CVE-2014-2525Improper Restriction of Operations within the Bounds of a Memory Buffer in Libyaml

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-122Heap-based Buffer Overflow14 documents8 sources
Severity
6.8MEDIUMNVD
EPSS
63.2%
top 1.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Pyyaml LibyamlOpensuse LeapOpensuse
Timeline
PublishedMar 28
Latest updateMay 14

Description

Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages4 packages

Debianpyyaml/libyaml< 0.1.4-3.2+3
NVDpyyaml/libyaml0.1.5+5
NVDopensuse/leap42.1
NVDopensuse/opensuse13.1, 13.2+1

Patches

Patch: bitbucket.orgPatch: bitbucket.org

🔴Vulnerability Details

3
GHSA
GHSA-rffm-7xqq-h2v6: Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 02022-05-14
CVEList
CVE-2014-2525: Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 02014-03-28
OSV
CVE-2014-2525: Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 02014-03-28

📋Vendor Advisories

4
Ubuntu
libyaml-libyaml-perl vulnerabilities2014-04-03
Ubuntu
LibYAML vulnerability2014-04-03
Red Hat
libyaml: heap-based buffer overflow when parsing URLs2014-03-27
Debian
CVE-2014-2525: libyaml - Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYA...2014

💬Community

6
Bugzilla
CVE-2014-2525 libyaml: heap-based buffer overflow when parsing URLs [epel-all]2014-03-28
Bugzilla
CVE-2014-2525 perl-YAML-LibYAML: libyaml: heap-based buffer overflow when parsing URLs [epel-6]2014-03-27
Bugzilla
CVE-2014-2525 libyaml: heap-based buffer overflow when parsing URLs [fedora-all]2014-03-27
Bugzilla
CVE-2014-2525 perl-YAML-LibYAML: libyaml: heap-based buffer overflow when parsing URLs [fedora-all]2014-03-27
Bugzilla
CVE-2014-2525 libyaml: heap-based buffer overflow when parsing URLs2014-03-19
CVE-2014-2525 — Pyyaml Libyaml vulnerability | cvebase