CVE-2013-6393
published 2014-02-06CVE-2013-6393: The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of…
medium6.8CVSS 3.1
AVNACMAuNCPIPAP
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | libyaml | < libyaml 0.1.4-3 (bookworm) | libyaml 0.1.4-3 (bookworm) |
| debian | libyaml-libyaml-perl | < libyaml 0.1.4-3 (bookworm) | libyaml 0.1.4-3 (bookworm) |
| opensuse | leap | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| pyyaml | libyaml | <= 0.1.4 | — |
| pyyaml | libyaml | — | — |
| pyyaml | libyaml | — | — |
| pyyaml | libyaml | — | — |
| pyyaml | libyaml | — | — |
| pyyaml | libyaml | >= 0 < 0.1.4-3 | 0.1.4-3 |
| pyyaml | libyaml | >= 0 < 0.1.4-3 | 0.1.4-3 |
| pyyaml | libyaml | >= 0 < 0.1.4-3 | 0.1.4-3 |
| pyyaml | libyaml | >= 0 < 0.1.4-3 | 0.1.4-3 |
| pyyaml | libyaml | >= 0 < 0.2.3 | 0.2.3 |
| redhat | openstack | — | — |
| redhat | openstack | — | — |
CVSS provenance
nvd6.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM