CVE-2014-2525
published 2014-03-28CVE-2014-2525: Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code…
PriorityP341medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
9.19%
94.7th percentile
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libyaml | < libyaml 0.1.4-3.2 (bookworm) | libyaml 0.1.4-3.2 (bookworm) |
| debian | libyaml-libyaml-perl | < libyaml 0.1.4-3.2 (bookworm) | libyaml 0.1.4-3.2 (bookworm) |
| opensuse | leap | — | — |
| opensuse | opensuse | — | — |
| opensuse | opensuse | — | — |
| pyyaml | libyaml | <= 0.1.5 | — |
| pyyaml | libyaml | — | — |
| pyyaml | libyaml | — | — |
| pyyaml | libyaml | — | — |
| pyyaml | libyaml | — | — |
| pyyaml | libyaml | — | — |
| pyyaml | libyaml | >= 0 < 0.1.4-3.2 | 0.1.4-3.2 |
| pyyaml | libyaml | >= 0 < 0.1.4-3.2 | 0.1.4-3.2 |
| pyyaml | libyaml | >= 0 < 0.1.4-3.2 | 0.1.4-3.2 |
| pyyaml | libyaml | >= 0 < 0.1.4-3.2 | 0.1.4-3.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered by a long sequence of percent-encoded characters in a URI within a YAML file, targeting the yaml_parser_scan_uri_escapes function. Detection should focus on YAML files or input streams containing abnormally long sequences of percent-encoded (%XX) characters in URI fields. ↗
- →The vulnerable function is yaml_parser_scan_uri_escapes in LibYAML before version 0.1.6. Process-level monitoring or library call tracing targeting this function with oversized URI input can help detect exploitation attempts. ↗
- ·LibYAML versions before 0.1.6 are vulnerable. Patched version is 0.1.6 or later. On Debian-based systems, the fix is present in package version 0.1.4-3.2 or later. ↗
- ·Red Hat Enterprise Linux 6 and Red Hat Subscription Asset Manager are confirmed affected. RHEL 7, Red Hat Satellite 5/6, and Red Hat Software Collections are listed as not affected. ↗
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
vendor_ubuntu6.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
libyaml-libyaml-perl vulnerabilities
vendor_ubuntu·2014-04-03·CVSS 6.8
CVE-2013-6393 [MEDIUM] libyaml-libyaml-perl vulnerabilities
Title: libyaml-libyaml-perl vulnerabilities
Summary: libyaml-libyaml-perl could be made to crash or run programs if it opened a
specially crafted YAML file.
Florian Weimer discovered that libyaml-libyaml-perl incorrectly handled
certain large YAML documents. An attacker could use this issue to cause
libyaml-libyaml-perl to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2013-6393)
Ivan Fratric discovered that libyaml-libyaml-perl incorrectly handled
certain malformed YAML documents. An attacker could use this issue to cause
libyaml-libyaml-perl to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2014-2525)
Instructions: After a standard system update you need to restart applications using
libyaml-libyaml-perl to make al
Ubuntu
LibYAML vulnerability
vendor_ubuntu·2014-04-03
CVE-2014-2525 LibYAML vulnerability
Title: LibYAML vulnerability
Summary: LibYAML could be made to crash or run programs if it opened a specially
crafted YAML document.
Ivan Fratric discovered that LibYAML incorrectly handled certain malformed
YAML documents. An attacker could use this issue to cause LibYAML to crash,
resulting in a denial of service, or possibly execute arbitrary code.
Instructions: After a standard system update you need to restart applications using
LibYAML to make all the necessary changes.
Red Hat
libyaml: heap-based buffer overflow when parsing URLs
vendor_redhat·2014-03-27·CVSS 6.8
CVE-2014-2525 [MEDIUM] CWE-122 libyaml: heap-based buffer overflow when parsing URLs
libyaml: heap-based buffer overflow when parsing URLs
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
A heap based buffer overflow exists in the libyaml package such that an attacker by supplying a specially crafted yaml document when parsed by the application might result in remote code execution leading to complete compromise of the system.
Statement: Redhat satellite does not ship libyaml package but instead consumes the package from the RHEL distribution which is why it has been marked as not affected.
Mitigation: Mitigation for this issue is either not available or the currently available options don
Debian
CVE-2014-2525: libyaml - Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYA...
vendor_debian·2014·CVSS 6.8
CVE-2014-2525 [MEDIUM] CVE-2014-2525: libyaml - Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYA...
