CVE-2013-6393

The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pyyaml:libyaml:0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:pyyaml:libyaml:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:pyyaml:libyaml:0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:pyyaml:libyaml:*:*:*:*:*:*:*:*
cpe:2.3:a:pyyaml:libyaml:0.1.3:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Information

Published : 2014-02-06 14:55

Updated : 2018-10-30 09:27


NVD link : CVE-2013-6393

Mitre link : CVE-2013-6393


JSON object : View

CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

Advertisement

dedicated server usa

Products Affected

redhat

  • openstack

pyyaml

  • libyaml

canonical

  • ubuntu_linux

opensuse

  • leap
  • opensuse

debian

  • debian_linux