CVE-2014-9130 — Improper Input Validation in Libyaml

CWE-20 — Improper Input Validation CWE-617 — Reachable Assertion17 documents9 sources

Severity

5.0MEDIUMNVD

EPSS

54.8%

top 1.95%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Pyyaml Libyaml Pyyaml

Timeline

PublishedDec 8

Latest updateMay 17

Description

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶Debianpyyaml/libyaml< 0.1.6-3+3

▶NVDpyyaml/libyaml0.1.5, 0.1.6+1

▶Debianpyyaml/pyyaml< 3.11-2+3

🔴Vulnerability Details

GHSA

GHSA-wrq2-fvvw-grpm: scanner↗2022-05-17

▶

CVEList

CVE-2014-9130: scanner↗2014-12-08

▶

OSV

CVE-2014-9130: scanner↗2014-12-08

▶

📋Vendor Advisories

Ubuntu

PyYAML vulnerability↗2015-01-12

▶

Ubuntu

libyaml-libyaml-perl vulnerability↗2015-01-12

▶

Ubuntu

LibYAML vulnerability↗2015-01-12

▶

Red Hat

libyaml: assert failure when processing wrapped strings↗2014-11-26

▶

Debian

CVE-2014-9130: libyaml - scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) ...↗2014

▶

💬Community

HackerOne

Ruby 2.3.x and 2.2.x still bundle DoS vulnerable verision of libYAML↗2017-10-25

▶

Bugzilla

PyYAML: assert failure when processing wrapped strings↗2015-03-23

▶

Bugzilla

CVE-2014-9130 perl-YAML-LibYAML: libyaml: assert failure when processing wrapped strings [epel-6]↗2014-12-02

▶

Bugzilla

CVE-2014-9130 perl-YAML-LibYAML: libyaml: assert failure when processing wrapped strings [epel-7]↗2014-12-02

▶

Bugzilla

CVE-2014-9130 perl-YAML-LibYAML: libyaml: assert failure when processing wrapped strings [fedora-all]↗2014-12-02

▶