CVE-2013-6393 - Vulnerability Details

Vendors	Products
Canonical	Ubuntu Linux
Debian	Debian Linux
Opensuse	Leap Opensuse
Pyyaml	Libyaml
Redhat	Openstack Rhel Common Rhel Software Collections

Package	CPE	Advisory	Released Date
OpenStack 3 for RHEL 6
libyaml-0:0.1.3-1.4.el6	cpe:/a:redhat:openstack:3::el6	RHSA-2014:0353	2014-04-02T00:00:00Z
ruby193-libyaml-0:0.1.4-5.1.el6	cpe:/a:redhat:openstack:3::el6	RHSA-2014:0364	2014-04-03T00:00:00Z
OpenStack 4 for RHEL 6
libyaml-0:0.1.3-1.4.el6	cpe:/a:redhat:openstack:4::el6	RHSA-2014:0354	2014-04-02T00:00:00Z
Red Hat Common for RHEL 6
libyaml-0:0.1.3-1.4.el6	cpe:/a:redhat:rhel_common:6::el6	RHSA-2014:0415	2014-04-17T00:00:00Z
Red Hat Software Collections for RHEL-6
ruby193-libyaml-0:0.1.4-5.1.el6	cpe:/a:redhat:rhel_software_collections:1::el6	RHSA-2014:0355	2014-04-02T00:00:00Z

Link	Providers
http://advisories.mageia.org/MGASA-2014-0040.html
http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html
http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html
http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html
http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html
http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html
http://osvdb.org/102716
http://rhn.redhat.com/errata/RHSA-2014-0353.html
http://rhn.redhat.com/errata/RHSA-2014-0354.html
http://rhn.redhat.com/errata/RHSA-2014-0355.html
http://www.debian.org/security/2014/dsa-2850
http://www.debian.org/security/2014/dsa-2870
http://www.mandriva.com/security/advisories?name=MDVSA-2015:060
http://www.securityfocus.com/bid/65258
http://www.ubuntu.com/usn/USN-2098-1
https://bitbucket.org/xi/libyaml/commits/tag/0.1.5
https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff
https://bugzilla.redhat.com/show_bug.cgi?id=1033990
https://nvd.nist.gov/vuln/detail/CVE-2013-6393
https://puppet.com/security/cve/cve-2013-6393
https://support.apple.com/kb/HT6536
https://www.cve.org/CVERecord?id=CVE-2013-6393

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-24T00:00:00", "descriptions": [{"lang": "en", "value": "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-08T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "openSUSE-SU-2014:0273", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html"}, {"name": "DSA-2870", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-2870"}, {"name": "APPLE-SA-2014-10-16-3", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033990"}, {"name": "APPLE-SA-2014-04-22-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"}, {"name": "102716", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/102716"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff"}, {"name": "MDVSA-2015:060", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"}, {"name": "65258", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/65258"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2014-0040.html"}, {"name": "openSUSE-SU-2015:0319", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"}, {"name": "RHSA-2014:0355", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"}, {"name": "openSUSE-SU-2014:0272", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html"}, {"name": "RHSA-2014:0354", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT6536"}, {"name": "openSUSE-SU-2016:1067", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"}, {"name": "DSA-2850", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-2850"}, {"name": "RHSA-2014:0353", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://puppet.com/security/cve/cve-2013-6393"}, {"name": "USN-2098-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2098-1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-6393", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2014:0273", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html"}, {"name": "DSA-2870", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2870"}, {"name": "APPLE-SA-2014-10-16-3", "refsource": "APPLE", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033990"}, {"name": "APPLE-SA-2014-04-22-1", "refsource": "APPLE", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"}, {"name": "102716", "refsource": "OSVDB", "url": "http://osvdb.org/102716"}, {"name": "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff", "refsource": "MISC", "url": "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff"}, {"name": "MDVSA-2015:060", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"}, {"name": "65258", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65258"}, {"name": "http://advisories.mageia.org/MGASA-2014-0040.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0040.html"}, {"name": "openSUSE-SU-2015:0319", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"}, {"name": "RHSA-2014:0355", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"}, {"name": "openSUSE-SU-2014:0272", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html"}, {"name": "RHSA-2014:0354", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"}, {"name": "https://support.apple.com/kb/HT6536", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT6536"}, {"name": "openSUSE-SU-2016:1067", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"}, {"name": "DSA-2850", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2850"}, {"name": "RHSA-2014:0353", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"}, {"name": "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5", "refsource": "CONFIRM", "url": "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5"}, {"name": "https://puppet.com/security/cve/cve-2013-6393", "refsource": "CONFIRM", "url": "https://puppet.com/security/cve/cve-2013-6393"}, {"name": "USN-2098-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2098-1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:39:01.258Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2014:0273", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html"}, {"name": "DSA-2870", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-2870"}, {"name": "APPLE-SA-2014-10-16-3", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033990"}, {"name": "APPLE-SA-2014-04-22-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"}, {"name": "102716", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/102716"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff"}, {"name": "MDVSA-2015:060", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"}, {"name": "65258", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/65258"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2014-0040.html"}, {"name": "openSUSE-SU-2015:0319", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"}, {"name": "RHSA-2014:0355", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"}, {"name": "openSUSE-SU-2014:0272", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html"}, {"name": "RHSA-2014:0354", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT6536"}, {"name": "openSUSE-SU-2016:1067", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"}, {"name": "DSA-2850", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-2850"}, {"name": "RHSA-2014:0353", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://puppet.com/security/cve/cve-2013-6393"}, {"name": "USN-2098-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2098-1"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-6393", "datePublished": "2014-02-06T22:00:00", "dateReserved": "2013-11-04T00:00:00", "dateUpdated": "2024-08-06T17:39:01.258Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2013-11-24T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-12-08T10:57:01 (string)

orgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

shortName : redhat (string)

