cbcvebase.
CVE-2014-9130
published 2014-12-08

CVE-2014-9130: scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of…

PriorityP426medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
13.20%
95.9th percentile
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.

Affected

13 ranges
VendorProductVersion rangeFixed in
debianlibyaml< libyaml 0.1.6-3 (bookworm)libyaml 0.1.6-3 (bookworm)
debianlibyaml-libyaml-perl< libyaml 0.1.6-3 (bookworm)libyaml 0.1.6-3 (bookworm)
debianpyyaml< libyaml 0.1.6-3 (bookworm)libyaml 0.1.6-3 (bookworm)
pyyamllibyaml
pyyamllibyaml
pyyamllibyaml>= 0 < 0.1.6-30.1.6-3
pyyamllibyaml>= 0 < 0.1.6-30.1.6-3
pyyamllibyaml>= 0 < 0.1.6-30.1.6-3
pyyamllibyaml>= 0 < 0.1.6-30.1.6-3
pyyamlpyyaml>= 0 < 3.11-23.11-2
pyyamlpyyaml>= 0 < 3.11-23.11-2
pyyamlpyyaml>= 0 < 3.11-23.11-2
pyyamlpyyaml>= 0 < 3.11-23.11-2

Detection & IOCsextracted from sources · hover to see the quote

  • Trigger condition is an assertion failure in scanner.c when parsing YAML data containing wrapped (line-wrapped) strings; look for abnormal process termination (SIGABRT/assert) in applications that consume YAML input via LibYAML, YAML-LibYAML (Perl), or PyYAML.
  • Vulnerable code is specifically in scanner.c of LibYAML 0.1.5 and 0.1.6; detection should focus on processes loading YAML from untrusted sources using these library versions.
  • The same assertion-failure vulnerability exists in PyYAML (Python implementation); monitor Python applications parsing untrusted YAML for unexpected crashes/assert failures.
  • ·Debian fixed the vulnerability in libyaml package version 0.1.6-3; systems running earlier package versions across bookworm, bullseye, trixie, forky, and sid remain vulnerable.
  • ·Red Hat deferred or will not fix the issue in several products (MRG 1, MRG 2, Satellite 5, Satellite 6, Subscription Asset Manager); mingw-libyaml in CloudForms Management Engine 5 is not affected.

CVSS provenance

nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.