CVE-2024-35328

CVE-2024-35328

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVE-2024-35328

A flaw was found in the libyaml library. Setting a YAML string with the yaml_parser_set_input_string function to be parsed by the yaml_parser_parse function can cause an infinite loop, resulting in a denial of service in the application linked to the library.

GHSA-pwfh-2pj9-f3rc

libyaml v0.2.5 is vulnerable to DDOS. Affected by this issue is the function yaml_parser_parse of the file /src/libyaml/src/parser.c.