CVE-2014-9130

medium

Description

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.

References

https://puppet.com/security/cve/cve-2014-9130

https://exchange.xforce.ibmcloud.com/vulnerabilities/99047

http://www.ubuntu.com/usn/USN-2461-3

http://www.ubuntu.com/usn/USN-2461-2

http://www.ubuntu.com/usn/USN-2461-1

http://www.securityfocus.com/bid/71349

http://www.openwall.com/lists/oss-security/2014/11/29/3

http://www.openwall.com/lists/oss-security/2014/11/28/8

http://www.mandriva.com/security/advisories?name=MDVSA-2015:060

http://www.mandriva.com/security/advisories?name=MDVSA-2014:242

http://www.debian.org/security/2014/dsa-3115

http://www.debian.org/security/2014/dsa-3103

http://www.debian.org/security/2014/dsa-3102

http://secunia.com/advisories/62774

http://secunia.com/advisories/62723

http://secunia.com/advisories/62705

http://secunia.com/advisories/62176

http://secunia.com/advisories/62174

http://secunia.com/advisories/62164

http://secunia.com/advisories/60944

http://secunia.com/advisories/59947

http://rhn.redhat.com/errata/RHSA-2015-0260.html

http://rhn.redhat.com/errata/RHSA-2015-0112.html

http://rhn.redhat.com/errata/RHSA-2015-0100.html

http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html

http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html

http://linux.oracle.com/errata/ELSA-2015-0100.html

http://advisories.mageia.org/MGASA-2014-0508.html

Details

Source: Mitre, NVD

Published: 2014-12-08

Updated: 2017-12-09

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Severity: Medium