}

references : [ »

0 : { »

name : openSUSE-SU-2014:0273 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html (string)

}

1 : { »

name : DSA-2870 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2014/dsa-2870 (string)

}

2 : { »

name : APPLE-SA-2014-10-16-3 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_APPLE (string)

]

url : http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1033990 (string)

}

4 : { »

name : APPLE-SA-2014-04-22-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_APPLE (string)

]

url : http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html (string)

}

5 : { »

name : 102716 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_OSVDB (string)

]

url : http://osvdb.org/102716 (string)

}

6 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff (string)

}

7 : { »

name : MDVSA-2015:060 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MANDRIVA (string)

]

url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:060 (string)

}

8 : { »

name : 65258 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/65258 (string)

}

9 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://advisories.mageia.org/MGASA-2014-0040.html (string)

}

10 : { »

name : openSUSE-SU-2015:0319 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html (string)

}

11 : { »

name : RHSA-2014:0355 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-0355.html (string)

}

12 : { »

name : openSUSE-SU-2014:0272 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html (string)

}

13 : { »

name : RHSA-2014:0354 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-0354.html (string)

}

14 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://support.apple.com/kb/HT6536 (string)

}

15 : { »

name : openSUSE-SU-2016:1067 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html (string)

}

16 : { »

name : DSA-2850 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2014/dsa-2850 (string)

}

17 : { »

name : RHSA-2014:0353 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-0353.html (string)

}

18 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bitbucket.org/xi/libyaml/commits/tag/0.1.5 (string)

}

19 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://puppet.com/security/cve/cve-2013-6393 (string)

}

20 : { »

name : USN-2098-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-2098-1 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : secalert@redhat.com (string)

ID : CVE-2013-6393 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : openSUSE-SU-2014:0273 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html (string)

}

1 : { »

name : DSA-2870 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2014/dsa-2870 (string)

}

2 : { »

name : APPLE-SA-2014-10-16-3 (string)

refsource : APPLE (string)

url : http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html (string)

}

3 : { »

name : https://bugzilla.redhat.com/show_bug.cgi?id=1033990 (string)

refsource : CONFIRM (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1033990 (string)

}

4 : { »

name : APPLE-SA-2014-04-22-1 (string)

refsource : APPLE (string)

url : http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html (string)

}

5 : { »

name : 102716 (string)

refsource : OSVDB (string)

url : http://osvdb.org/102716 (string)

}

6 : { »

name : https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff (string)

refsource : MISC (string)

url : https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff (string)

}

7 : { »

name : MDVSA-2015:060 (string)

refsource : MANDRIVA (string)

url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:060 (string)

}

8 : { »

name : 65258 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/65258 (string)

}

9 : { »

name : http://advisories.mageia.org/MGASA-2014-0040.html (string)

refsource : CONFIRM (string)

url : http://advisories.mageia.org/MGASA-2014-0040.html (string)

}

10 : { »

name : openSUSE-SU-2015:0319 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html (string)

}

11 : { »

name : RHSA-2014:0355 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2014-0355.html (string)

}

12 : { »

name : openSUSE-SU-2014:0272 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html (string)

}

13 : { »

name : RHSA-2014:0354 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2014-0354.html (string)

}

14 : { »

name : https://support.apple.com/kb/HT6536 (string)

refsource : CONFIRM (string)

url : https://support.apple.com/kb/HT6536 (string)

}

15 : { »

name : openSUSE-SU-2016:1067 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html (string)

}

16 : { »

name : DSA-2850 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2014/dsa-2850 (string)

}

17 : { »

name : RHSA-2014:0353 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2014-0353.html (string)

}

18 : { »

name : https://bitbucket.org/xi/libyaml/commits/tag/0.1.5 (string)

refsource : CONFIRM (string)

url : https://bitbucket.org/xi/libyaml/commits/tag/0.1.5 (string)

}

19 : { »

name : https://puppet.com/security/cve/cve-2013-6393 (string)

refsource : CONFIRM (string)

url : https://puppet.com/security/cve/cve-2013-6393 (string)

}

20 : { »

name : USN-2098-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-2098-1 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T17:39:01.258Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : openSUSE-SU-2014:0273 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html (string)

}

1 : { »

name : DSA-2870 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2014/dsa-2870 (string)

}

2 : { »

name : APPLE-SA-2014-10-16-3 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_APPLE (string)

2 : x_transferred (string)

]

url : http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html (string)

