deprecation"
          },
          {
            "name": "GLSA-202003-45",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-45"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2018-06-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the \u0027UnsafeLoader\u0027 has been introduced for backward compatibility with the function."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-19T20:06:10",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/yaml/pyyaml/pull/74"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/yaml/pyyaml/blob/master/CHANGES"
        },
        {
          "name": "FEDORA-2019-bed9afe622",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M6JCFGEIEOFMWWIXGHSELMKQDD4CV2BA/"
        },
        {
          "name": "FEDORA-2019-779a9db46a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSQQMRUQSXBSUXLCRD3TSZYQ7SEZRKCE/"
        },
        {
          "name": "FEDORA-2019-44643e8bcb",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JEX7IPV5P2QJITAMA5Z63GQCZA5I6NVZ/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/marshmallow-code/apispec/issues/278"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/yaml/pyyaml/issues/193"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load%28input%29-Deprecation"
        },
        {
          "name": "GLSA-202003-45",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-45"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-18342",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In PyYAML before 5.1, the yaml.load() API could execute arbitrary code if used with untrusted data. The load() function has been deprecated in version 5.1 and the \u0027UnsafeLoader\u0027 has been introduced for backward compatibility with the function."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/yaml/pyyaml/pull/74",
              "refsource": "MISC",
              "url": "https://github.com/yaml/pyyaml/pull/74"
            },
            {
              "name": "https://github.com/yaml/pyyaml/blob/master/CHANGES",
              "refsource": "MISC",
              "url": "https://github.com/yaml/pyyaml/blob/master/CHANGES"
            },
            {
              "name": "FEDORA-2019-bed9afe622",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6JCFGEIEOFMWWIXGHSELMKQDD4CV2BA/"
            },
            {
              "name": "FEDORA-2019-779a9db46a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSQQMRUQSXBSUXLCRD3TSZYQ7SEZRKCE/"
            },
            {
              "name": "FEDORA-2019-44643e8bcb",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JEX7IPV5P2QJITAMA5Z63GQCZA5I6NVZ/"
            },
            {
              "name": "https://github.com/marshmallow-code/apispec/issues/278",
              "refsource": "MISC",
              "url": "https://github.com/marshmallow-code/apispec/issues/278"
            },
            {
              "name": "https://github.com/yaml/pyyaml/issues/193",
              "refsource": "MISC",
              "url": "https://github.com/yaml/pyyaml/issues/193"
            },
            {
              "name": "https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation",
              "refsource": "MISC",
              "url": "https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation"
            },
            {
              "name": "GLSA-202003-45",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-45"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-18342",
    "datePublished": "2018-06-27T12:00:00",
    "dateReserved": "2018-06-27T00:00:00",
    "dateUpdated": "2024-08-05T21:20:50.850Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-9130 (GCVE-0-2014-9130)

Vulnerability from cvelistv5 – Published: 2014-12-08 16:00 – Updated: 2024-08-06 13:33

Summary

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/62705	third-party-advisoryx_refsource_SECUNIA
	https://bitbucket.org/xi/libyaml/commits/2b915675…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/71349	vdb-entryx_refsource_BID
	http://www.debian.org/security/2014/dsa-3102	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/62174	third-party-advisoryx_refsource_SECUNIA
	http://rhn.redhat.com/errata/RHSA-2015-0112.html	vendor-advisoryx_refsource_REDHAT
	http://www.openwall.com/lists/oss-security/2014/11/28/1	mailing-listx_refsource_MLIST
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.ubuntu.com/usn/USN-2461-3	vendor-advisoryx_refsource_UBUNTU
	http://www.debian.org/security/2014/dsa-3115	vendor-advisoryx_refsource_DEBIAN
	http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisoryx_refsource_SUSE
	http://www.openwall.com/lists/oss-security/2014/11/29/3	mailing-listx_refsource_MLIST
	http://secunia.com/advisories/62774	third-party-advisoryx_refsource_SECUNIA
	http://www.openwall.com/lists/oss-security/2014/11/28/8	mailing-listx_refsource_MLIST
	http://rhn.redhat.com/errata/RHSA-2015-0260.html	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/62723	third-party-advisoryx_refsource_SECUNIA
	http://www.ubuntu.com/usn/USN-2461-1	vendor-advisoryx_refsource_UBUNTU
	https://puppet.com/security/cve/cve-2014-9130	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2461-2	vendor-advisoryx_refsource_UBUNTU
	http://secunia.com/advisories/62176	third-party-advisoryx_refsource_SECUNIA
	https://bitbucket.org/xi/libyaml/issue/10/wrapped…	x_refsource_MISC
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.debian.org/security/2014/dsa-3103	vendor-advisoryx_refsource_DEBIAN
	http://secunia.com/advisories/60944	third-party-advisoryx_refsource_SECUNIA
	http://lists.opensuse.org/opensuse-updates/2016-0…	vendor-advisoryx_refsource_SUSE
	http://secunia.com/advisories/62164	third-party-advisoryx_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	http://rhn.redhat.com/errata/RHSA-2015-0100.html	vendor-advisoryx_refsource_REDHAT
	http://linux.oracle.com/errata/ELSA-2015-0100.html	x_refsource_CONFIRM
	http://secunia.com/advisories/59947	third-party-advisoryx_refsource_SECUNIA
	http://advisories.mageia.org/MGASA-2014-0508.html	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:33:13.456Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "62705",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62705"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2"
          },
          {
            "name": "71349",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/71349"
          },
          {
            "name": "DSA-3102",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3102"
          },
          {
            "name": "62174",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62174"
          },
          {
            "name": "RHSA-2015:0112",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0112.html"
          },
          {
            "name": "[oss-security] 20141128 libyaml / YAML-LibYAML DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/11/28/1"
          },
          {
            "name": "MDVSA-2015:060",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"
          },
          {
            "name": "USN-2461-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2461-3"
          },
          {
            "name": "DSA-3115",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3115"
          },
          {
            "name": "openSUSE-SU-2015:0319",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"
          },
          {
            "name": "[oss-security] 20141129 Re: Re: libyaml / YAML-LibYAML DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/11/29/3"
          },
          {
            "name": "62774",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62774"
          },
          {
            "name": "[oss-security] 20141128 Re: libyaml / YAML-LibYAML DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2014/11/28/8"
          },
          {
            "name": "RHSA-2015:0260",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0260.html"
          },
          {
            "name": "62723",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62723"
          },
          {
            "name": "USN-2461-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2461-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://puppet.com/security/cve/cve-2014-9130"
          },
          {
            "name": "USN-2461-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2461-2"
          },
          {
            "name": "62176",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62176"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure"
          },
          {
            "name": "MDVSA-2014:242",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:242"
          },
          {
            "name": "DSA-3103",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-3103"
          },
          {
            "name": "60944",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/60944"
          },
          {
            "name": "openSUSE-SU-2016:1067",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"
          },
          {
            "name": "62164",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/62164"
          },
          {
            "name": "libyaml-cve20149130-dos(99047)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99047"
          },
          {
            "name": "RHSA-2015:0100",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0100.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://linux.oracle.com/errata/ELSA-2015-0100.html"
          },
          {
            "name": "59947",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/59947"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0508.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-11-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-08T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "62705",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62705"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2"
        },
        {
          "name": "71349",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/71349"
        },
        {
          "name": "DSA-3102",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3102"
        },
        {
          "name": "62174",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62174"
        },
        {
          "name": "RHSA-2015:0112",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0112.html"
        },
        {
          "name": "[oss-security] 20141128 libyaml / YAML-LibYAML DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/11/28/1"
        },
        {
          "name": "MDVSA-2015:060",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"
        },
        {
          "name": "USN-2461-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2461-3"
        },
        {
          "name": "DSA-3115",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3115"
