CVE-2014-2525

Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:pyyaml:libyaml:*:*:*:*:*:*:*:*
cpe:2.3:a:pyyaml:libyaml:0.0.1:*:*:*:*:*:*:*
cpe:2.3:a:pyyaml:libyaml:0.1.1:*:*:*:*:*:*:*
cpe:2.3:a:pyyaml:libyaml:0.1.2:*:*:*:*:*:*:*
cpe:2.3:a:pyyaml:libyaml:0.1.3:*:*:*:*:*:*:*
cpe:2.3:a:pyyaml:libyaml:0.1.4:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-03-28 15:55

Updated : 2024-02-04 18:35


NVD link : CVE-2014-2525

Mitre link : CVE-2014-2525

CVE.ORG link : CVE-2014-2525


JSON object : View

Products Affected

opensuse

  • opensuse
  • leap

pyyaml

  • libyaml
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer