Search CVE reports
1 – 10 of 11 results
YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial...
1 affected package
libyaml-syck-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libyaml-syck-perl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows adjacent...
1 affected package
libyaml-syck-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libyaml-syck-perl | Fixed | Fixed | Fixed | Fixed |
Some fixes available 2 of 6
YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified
1 affected package
libyaml-libyaml-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libyaml-libyaml-perl | Fixed | Fixed | Needs evaluation | Needs evaluation |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
4 affected packages
libyaml, libyaml-libyaml-perl, golang-goyaml, golang-yaml.v2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libyaml | Not affected | Not affected | Not affected | Not affected |
| libyaml-libyaml-perl | Not affected | Not affected | Not affected | Not affected |
| golang-goyaml | Not in release | Not in release | Not in release | — |
| golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
4 affected packages
libyaml, libyaml-libyaml-perl, golang-goyaml, golang-yaml.v2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libyaml | Not affected | Not affected | Not affected | Not affected |
| libyaml-libyaml-perl | Not affected | Not affected | Not affected | Not affected |
| golang-goyaml | Not in release | Not in release | Not in release | — |
| golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
4 affected packages
libyaml, libyaml-libyaml-perl, golang-goyaml, golang-yaml.v2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libyaml | Not affected | Not affected | Not affected | Not affected |
| libyaml-libyaml-perl | Not affected | Not affected | Not affected | Not affected |
| golang-goyaml | Not in release | Not in release | Not in release | — |
| golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
4 affected packages
libyaml, libyaml-libyaml-perl, golang-goyaml, golang-yaml.v2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libyaml | Not affected | Not affected | Not affected | Not affected |
| libyaml-libyaml-perl | Not affected | Not affected | Not affected | Not affected |
| golang-goyaml | Not in release | Not in release | Not in release | — |
| golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected |
Some fixes available 9 of 12
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
3 affected packages
libyaml, pyyaml, libyaml-libyaml-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libyaml | — | — | — | — |
| pyyaml | — | — | — | — |
| libyaml-libyaml-perl | — | — | — | — |
Some fixes available 6 of 8
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
2 affected packages
libyaml, libyaml-libyaml-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libyaml | — | — | — | — |
| libyaml-libyaml-perl | — | — | — | — |
Some fixes available 6 of 9
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted...
2 affected packages
libyaml, libyaml-libyaml-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libyaml | — | — | — | — |
| libyaml-libyaml-perl | — | — | — | — |