        },
        {
          "name": "openSUSE-SU-2015:0319",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"
        },
        {
          "name": "[oss-security] 20141129 Re: Re: libyaml / YAML-LibYAML DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/11/29/3"
        },
        {
          "name": "62774",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62774"
        },
        {
          "name": "[oss-security] 20141128 Re: libyaml / YAML-LibYAML DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2014/11/28/8"
        },
        {
          "name": "RHSA-2015:0260",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0260.html"
        },
        {
          "name": "62723",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62723"
        },
        {
          "name": "USN-2461-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2461-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://puppet.com/security/cve/cve-2014-9130"
        },
        {
          "name": "USN-2461-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2461-2"
        },
        {
          "name": "62176",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62176"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure"
        },
        {
          "name": "MDVSA-2014:242",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:242"
        },
        {
          "name": "DSA-3103",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-3103"
        },
        {
          "name": "60944",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/60944"
        },
        {
          "name": "openSUSE-SU-2016:1067",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"
        },
        {
          "name": "62164",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/62164"
        },
        {
          "name": "libyaml-cve20149130-dos(99047)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99047"
        },
        {
          "name": "RHSA-2015:0100",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0100.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://linux.oracle.com/errata/ELSA-2015-0100.html"
        },
        {
          "name": "59947",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/59947"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0508.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-9130",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "62705",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62705"
            },
            {
              "name": "https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2",
              "refsource": "CONFIRM",
              "url": "https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2"
            },
            {
              "name": "71349",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/71349"
            },
            {
              "name": "DSA-3102",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3102"
            },
            {
              "name": "62174",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62174"
            },
            {
              "name": "RHSA-2015:0112",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0112.html"
            },
            {
              "name": "[oss-security] 20141128 libyaml / YAML-LibYAML DoS",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/11/28/1"
            },
            {
              "name": "MDVSA-2015:060",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"
            },
            {
              "name": "USN-2461-3",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2461-3"
            },
            {
              "name": "DSA-3115",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3115"
            },
            {
              "name": "openSUSE-SU-2015:0319",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"
            },
            {
              "name": "[oss-security] 20141129 Re: Re: libyaml / YAML-LibYAML DoS",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/11/29/3"
            },
            {
              "name": "62774",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62774"
            },
            {
              "name": "[oss-security] 20141128 Re: libyaml / YAML-LibYAML DoS",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2014/11/28/8"
            },
            {
              "name": "RHSA-2015:0260",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0260.html"
            },
            {
              "name": "62723",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62723"
            },
            {
              "name": "USN-2461-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2461-1"
            },
            {
              "name": "https://puppet.com/security/cve/cve-2014-9130",
              "refsource": "CONFIRM",
              "url": "https://puppet.com/security/cve/cve-2014-9130"
            },
            {
              "name": "USN-2461-2",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2461-2"
            },
            {
              "name": "62176",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62176"
            },
            {
              "name": "https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure",
              "refsource": "MISC",
              "url": "https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure"
            },
            {
              "name": "MDVSA-2014:242",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2014:242"
            },
            {
              "name": "DSA-3103",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-3103"
            },
            {
              "name": "60944",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/60944"
            },
            {
              "name": "openSUSE-SU-2016:1067",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"
            },
            {
              "name": "62164",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/62164"
            },
            {
              "name": "libyaml-cve20149130-dos(99047)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/99047"
            },
            {
              "name": "RHSA-2015:0100",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0100.html"
            },
            {
              "name": "http://linux.oracle.com/errata/ELSA-2015-0100.html",
              "refsource": "CONFIRM",
              "url": "http://linux.oracle.com/errata/ELSA-2015-0100.html"
            },
            {
              "name": "59947",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/59947"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0508.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2014-0508.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-9130",
    "datePublished": "2014-12-08T16:00:00",
    "dateReserved": "2014-11-28T00:00:00",
    "dateUpdated": "2024-08-06T13:33:13.456Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2014-2525 (GCVE-0-2014-2525)

