Описание
An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file.
Отчет
This issue affects the versions of rh-mongodb32-yaml-cpp, rh-mongodb34-yaml-cpp, and rh-mongodb36-yaml-cpp as shipped with Red Hat Software Collections. However, this is only used to parse configuration files. Red Hat Satellite 6.5 ship yaml-cpp however has been rated as a security impact of Low, product version Satellite 6.6 onward is not affected. Satellite 6.5 is in Maintenance Support phase of the product life cycle and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 6 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat OpenStack Platform 10 (Newton) | yaml-cpp | Fix deferred | ||
| Red Hat OpenStack Platform 13 (Queens) | yaml-cpp | Fix deferred | ||
| Red Hat OpenStack Platform 14 (Rocky) | yaml-cpp | Affected | ||
| Red Hat OpenStack Platform 8 (Liberty) | yaml-cpp | Fix deferred | ||
| Red Hat OpenStack Platform 9 (Mitaka) | yaml-cpp | Fix deferred | ||
| Red Hat Satellite 6 | yaml-cpp | Will not fix | ||
| Red Hat Software Collections | rh-mongodb32-yaml-cpp | Will not fix | ||
| Red Hat Software Collections | rh-mongodb34-yaml-cpp | Will not fix | ||
| Red Hat Software Collections | rh-mongodb36-yaml-cpp | Will not fix |
Показывать по
Дополнительная информация
Статус:
5.3 Medium
CVSS3
Связанные уязвимости
An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file.
An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file.
An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap HandleMap HandleFlowSequence HandleSequence HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file.
An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYam ...
An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file.
5.3 Medium
CVSS3