Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-9130

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.

Published

2014-12-08T16:59:04.450

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-20

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	pyyaml	libyaml	0.1.5	Yes
Application	pyyaml	libyaml	0.1.6	Yes

References

http://advisories.mageia.org/MGASA-2014-0508.html ([email protected])
http://linux.oracle.com/errata/ELSA-2015-0100.html ([email protected])
http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html ([email protected])
http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-0100.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-0112.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-0260.html ([email protected])
http://secunia.com/advisories/59947 ([email protected])
http://secunia.com/advisories/60944 ([email protected])
http://secunia.com/advisories/62164 ([email protected])
http://secunia.com/advisories/62174 ([email protected])
http://secunia.com/advisories/62176 ([email protected])
http://secunia.com/advisories/62705 ([email protected])
http://secunia.com/advisories/62723 ([email protected])
http://secunia.com/advisories/62774 ([email protected])
http://www.debian.org/security/2014/dsa-3102 ([email protected])
http://www.debian.org/security/2014/dsa-3103 ([email protected])
http://www.debian.org/security/2014/dsa-3115 ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2014:242 ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2015:060 ([email protected])
http://www.openwall.com/lists/oss-security/2014/11/28/1 Exploit ([email protected])
http://www.openwall.com/lists/oss-security/2014/11/28/8 ([email protected])
http://www.openwall.com/lists/oss-security/2014/11/29/3 ([email protected])
http://www.securityfocus.com/bid/71349 ([email protected])
http://www.ubuntu.com/usn/USN-2461-1 ([email protected])
http://www.ubuntu.com/usn/USN-2461-2 ([email protected])
http://www.ubuntu.com/usn/USN-2461-3 ([email protected])
https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2 Exploit ([email protected])
https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure Exploit ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/99047 ([email protected])
https://puppet.com/security/cve/cve-2014-9130 ([email protected])
http://advisories.mageia.org/MGASA-2014-0508.html (af854a3a-2127-422b-91ae-364da2661108)
http://linux.oracle.com/errata/ELSA-2015-0100.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-0100.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-0112.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-0260.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/59947 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/60944 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/62164 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/62174 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/62176 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/62705 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/62723 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/62774 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2014/dsa-3102 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2014/dsa-3103 (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2014/dsa-3115 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2014:242 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2015:060 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2014/11/28/1 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2014/11/28/8 (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2014/11/29/3 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/71349 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2461-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2461-2 (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/USN-2461-3 (af854a3a-2127-422b-91ae-364da2661108)
https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2 Exploit (af854a3a-2127-422b-91ae-364da2661108)
https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure Exploit (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/99047 (af854a3a-2127-422b-91ae-364da2661108)
https://puppet.com/security/cve/cve-2014-9130 (af854a3a-2127-422b-91ae-364da2661108)