Vulnerability from cvelistv5 – Published: 2014-03-28 15:00 – Updated: 2024-08-06 10:14

Summary

Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	http://www.securityfocus.com/bid/66478	vdb-entryx_refsource_BID
	http://secunia.com/advisories/57836	third-party-advisoryx_refsource_SECUNIA
	https://puppet.com/security/cve/cve-2014-2525	x_refsource_CONFIRM
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.ocert.org/advisories/ocert-2014-003.html	x_refsource_MISC
	http://www.debian.org/security/2014/dsa-2885	vendor-advisoryx_refsource_DEBIAN
	http://www.ubuntu.com/usn/USN-2160-1	vendor-advisoryx_refsource_UBUNTU
	http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisoryx_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2014-0355.html	vendor-advisoryx_refsource_REDHAT
	http://www.debian.org/security/2014/dsa-2884	vendor-advisoryx_refsource_DEBIAN
	http://rhn.redhat.com/errata/RHSA-2014-0354.html	vendor-advisoryx_refsource_REDHAT
	http://www.getchef.com/blog/2014/04/09/chef-serve…	x_refsource_CONFIRM
	https://bitbucket.org/xi/libyaml/commits/bce8b60f…	x_refsource_CONFIRM
	http://advisories.mageia.org/MGASA-2014-0150.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2014-0…	vendor-advisoryx_refsource_SUSE
	http://support.apple.com/kb/HT6443	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2016-0…	vendor-advisoryx_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2014-0353.html	vendor-advisoryx_refsource_REDHAT
	http://secunia.com/advisories/57968	third-party-advisoryx_refsource_SECUNIA
	http://www.getchef.com/blog/2014/04/09/enterprise…	x_refsource_CONFIRM
	http://www.getchef.com/blog/2014/04/09/enterprise…	x_refsource_CONFIRM
	http://secunia.com/advisories/57966	third-party-advisoryx_refsource_SECUNIA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T10:14:26.613Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "66478",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/66478"
          },
          {
            "name": "57836",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57836"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://puppet.com/security/cve/cve-2014-2525"
          },
          {
            "name": "MDVSA-2015:060",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.ocert.org/advisories/ocert-2014-003.html"
          },
          {
            "name": "DSA-2885",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2885"
          },
          {
            "name": "USN-2160-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2160-1"
          },
          {
            "name": "openSUSE-SU-2015:0319",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"
          },
          {
            "name": "RHSA-2014:0355",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"
          },
          {
            "name": "DSA-2884",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2884"
          },
          {
            "name": "RHSA-2014:0354",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0150.html"
          },
          {
            "name": "openSUSE-SU-2014:0500",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT6443"
          },
          {
            "name": "openSUSE-SU-2016:1067",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"
          },
          {
            "name": "RHSA-2014:0353",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"
          },
          {
            "name": "57968",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57968"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
          },
          {
            "name": "57966",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/57966"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-03-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-08T10:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "66478",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/66478"
        },
        {
          "name": "57836",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57836"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://puppet.com/security/cve/cve-2014-2525"
        },
        {
          "name": "MDVSA-2015:060",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.ocert.org/advisories/ocert-2014-003.html"
        },
        {
          "name": "DSA-2885",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2885"
        },
        {
          "name": "USN-2160-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2160-1"
        },
        {
          "name": "openSUSE-SU-2015:0319",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"
        },
        {
          "name": "RHSA-2014:0355",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"
        },
        {
          "name": "DSA-2884",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2884"
        },
        {
          "name": "RHSA-2014:0354",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0150.html"
        },
        {
          "name": "openSUSE-SU-2014:0500",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT6443"
        },
        {
          "name": "openSUSE-SU-2016:1067",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"
        },
        {
          "name": "RHSA-2014:0353",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"
        },
        {
          "name": "57968",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57968"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
        },
        {
          "name": "57966",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/57966"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-2525",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "66478",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/66478"
            },
            {
              "name": "57836",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/57836"
            },
            {
              "name": "https://puppet.com/security/cve/cve-2014-2525",
              "refsource": "CONFIRM",
              "url": "https://puppet.com/security/cve/cve-2014-2525"
            },
            {
              "name": "MDVSA-2015:060",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"
            },
            {
              "name": "http://www.ocert.org/advisories/ocert-2014-003.html",
              "refsource": "MISC",
              "url": "http://www.ocert.org/advisories/ocert-2014-003.html"
            },
            {
              "name": "DSA-2885",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2885"
            },
            {
              "name": "USN-2160-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2160-1"
            },
            {
              "name": "openSUSE-SU-2015:0319",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"
            },
            {
              "name": "RHSA-2014:0355",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"
            },
            {
              "name": "DSA-2884",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2884"
            },
            {
              "name": "RHSA-2014:0354",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"
            },
            {
              "name": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/",
              "refsource": "CONFIRM",
              "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"
            },
            {
              "name": "https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048",
              "refsource": "CONFIRM",
              "url": "https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0150.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2014-0150.html"
            },
            {
              "name": "openSUSE-SU-2014:0500",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html"
            },
            {
              "name": "http://support.apple.com/kb/HT6443",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT6443"
            },
            {
              "name": "openSUSE-SU-2016:1067",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"
            },
            {
              "name": "RHSA-2014:0353",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"
            },
            {
              "name": "57968",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/57968"
            },
            {
              "name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/",
              "refsource": "CONFIRM",
              "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"
            },
            {
              "name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/",
              "refsource": "CONFIRM",
              "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"
            },
            {
              "name": "57966",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/57966"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-2525",
    "datePublished": "2014-03-28T15:00:00",
    "dateReserved": "2014-03-17T00:00:00",
    "dateUpdated": "2024-08-06T10:14:26.613Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2013-6393 (GCVE-0-2013-6393)

