CVE-2013-6393

Source
https://nvd.nist.gov/vuln/detail/CVE-2013-6393
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2013-6393.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2013-6393
Aliases
Related
Published
2014-02-06T22:55:03Z
Modified
2024-09-11T02:00:05Z
Summary
[none]
Details

The yamlparserscantaguri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.

References

Affected packages

Debian:11 / libyaml

Package

Name
libyaml
Purl
pkg:deb/debian/libyaml?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.4-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libyaml

Package

Name
libyaml
Purl
pkg:deb/debian/libyaml?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.4-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libyaml

Package

Name
libyaml
Purl
pkg:deb/debian/libyaml?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.1.4-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / libyaml-libyaml-perl

Package

Name
libyaml-libyaml-perl
Purl
pkg:deb/debian/libyaml-libyaml-perl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.41-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / libyaml-libyaml-perl

Package

Name
libyaml-libyaml-perl
Purl
pkg:deb/debian/libyaml-libyaml-perl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.41-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / libyaml-libyaml-perl

Package

Name
libyaml-libyaml-perl
Purl
pkg:deb/debian/libyaml-libyaml-perl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.41-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}