Описание
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | mingw-libyaml | Not affected | ||
| Red Hat Enterprise MRG 1 | libyaml | Will not fix | ||
| Red Hat Enterprise MRG 2 | libyaml | Will not fix | ||
| Red Hat JBoss Enterprise Web Server 1 | inktank-1.2-libyaml | Not affected | ||
| Red Hat Satellite 5.3 | libyaml | Will not fix | ||
| Red Hat Satellite 5.4 | libyaml | Will not fix | ||
| Red Hat Satellite 5.5 | libyaml | Will not fix | ||
| Red Hat Satellite 5.6 | libyaml | Fix deferred | ||
| Red Hat Satellite 5.7 | libyaml | Fix deferred | ||
| Red Hat Satellite 6 | libyaml | Fix deferred |
Показывать по
Дополнительная информация
Статус:
4.3 Medium
CVSS2
Связанные уязвимости
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka ...
4.3 Medium
CVSS2