CVE-2013-6393

The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pyyaml:libyaml:*:*:*:*:*:*:*:*
cpe:2.3:a:pyyaml:libyaml:0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:pyyaml:libyaml:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:pyyaml:libyaml:0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:pyyaml:libyaml:0.1.3:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-02-06 22:55

Updated : 2024-02-04 18:35


NVD link : CVE-2013-6393

Mitre link : CVE-2013-6393

CVE.ORG link : CVE-2013-6393


JSON object : View

Products Affected

debian

  • debian_linux

opensuse

  • opensuse
  • leap

canonical

  • ubuntu_linux

pyyaml

  • libyaml

redhat

  • openstack
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer