CVE-2014-9130

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 98%
Affected Products (NVD)
VendorProductVersion
pyyamllibyaml
0.1.5
pyyamllibyaml
0.1.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libyaml
bookworm
0.2.5-1
fixed
bullseye
0.2.2-1
fixed
sid
0.2.5-1
fixed
trixie
0.2.5-1
fixed
libyaml-libyaml-perl
bookworm
0.86+ds-1
fixed
bullseye
0.82+repack-1
fixed
sid
0.902.0+ds-2
fixed
trixie
0.902.0+ds-2
fixed
pyyaml
bookworm
6.0-3
fixed
bullseye
5.3.1-5
fixed
sid
6.0.2-1
fixed
trixie
6.0.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
libyaml
lucid
ignored
precise
Fixed 0.1.4-2ubuntu0.12.04.4
released
trusty
Fixed 0.1.4-3ubuntu3.1
released
utopic
Fixed 0.1.6-1ubuntu0.1
released
libyaml-libyaml-perl
lucid
ignored
precise
Fixed 0.38-2ubuntu0.2
released
trusty
Fixed 0.41-5ubuntu0.14.04.1
released
utopic
Fixed 0.41-5ubuntu0.14.10.1
released
pyyaml
lucid
ignored
precise
Fixed 3.10-2ubuntu0.1
released
trusty
Fixed 3.10-4ubuntu0.1
released
utopic
Fixed 3.11-1ubuntu0.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libyaml-0-2
suse enterprise desktop 15
0.1.7-1.17
fixed
suse enterprise desktop 15 SP1
0.1.7-1.17
fixed
suse enterprise desktop 15 SP2
0.1.7-1.17
fixed
suse enterprise desktop 15 SP3
0.1.7-1.17
fixed
suse enterprise desktop 15 SP4
0.1.7-1.17
fixed
suse enterprise desktop 15 SP5
0.1.7-1.17
fixed
suse enterprise desktop 15 SP6
0.1.7-1.17
fixed
suse enterprise desktop 15 SP7
0.1.7-150000.3.2.1
fixed
suse enterprise sap 12
0.1.6-4.1
fixed
suse enterprise sap 12 SP5
0.1.6-7.1
fixed
suse enterprise sap 15
0.1.7-1.17
fixed
suse enterprise sap 15 SP1
0.1.7-1.17
fixed
suse enterprise sap 15 SP2
0.1.7-1.17
fixed
suse enterprise sap 15 SP3
0.1.7-1.17
fixed
suse enterprise sap 15 SP4
0.1.7-1.17
fixed
suse enterprise sap 15 SP5
0.1.7-1.17
fixed
suse enterprise sap 15 SP6
0.1.7-1.17
fixed
suse enterprise sap 15 SP7
0.1.7-150000.3.2.1
fixed
suse enterprise server 12
0.1.6-4.1
fixed
suse enterprise server 12 SP1
0.1.6-7.1
fixed
suse enterprise server 12 SP2
0.1.6-7.1
fixed
suse enterprise server 12 SP4
0.1.6-7.1
fixed
suse enterprise server 12 SP5
0.1.6-7.1
fixed
suse enterprise server 15
0.1.7-1.17
fixed
suse enterprise server 15 SP1
0.1.7-1.17
fixed
suse enterprise server 15 SP2
0.1.7-1.17
fixed
suse enterprise server 15 SP3
0.1.7-1.17
fixed
suse enterprise server 15 SP4
0.1.7-1.17
fixed
suse enterprise server 15 SP5
0.1.7-1.17
fixed
suse enterprise server 15 SP6
0.1.7-1.17
fixed
suse enterprise server 15 SP7
0.1.7-150000.3.2.1
fixed
libyaml-devel
suse enterprise desktop 15
0.1.7-1.17
fixed
suse enterprise desktop 15 SP1
0.1.7-1.17
fixed
suse enterprise desktop 15 SP2
0.1.7-1.17
fixed
suse enterprise desktop 15 SP3
0.1.7-1.17
fixed
suse enterprise desktop 15 SP4
0.1.7-1.17
fixed
suse enterprise desktop 15 SP5
0.1.7-1.17
fixed
suse enterprise desktop 15 SP6
0.1.7-1.17
fixed
suse enterprise desktop 15 SP7
0.1.7-150000.3.2.1
fixed
suse enterprise sap 15
0.1.7-1.17
fixed
suse enterprise sap 15 SP1
0.1.7-1.17
fixed
suse enterprise sap 15 SP2
0.1.7-1.17
fixed
suse enterprise sap 15 SP3
0.1.7-1.17
fixed
suse enterprise sap 15 SP4
0.1.7-1.17
fixed
suse enterprise sap 15 SP5
0.1.7-1.17
fixed
suse enterprise sap 15 SP6
0.1.7-1.17
fixed
suse enterprise sap 15 SP7
0.1.7-150000.3.2.1
fixed
suse enterprise server 15
0.1.7-1.17
fixed
suse enterprise server 15 SP1
0.1.7-1.17
fixed
suse enterprise server 15 SP2
0.1.7-1.17
fixed
suse enterprise server 15 SP3
0.1.7-1.17
fixed
suse enterprise server 15 SP4
0.1.7-1.17
fixed
suse enterprise server 15 SP5
0.1.7-1.17
fixed
suse enterprise server 15 SP6
0.1.7-1.17
fixed
suse enterprise server 15 SP7
0.1.7-150000.3.2.1
fixed
perl-YAML-LibYAML
suse enterprise sap 12
0.38-10.1
fixed
suse enterprise sap 12 SP5
0.38-10.1
fixed
suse enterprise server 12
0.38-10.1
fixed
suse enterprise server 12 SP1
0.38-10.1
fixed
suse enterprise server 12 SP2
0.38-10.1
fixed
suse enterprise server 12 SP4
0.38-10.1
fixed
suse enterprise server 12 SP5
0.38-10.1
fixed
python-PyYAML
suse enterprise sap 12 SP5
3.12-26.6.1
fixed
suse enterprise server 12 SP4
3.12-26.6.1
fixed
suse enterprise server 12 SP5
3.12-26.6.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
libyaml
RHEL 6
0:0.1.3-4.el6_6
fixed
RHEL 7
0:0.1.4-11.el7_0
fixed
libyaml-devel
RHEL 6
0:0.1.3-4.el6_6
fixed
RHEL 7
0:0.1.4-11.el7_0
fixed
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2014-0508.html
http://linux.oracle.com/errata/ELSA-2015-0100.html
http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html
http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html
http://rhn.redhat.com/errata/RHSA-2015-0100.html
http://rhn.redhat.com/errata/RHSA-2015-0112.html
http://rhn.redhat.com/errata/RHSA-2015-0260.html
http://secunia.com/advisories/59947
http://secunia.com/advisories/60944
http://secunia.com/advisories/62164
http://secunia.com/advisories/62174
http://secunia.com/advisories/62176
http://secunia.com/advisories/62705
http://secunia.com/advisories/62723
http://secunia.com/advisories/62774
http://www.debian.org/security/2014/dsa-3102
http://www.debian.org/security/2014/dsa-3103
http://www.debian.org/security/2014/dsa-3115
http://www.mandriva.com/security/advisories?name=MDVSA-2014:242
http://www.mandriva.com/security/advisories?name=MDVSA-2015:060
http://www.openwall.com/lists/oss-security/2014/11/28/1
http://www.openwall.com/lists/oss-security/2014/11/28/8
http://www.openwall.com/lists/oss-security/2014/11/29/3
http://www.securityfocus.com/bid/71349
http://www.ubuntu.com/usn/USN-2461-1
http://www.ubuntu.com/usn/USN-2461-2
http://www.ubuntu.com/usn/USN-2461-3
https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
https://exchange.xforce.ibmcloud.com/vulnerabilities/99047
https://puppet.com/security/cve/cve-2014-9130
http://advisories.mageia.org/MGASA-2014-0508.html
http://linux.oracle.com/errata/ELSA-2015-0100.html
http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html
http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html
http://rhn.redhat.com/errata/RHSA-2015-0100.html
http://rhn.redhat.com/errata/RHSA-2015-0112.html
http://rhn.redhat.com/errata/RHSA-2015-0260.html
http://secunia.com/advisories/59947
http://secunia.com/advisories/60944
http://secunia.com/advisories/62164
http://secunia.com/advisories/62174
http://secunia.com/advisories/62176
http://secunia.com/advisories/62705
http://secunia.com/advisories/62723
http://secunia.com/advisories/62774
http://www.debian.org/security/2014/dsa-3102
http://www.debian.org/security/2014/dsa-3103
http://www.debian.org/security/2014/dsa-3115
http://www.mandriva.com/security/advisories?name=MDVSA-2014:242
http://www.mandriva.com/security/advisories?name=MDVSA-2015:060
http://www.openwall.com/lists/oss-security/2014/11/28/1
http://www.openwall.com/lists/oss-security/2014/11/28/8
http://www.openwall.com/lists/oss-security/2014/11/29/3
http://www.securityfocus.com/bid/71349
http://www.ubuntu.com/usn/USN-2461-1
http://www.ubuntu.com/usn/USN-2461-2
http://www.ubuntu.com/usn/USN-2461-3
https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
https://exchange.xforce.ibmcloud.com/vulnerabilities/99047
https://puppet.com/security/cve/cve-2014-9130