CVE-2024-35326

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

28 Aug 2024, 16:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~9.8~~	v2 : unknown v3 : unknown
CWE	~~CWE-787~~
Summary	(es) libyaml v0.2.5 es vulnerable al desbordamiento de búfer. La función yaml_emitter_emit del archivo /src/libyaml/src/emitter.c es afectada por esta vulnerabilidad. La manipulación conduce a una doble libertad.
Summary	(en) libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issue is the function yaml_emitter_emit of the file /src/libyaml/src/emitter.c. The manipulation leads to a double-free. NOTE: this is disputed by the supplier because the discoverer's sample C code is incorrect: it does not call all of the required _initialize functions that are described in the LibYAML documentation.	(en) Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CPE	cpe:2.3:a:pyyaml:libyaml:0.2.5:::::::*
References	~~{'url': 'https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35326.c', 'tags': ['Exploit', 'Third Party Advisory'], 'source': 'cve@mitre.org'}~~ ~~{'url': 'https://github.com/idhyt/pocs/tree/main/libyaml', 'source': 'cve@mitre.org'}~~ ~~{'url': 'https://github.com/yaml/libyaml/issues/298', 'source': 'cve@mitre.org'}~~ ~~{'url': 'https://github.com/yaml/libyaml/issues/302', 'source': 'cve@mitre.org'}~~

28 Aug 2024, 15:15

Type	Values Removed	Values Added
Summary	~~(en) libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issue is the function yaml_emitter_emit of the file /src/libyaml/src/emitter.c. The manipulation leads to a double-free.~~	(en) libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issue is the function yaml_emitter_emit of the file /src/libyaml/src/emitter.c. The manipulation leads to a double-free. NOTE: this is disputed by the supplier because the discoverer's sample C code is incorrect: it does not call all of the required _initialize functions that are described in the LibYAML documentation.
References		() https://github.com/idhyt/pocs/tree/main/libyaml - () https://github.com/yaml/libyaml/issues/298 - () https://github.com/yaml/libyaml/issues/302 -

06 Aug 2024, 17:11

Type	Values Removed	Values Added
CPE		cpe:2.3:a:pyyaml:libyaml:0.2.5:::::::*
Summary		(es) libyaml v0.2.5 es vulnerable al desbordamiento de búfer. La función yaml_emitter_emit del archivo /src/libyaml/src/emitter.c es afectada por esta vulnerabilidad. La manipulación conduce a una doble libertad.
CWE		CWE-787
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Pyyaml Pyyaml libyaml
References	~~() https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35326.c -~~	() https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35326.c - Exploit, Third Party Advisory

13 Jun 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-06-13 17:15

Updated : 2024-08-28 16:15

NVD link : CVE-2024-35326

Mitre link : CVE-2024-35326

CVE.ORG link : CVE-2024-35326

JSON object : View

Products Affected

No product.

CWE

No CWE.

JSON object

Attach tags to CVE-2024-35326

Attach tags to `CVE-2024-35326`