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
Scope: local
bookworm: resolved (fixed in 0.1.4-3.2)
bullseye: resolved (fixed in 0.1.4-3.2)
forky: resolved (fixed in 0.1.4-3.2)
sid: resolved (fixed in 0.1.4-3.2)
trixie: resolved (fixed in 0.1.4-3.2)
GHSA
GHSA-rffm-7xqq-h2v6: Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0
ghsa_unreviewed·2022-05-14
CVE-2014-2525 [MEDIUM] CWE-119 GHSA-rffm-7xqq-h2v6: Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
OSV
CVE-2014-2525: Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0
osv·2014-03-28·CVSS 6.8
CVE-2014-2525 [MEDIUM] CVE-2014-2525: Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2014-2525 libyaml: heap-based buffer overflow when parsing URLs [epel-all]
bugzilla·2014-03-28·CVSS 6.8
CVE-2014-2525 [MEDIUM] CVE-2014-2525 libyaml: heap-based buffer overflow when parsing URLs [epel-all]
CVE-2014-2525 libyaml: heap-based buffer overflow when parsing URLs [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this iss
Bugzilla
CVE-2014-2525 perl-YAML-LibYAML: libyaml: heap-based buffer overflow when parsing URLs [epel-6]
bugzilla·2014-03-27·CVSS 6.8
CVE-2014-2525 [MEDIUM] CVE-2014-2525 perl-YAML-LibYAML: libyaml: heap-based buffer overflow when parsing URLs [epel-6]
CVE-2014-2525 perl-YAML-LibYAML: libyaml: heap-based buffer overflow when parsing URLs [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
epel
Bugzilla
CVE-2014-2525 libyaml: heap-based buffer overflow when parsing URLs [fedora-all]
bugzilla·2014-03-27·CVSS 6.8
CVE-2014-2525 [MEDIUM] CVE-2014-2525 libyaml: heap-based buffer overflow when parsing URLs [fedora-all]
CVE-2014-2525 libyaml: heap-based buffer overflow when parsing URLs [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Please note: this issue
Bugzilla
CVE-2014-2525 perl-YAML-LibYAML: libyaml: heap-based buffer overflow when parsing URLs [fedora-all]
bugzilla·2014-03-27·CVSS 6.8
CVE-2014-2525 [MEDIUM] CVE-2014-2525 perl-YAML-LibYAML: libyaml: heap-based buffer overflow when parsing URLs [fedora-all]
CVE-2014-2525 perl-YAML-LibYAML: libyaml: heap-based buffer overflow when parsing URLs [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When creating a Bodhi update request, please use the bodhi submission link
noted in the next comment(s). This will include the bug IDs of this
tracking bug as well as the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bodhi notes field when available.
Pleas
Bugzilla
CVE-2014-2525 libyaml: heap-based buffer overflow when parsing URLs
bugzilla·2014-03-19·CVSS 6.8
CVE-2014-2525 [MEDIUM] CVE-2014-2525 libyaml: heap-based buffer overflow when parsing URLs
CVE-2014-2525 libyaml: heap-based buffer overflow when parsing URLs
A heap-based buffer overflow flaw was found in the way libyaml parsed URLs. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
Acknowledgements:
Red Hat would like to thank oCERT for reporting this issue. oCERT acknowledges Ivan Fratric of the Google Security Team as the original reporter.
Discussion:
Created attachment 876237
patch from upstream
---
libyaml is shipped as part of Red Hat Software Collections 1 via ruby193-libyaml package. This package is used by ruby193-ruby. Impact for this use case is limited, as ruby
Bugzilla
CVE-2013-6480 python-libcloud: doesn't send scrub_data query parameter when destroying a DigitalOcean node
bugzilla·2014-01-02·CVSS 2.1
CVE-2013-6480 [LOW] CVE-2013-6480 python-libcloud: doesn't send scrub_data query parameter when destroying a DigitalOcean node
CVE-2013-6480 python-libcloud: doesn't send scrub_data query parameter when destroying a DigitalOcean node
DigitalOcean recently changed the default API behavior from scrub to non-scrub when destroying a VM.
Libcloud doesn't explicitly send "scrub_data" query parameter when destroying a node. This means nodes which are destroyed using Libcloud are vulnerable to later customers stealing data contained on them. Only users who are using DigitalOcean driver are known to be affected by this issue.
The issue is said to be fixed in the version 0.13.3.
References:
http://seclists.org/fulldisclosure/2014/Jan/11
http://libcloud.apache.org/security.html
https://digitalocean.com/blog_posts/transparency-regarding-data-security
https://github.com/fog/fog/issues/2525
Commit:
https://github.com/apach
http://advisories.mageia.org/MGASA-2014-0150.htmlhttp://lists.opensuse.org/opensuse-updates/2014-04/msg00022.htmlhttp://lists.opensuse.org/opensuse-updates/2015-02/msg00078.htmlhttp://lists.opensuse.org/opensuse-updates/2016-04/msg00050.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0353.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0354.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0355.htmlhttp://secunia.com/advisories/57836http://secunia.com/advisories/57966http://secunia.com/advisories/57968http://support.apple.com/kb/HT6443http://www.debian.org/security/2014/dsa-2884http://www.debian.org/security/2014/dsa-2885http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/http://www.mandriva.com/security/advisories?name=MDVSA-2015:060http://www.ocert.org/advisories/ocert-2014-003.htmlhttp://www.securityfocus.com/bid/66478http://www.ubuntu.com/usn/USN-2160-1https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048https://puppet.com/security/cve/cve-2014-2525http://advisories.mageia.org/MGASA-2014-0150.htmlhttp://lists.opensuse.org/opensuse-updates/2014-04/msg00022.htmlhttp://lists.opensuse.org/opensuse-updates/2015-02/msg00078.htmlhttp://lists.opensuse.org/opensuse-updates/2016-04/msg00050.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0353.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0354.htmlhttp://rhn.redhat.com/errata/RHSA-2014-0355.htmlhttp://secunia.com/advisories/57836http://secunia.com/advisories/57966http://secunia.com/advisories/57968http://support.apple.com/kb/HT6443http://www.debian.org/security/2014/dsa-2884http://www.debian.org/security/2014/dsa-2885http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/http://www.mandriva.com/security/advisories?name=MDVSA-2015:060http://www.ocert.org/advisories/ocert-2014-003.htmlhttp://www.securityfocus.com/bid/66478http://www.ubuntu.com/usn/USN-2160-1https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048https://puppet.com/security/cve/cve-2014-2525
2014-03-28
Published