CVE-2014-2525

EPSS 61.9%

libyaml - security update

發布日:2014/3/28修改日:2026/4/28

描述

Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.

受影響套件(4)

Debian/libyamlfrom 0, < 0.1.4-3.2
Debian/libyamlfrom 0, < 0.1.3-1+deb6u4
Debian/libyaml-libyaml-perlfrom 0, < 0.41-5
Debian/libyaml-libyaml-perlfrom 0, < 0.33-1+squeeze3

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-2525