Описание
A flaw was found in the libyaml library. Setting a YAML string with the yaml_parser_set_input_string function to be parsed by the yaml_parser_parse function can cause an infinite loop, resulting in a denial of service in the application linked to the library.
Меры по смягчению последствий
Applications that do not parse YAML files/strings from untrusted sources will not be vulnerable to this vulnerability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | libyaml | Not affected | ||
| Red Hat Enterprise Linux 10 | python-ruamel-yaml-clib | Not affected | ||
| Red Hat Enterprise Linux 6 | libyaml | Not affected | ||
| Red Hat Enterprise Linux 7 | libyaml | Not affected | ||
| Red Hat Enterprise Linux 8 | libyaml | Not affected | ||
| Red Hat Enterprise Linux 8 | perl-YAML-LibYAML | Not affected | ||
| Red Hat Enterprise Linux 9 | libyaml | Not affected | ||
| Red Hat Enterprise Linux 9 | python-ruamel-yaml-clib | Not affected |
Показывать по
Дополнительная информация
Статус:
7.5 High
CVSS3
Связанные уязвимости
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
libyaml v0.2.5 is vulnerable to DDOS. Affected by this issue is the function yaml_parser_parse of the file /src/libyaml/src/parser.c.
7.5 High
CVSS3