Vulnerability from cvelistv5 – Published: 2014-02-06 22:00 – Updated: 2024-08-06 17:39

Summary

The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

redhat

References

URL

Tags

	http://lists.opensuse.org/opensuse-updates/2014-0…	vendor-advisoryx_refsource_SUSE
	http://www.debian.org/security/2014/dsa-2870	vendor-advisoryx_refsource_DEBIAN
	http://archives.neohapsis.com/archives/bugtraq/20…	vendor-advisoryx_refsource_APPLE
	https://bugzilla.redhat.com/show_bug.cgi?id=1033990	x_refsource_CONFIRM
	http://archives.neohapsis.com/archives/bugtraq/20…	vendor-advisoryx_refsource_APPLE
	http://osvdb.org/102716	vdb-entryx_refsource_OSVDB
	https://bugzilla.redhat.com/attachment.cgi?id=847…	x_refsource_MISC
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.securityfocus.com/bid/65258	vdb-entryx_refsource_BID
	http://advisories.mageia.org/MGASA-2014-0040.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisoryx_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2014-0355.html	vendor-advisoryx_refsource_REDHAT
	http://lists.opensuse.org/opensuse-updates/2014-0…	vendor-advisoryx_refsource_SUSE
	http://rhn.redhat.com/errata/RHSA-2014-0354.html	vendor-advisoryx_refsource_REDHAT
	https://support.apple.com/kb/HT6536	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2016-0…	vendor-advisoryx_refsource_SUSE
	http://www.debian.org/security/2014/dsa-2850	vendor-advisoryx_refsource_DEBIAN
	http://rhn.redhat.com/errata/RHSA-2014-0353.html	vendor-advisoryx_refsource_REDHAT
	https://bitbucket.org/xi/libyaml/commits/tag/0.1.5	x_refsource_CONFIRM
	https://puppet.com/security/cve/cve-2013-6393	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2098-1	vendor-advisoryx_refsource_UBUNTU

