CVE-2018-20573

Опубликовано: 28 дек. 2018

Источник: debian

EPSS Низкий

Описание

The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
yaml-cpp	fixed	0.6.3-1		package
yaml-cpp	no-dsa		buster	package
yaml-cpp	no-dsa		stretch	package
yaml-cpp	postponed		jessie	package
yaml-cpp0.3	removed			package
yaml-cpp0.3	no-dsa		stretch	package
yaml-cpp0.3	postponed		jessie	package

Примечания

https://github.com/jbeder/yaml-cpp/issues/655

EPSS

Процентиль: 75%

0.00891

Низкий

Связанные уязвимости

CVE-2018-20573

CVSS3: 6.5

ubuntu

около 7 лет назад

The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

CVE-2018-20573

CVSS3: 3.7

redhat

около 7 лет назад

The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

CVE-2018-20573

CVSS3: 6.5

nvd

около 7 лет назад

The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

CVE-2018-20573

CVSS3: 6.5

msrc

больше 5 лет назад

The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

GHSA-wff4-h782-3qx9

CVSS3: 6.5

github

больше 3 лет назад

The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.

EPSS

Процентиль: 75%

0.00891

Низкий