CVE-2014-2525

Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
pyyamllibyaml
𝑥
≤ 0.1.5
pyyamllibyaml
0.0.1
pyyamllibyaml
0.1.1
pyyamllibyaml
0.1.2
pyyamllibyaml
0.1.3
pyyamllibyaml
0.1.4
opensuseleap
42.1
opensuseopensuse
13.1
opensuseopensuse
13.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libyaml
bookworm
0.2.5-1
fixed
bullseye
0.2.2-1
fixed
sid
0.2.5-1
fixed
trixie
0.2.5-1
fixed
libyaml-libyaml-perl
bookworm
0.86+ds-1
fixed
bullseye
0.82+repack-1
fixed
sid
0.902.0+ds-2
fixed
trixie
0.902.0+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libyaml
lucid
ignored
precise
Fixed 0.1.4-2ubuntu0.12.04.3
released
quantal
Fixed 0.1.4-2ubuntu0.12.10.3
released
saucy
Fixed 0.1.4-2ubuntu0.13.10.3
released
libyaml-libyaml-perl
lucid
ignored
precise
Fixed 0.38-2ubuntu0.1
released
quantal
Fixed 0.38-3ubuntu0.12.10.1
released
saucy
Fixed 0.38-3ubuntu0.13.10.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libyaml-0-2
suse enterprise desktop 15
0.1.7-1.17
fixed
suse enterprise desktop 15 SP1
0.1.7-1.17
fixed
suse enterprise desktop 15 SP2
0.1.7-1.17
fixed
suse enterprise desktop 15 SP3
0.1.7-1.17
fixed
suse enterprise desktop 15 SP4
0.1.7-1.17
fixed
suse enterprise desktop 15 SP5
0.1.7-1.17
fixed
suse enterprise desktop 15 SP6
0.1.7-1.17
fixed
suse enterprise desktop 15 SP7
0.1.7-150000.3.2.1
fixed
suse enterprise sap 12 SP5
0.1.6-7.1
fixed
suse enterprise sap 15
0.1.7-1.17
fixed
suse enterprise sap 15 SP1
0.1.7-1.17
fixed
suse enterprise sap 15 SP2
0.1.7-1.17
fixed
suse enterprise sap 15 SP3
0.1.7-1.17
fixed
suse enterprise sap 15 SP4
0.1.7-1.17
fixed
suse enterprise sap 15 SP5
0.1.7-1.17
fixed
suse enterprise sap 15 SP6
0.1.7-1.17
fixed
suse enterprise sap 15 SP7
0.1.7-150000.3.2.1
fixed
suse enterprise server 12 SP1
0.1.6-7.1
fixed
suse enterprise server 12 SP2
0.1.6-7.1
fixed
suse enterprise server 12 SP3
0.1.6-7.1
fixed
suse enterprise server 12 SP4
0.1.6-7.1
fixed
suse enterprise server 12 SP5
0.1.6-7.1
fixed
suse enterprise server 15
0.1.7-1.17
fixed
suse enterprise server 15 SP1
0.1.7-1.17
fixed
suse enterprise server 15 SP2
0.1.7-1.17
fixed
suse enterprise server 15 SP3
0.1.7-1.17
fixed
suse enterprise server 15 SP4
0.1.7-1.17
fixed
suse enterprise server 15 SP5
0.1.7-1.17
fixed
suse enterprise server 15 SP6
0.1.7-1.17
fixed
suse enterprise server 15 SP7
0.1.7-150000.3.2.1
fixed
libyaml-devel
suse enterprise desktop 15
0.1.7-1.17
fixed
suse enterprise desktop 15 SP1
0.1.7-1.17
fixed
suse enterprise desktop 15 SP2
0.1.7-1.17
fixed
suse enterprise desktop 15 SP3
0.1.7-1.17
fixed
suse enterprise desktop 15 SP4
0.1.7-1.17
fixed
suse enterprise desktop 15 SP5
0.1.7-1.17
fixed
suse enterprise desktop 15 SP6
0.1.7-1.17
fixed
suse enterprise desktop 15 SP7
0.1.7-150000.3.2.1
fixed
suse enterprise sap 15
0.1.7-1.17
fixed
suse enterprise sap 15 SP1
0.1.7-1.17
fixed
suse enterprise sap 15 SP2
0.1.7-1.17
fixed
suse enterprise sap 15 SP3
0.1.7-1.17
fixed
suse enterprise sap 15 SP4
0.1.7-1.17
fixed
suse enterprise sap 15 SP5
0.1.7-1.17
fixed
suse enterprise sap 15 SP6
0.1.7-1.17
fixed
suse enterprise sap 15 SP7
0.1.7-150000.3.2.1
fixed
suse enterprise server 15
0.1.7-1.17
fixed
suse enterprise server 15 SP1
0.1.7-1.17
fixed
suse enterprise server 15 SP2
0.1.7-1.17
fixed
suse enterprise server 15 SP3
0.1.7-1.17
fixed
suse enterprise server 15 SP4
0.1.7-1.17
fixed
suse enterprise server 15 SP5
0.1.7-1.17
fixed
suse enterprise server 15 SP6
0.1.7-1.17
fixed
suse enterprise server 15 SP7
0.1.7-150000.3.2.1
fixed
perl-YAML-LibYAML
suse enterprise sap 12 SP5
0.38-10.1
fixed
suse enterprise server 12 SP1
0.38-10.1
fixed
suse enterprise server 12 SP2
0.38-10.1
fixed
suse enterprise server 12 SP3
0.38-10.1
fixed
suse enterprise server 12 SP4
0.38-10.1
fixed
suse enterprise server 12 SP5
0.38-10.1
fixed
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2014-0150.html
http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html
http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html
http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html
http://rhn.redhat.com/errata/RHSA-2014-0353.html
http://rhn.redhat.com/errata/RHSA-2014-0354.html
http://rhn.redhat.com/errata/RHSA-2014-0355.html
http://secunia.com/advisories/57836
http://secunia.com/advisories/57966
http://secunia.com/advisories/57968
http://support.apple.com/kb/HT6443
http://www.debian.org/security/2014/dsa-2884
http://www.debian.org/security/2014/dsa-2885
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
http://www.mandriva.com/security/advisories?name=MDVSA-2015:060
http://www.ocert.org/advisories/ocert-2014-003.html
http://www.securityfocus.com/bid/66478
http://www.ubuntu.com/usn/USN-2160-1
https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048
https://puppet.com/security/cve/cve-2014-2525
http://advisories.mageia.org/MGASA-2014-0150.html
http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html
http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html
http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html
http://rhn.redhat.com/errata/RHSA-2014-0353.html
http://rhn.redhat.com/errata/RHSA-2014-0354.html
http://rhn.redhat.com/errata/RHSA-2014-0355.html
http://secunia.com/advisories/57836
http://secunia.com/advisories/57966
http://secunia.com/advisories/57968
http://support.apple.com/kb/HT6443
http://www.debian.org/security/2014/dsa-2884
http://www.debian.org/security/2014/dsa-2885
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
http://www.mandriva.com/security/advisories?name=MDVSA-2015:060
http://www.ocert.org/advisories/ocert-2014-003.html
http://www.securityfocus.com/bid/66478
http://www.ubuntu.com/usn/USN-2160-1
https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048
https://puppet.com/security/cve/cve-2014-2525