CVE-2013-6393 libyaml: heap-based buffer overflow when parsing YAML tags
Bug #1276156 reported by
John Leach
This bug affects 6 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libyaml (Debian) |
Fix Released
|
Unknown
|
|||
libyaml (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Lucid |
Won't Fix
|
Medium
|
Unassigned | ||
Precise |
Fix Released
|
Medium
|
Unassigned |
Bug Description
https:/
"A heap-based buffer overflow flaw was found in the way libyaml parsed YAML tags. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application."
Fixed in Debian package 0.1.4-2+deb7u2
http://
That fix has been merged into Trusty already (0.1.4-3ubuntu1) but no others.
CVE References
information type: | Private Security → Public Security |
Changed in libyaml (Debian): | |
status: | Unknown → Fix Released |
Changed in libyaml (Ubuntu Precise): | |
status: | New → Confirmed |
Changed in libyaml (Ubuntu Lucid): | |
status: | New → Confirmed |
Changed in libyaml (Ubuntu Trusty): | |
status: | New → Fix Released |
Changed in libyaml (Ubuntu Utopic): | |
status: | Confirmed → Fix Released |
no longer affects: | libyaml (Ubuntu Trusty) |
no longer affects: | libyaml (Ubuntu Utopic) |
Changed in libyaml (Ubuntu): | |
importance: | Undecided → Medium |
Changed in libyaml (Ubuntu Lucid): | |
importance: | Undecided → Medium |
Changed in libyaml (Ubuntu Precise): | |
importance: | Undecided → Medium |
To post a comment you must log in.
Status changed to 'Confirmed' because the bug affects multiple users.