ALT-PU-2014-1169-1
Closed vulnerabilities
Published: 2014-02-06
BDU:2015-04120
Уязвимости операционной системы Debian GNU/Linux, позволяющие удаленному злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
Severity: MEDIUM (6.8)
References:
Published: 2014-02-07
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2013-6393
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.
Severity: MEDIUM (6.8)
References:
- http://advisories.mageia.org/MGASA-2014-0040.html
- http://advisories.mageia.org/MGASA-2014-0040.html
- APPLE-SA-2014-04-22-1
- APPLE-SA-2014-04-22-1
- APPLE-SA-2014-10-16-3
- APPLE-SA-2014-10-16-3
- openSUSE-SU-2014:0272
- openSUSE-SU-2014:0272
- openSUSE-SU-2014:0273
- openSUSE-SU-2014:0273
- openSUSE-SU-2015:0319
- openSUSE-SU-2015:0319
- openSUSE-SU-2016:1067
- openSUSE-SU-2016:1067
- 102716
- 102716
- RHSA-2014:0353
- RHSA-2014:0353
- RHSA-2014:0354
- RHSA-2014:0354
- RHSA-2014:0355
- RHSA-2014:0355
- DSA-2850
- DSA-2850
- DSA-2870
- DSA-2870
- MDVSA-2015:060
- MDVSA-2015:060
- 65258
- 65258
- USN-2098-1
- USN-2098-1
- https://bitbucket.org/xi/libyaml/commits/tag/0.1.5
- https://bitbucket.org/xi/libyaml/commits/tag/0.1.5
- https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff
- https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff
- https://bugzilla.redhat.com/show_bug.cgi?id=1033990
- https://bugzilla.redhat.com/show_bug.cgi?id=1033990
- https://puppet.com/security/cve/cve-2013-6393
- https://puppet.com/security/cve/cve-2013-6393
- https://support.apple.com/kb/HT6536
- https://support.apple.com/kb/HT6536
Closed bugs
CVE-2013-6393 -- libyaml: heap-based buffer overflow when parsing YAML tags