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:39:01.258Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2014:0273",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html"
          },
          {
            "name": "DSA-2870",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2870"
          },
          {
            "name": "APPLE-SA-2014-10-16-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033990"
          },
          {
            "name": "APPLE-SA-2014-04-22-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
          },
          {
            "name": "102716",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/102716"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/attachment.cgi?id=847926\u0026action=diff"
          },
          {
            "name": "MDVSA-2015:060",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"
          },
          {
            "name": "65258",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/65258"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://advisories.mageia.org/MGASA-2014-0040.html"
          },
          {
            "name": "openSUSE-SU-2015:0319",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"
          },
          {
            "name": "RHSA-2014:0355",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"
          },
          {
            "name": "openSUSE-SU-2014:0272",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html"
          },
          {
            "name": "RHSA-2014:0354",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT6536"
          },
          {
            "name": "openSUSE-SU-2016:1067",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"
          },
          {
            "name": "DSA-2850",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2014/dsa-2850"
          },
          {
            "name": "RHSA-2014:0353",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://puppet.com/security/cve/cve-2013-6393"
          },
          {
            "name": "USN-2098-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2098-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-11-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-12-08T10:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "openSUSE-SU-2014:0273",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html"
        },
        {
          "name": "DSA-2870",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2870"
        },
        {
          "name": "APPLE-SA-2014-10-16-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033990"
        },
        {
          "name": "APPLE-SA-2014-04-22-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
        },
        {
          "name": "102716",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/102716"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/attachment.cgi?id=847926\u0026action=diff"
        },
        {
          "name": "MDVSA-2015:060",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"
        },
        {
          "name": "65258",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/65258"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://advisories.mageia.org/MGASA-2014-0040.html"
        },
        {
          "name": "openSUSE-SU-2015:0319",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"
        },
        {
          "name": "RHSA-2014:0355",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"
        },
        {
          "name": "openSUSE-SU-2014:0272",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html"
        },
        {
          "name": "RHSA-2014:0354",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT6536"
        },
        {
          "name": "openSUSE-SU-2016:1067",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"
        },
        {
          "name": "DSA-2850",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2014/dsa-2850"
        },
        {
          "name": "RHSA-2014:0353",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://puppet.com/security/cve/cve-2013-6393"
        },
        {
          "name": "USN-2098-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2098-1"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-6393",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2014:0273",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html"
            },
            {
              "name": "DSA-2870",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2870"
            },
            {
              "name": "APPLE-SA-2014-10-16-3",
              "refsource": "APPLE",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1033990",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033990"
            },
            {
              "name": "APPLE-SA-2014-04-22-1",
              "refsource": "APPLE",
              "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"
            },
            {
              "name": "102716",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/102716"
            },
            {
              "name": "https://bugzilla.redhat.com/attachment.cgi?id=847926\u0026action=diff",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/attachment.cgi?id=847926\u0026action=diff"
            },
            {
              "name": "MDVSA-2015:060",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"
            },
            {
              "name": "65258",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/65258"
            },
            {
              "name": "http://advisories.mageia.org/MGASA-2014-0040.html",
              "refsource": "CONFIRM",
              "url": "http://advisories.mageia.org/MGASA-2014-0040.html"
            },
            {
              "name": "openSUSE-SU-2015:0319",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"
            },
            {
              "name": "RHSA-2014:0355",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"
            },
            {
              "name": "openSUSE-SU-2014:0272",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html"
            },
            {
              "name": "RHSA-2014:0354",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"
            },
            {
              "name": "https://support.apple.com/kb/HT6536",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT6536"
            },
            {
              "name": "openSUSE-SU-2016:1067",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"
            },
            {
              "name": "DSA-2850",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2014/dsa-2850"
            },
            {
              "name": "RHSA-2014:0353",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"
            },
            {
              "name": "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5",
              "refsource": "CONFIRM",
              "url": "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5"
            },
            {
              "name": "https://puppet.com/security/cve/cve-2013-6393",
              "refsource": "CONFIRM",
              "url": "https://puppet.com/security/cve/cve-2013-6393"
            },
            {
              "name": "USN-2098-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2098-1"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-6393",
    "datePublished": "2014-02-06T22:00:00",
    "dateReserved": "2013-11-04T00:00:00",
    "dateUpdated": "2024-08-06T17:39:01.258Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

10 vulnerabilities by pyyaml

CVE-2024-35325 (GCVE-0-2024-35325)

CVE-2024-35326 (GCVE-0-2024-35326)

CVE-2024-35328 (GCVE-0-2024-35328)

CVE-2020-14343 (GCVE-0-2020-14343)

CVE-2020-1747 (GCVE-0-2020-1747)

CVE-2019-20477 (GCVE-0-2019-20477)

CVE-2017-18342 (GCVE-0-2017-18342)

CVE-2014-9130 (GCVE-0-2014-9130)

CVE-2014-2525 (GCVE-0-2014-2525)

CVE-2013-6393 (GCVE-0-2013-6393)