Launchpad CVE tracker

CVE 2014-2525

Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.

Related bugs and status

CVE-2014-2525 (Candidate) is related to these bugs:

Bug #1305949: Please bump libyaml to 0.1.6 due to CVE-2014-2525

Summary				In	Importance	Status
	1305949	Please bump libyaml to 0.1.6 due to CVE-2014-2525		libyaml (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.ocert.org/a...
CONFIRM: https://bitbucket.org/...
DEBIAN: DSA-2884
DEBIAN: DSA-2885
REDHAT: RHSA-2014:0353
REDHAT: RHSA-2014:0354
REDHAT: RHSA-2014:0355
SUSE: openSUSE-SU-2014:0500
UBUNTU: USN-2160-1
CONFIRM: http://www.getchef.com...
CONFIRM: http://www.getchef.com...
CONFIRM: http://www.getchef.com...
SECUNIA: 57836
SECUNIA: 57966
SECUNIA: 57968
CONFIRM: http://support.apple.c...
SUSE: openSUSE-SU-2015:0319
CONFIRM: http://advisories.mage...
MANDRIVA: MDVSA-2015:060
BID: 66478
SUSE: openSUSE-SU-2016:1067
CONFIRM: https://puppet.com/sec...

Launchpad.net

CVE 2014-2525

Related bugs and status

Related bugs

References