}

3 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1033990 (string)

}

4 : { »

name : APPLE-SA-2014-04-22-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_APPLE (string)

2 : x_transferred (string)

]

url : http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html (string)

}

5 : { »

name : 102716 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_OSVDB (string)

2 : x_transferred (string)

]

url : http://osvdb.org/102716 (string)

}

6 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff (string)

}

7 : { »

name : MDVSA-2015:060 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MANDRIVA (string)

2 : x_transferred (string)

]

url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:060 (string)

}

8 : { »

name : 65258 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/65258 (string)

}

9 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://advisories.mageia.org/MGASA-2014-0040.html (string)

}

10 : { »

name : openSUSE-SU-2015:0319 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html (string)

}

11 : { »

name : RHSA-2014:0355 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-0355.html (string)

}

12 : { »

name : openSUSE-SU-2014:0272 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html (string)

}

13 : { »

name : RHSA-2014:0354 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-0354.html (string)

}

14 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://support.apple.com/kb/HT6536 (string)

}

15 : { »

name : openSUSE-SU-2016:1067 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html (string)

}

16 : { »

name : DSA-2850 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2014/dsa-2850 (string)

}

17 : { »

name : RHSA-2014:0353 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-0353.html (string)

}

18 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bitbucket.org/xi/libyaml/commits/tag/0.1.5 (string)

}

19 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://puppet.com/security/cve/cve-2013-6393 (string)

}

20 : { »

name : USN-2098-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-2098-1 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 53f830b8-0a3f-465b-8143-3b8a9948e749 (string)

assignerShortName : redhat (string)

cveId : CVE-2013-6393 (string)

datePublished : 2014-02-06T22:00:00 (string)

dateReserved : 2013-11-04T00:00:00 (string)

dateUpdated : 2024-08-06T17:39:01.258Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pyyaml:libyaml:*:*:*:*:*:*:*:*", "matchCriteriaId": "64CF0E49-704A-4190-9BA8-6332F1B12430", "versionEndIncluding": "0.1.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:pyyaml:libyaml:0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F454F77-1AB1-44CF-8E1F-47BD71966CB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:pyyaml:libyaml:0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2F2A3FC6-ADD6-4890-A91E-7B42138CB1B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:pyyaml:libyaml:0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "A7892D90-243C-4588-92D0-F49B3443B3DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:pyyaml:libyaml:0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "9759A8FD-7010-4D10-9E26-A03FDDDA187B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "6533B15B-F748-4A5D-AB86-31D38DFAE60F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "1802FDB8-C919-4D5E-A8AD-4C5B72525090", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow."}, {"lang": "es", "value": "La funci\u00f3n yaml_parser_scan_tag_uri en scanner.c en LibYAML anterior a 0.1.5 lleva a cabo un \"cast\" incorrecto, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) y probablemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de etiquetas manipuladas en YAML."}], "id": "CVE-2013-6393", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-02-06T22:55:03.217", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://advisories.mageia.org/MGASA-2014-0040.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/102716"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2014/dsa-2850"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2014/dsa-2870"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/65258"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2098-1"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033990"}, {"source": "secalert@redhat.com", "url": "https://puppet.com/security/cve/cve-2013-6393"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT6536"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://advisories.mageia.org/MGASA-2014-0040.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/102716"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2014/dsa-2850"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2014/dsa-2870"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/65258"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2098-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033990"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://puppet.com/security/cve/cve-2013-6393"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT6536"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:pyyaml:libyaml:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 64CF0E49-704A-4190-9BA8-6332F1B12430 (string)

versionEndIncluding : 0.1.4 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:pyyaml:libyaml:0.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 7F454F77-1AB1-44CF-8E1F-47BD71966CB8 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:pyyaml:libyaml:0.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 2F2A3FC6-ADD6-4890-A91E-7B42138CB1B4 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:pyyaml:libyaml:0.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : A7892D90-243C-4588-92D0-F49B3443B3DB (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:pyyaml:libyaml:0.1.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 9759A8FD-7010-4D10-9E26-A03FDDDA187B (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:* (string)

matchCriteriaId : B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:* (string)

matchCriteriaId : E2076871-2E80-4605-A470-A41C1A8EC7EE (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:* (string)

matchCriteriaId : 7F61F047-129C-41A6-8A27-FFCBB8563E91 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

2 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 6533B15B-F748-4A5D-AB86-31D38DFAE60F (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 1802FDB8-C919-4D5E-A8AD-4C5B72525090 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

3 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 036E8A89-7A16-411F-9D31-676313BB7244 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* (string)

matchCriteriaId : 16F59A04-14CF-49E2-9973-645477EA09DA (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

4 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 4863BE36-D16A-4D75-90D9-FD76DB5B48B7 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:* (string)

matchCriteriaId : DE554781-1EB9-446E-911F-6C11970C47F4 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* (string)

matchCriteriaId : A10BC294-9196-425F-9FB0-B1625465B47F (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 03117DF1-3BEC-4B8D-AD63-DBBDB2126081 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. (string)

}

1 : { »

lang : es (string)

value : La función yaml_parser_scan_tag_uri en scanner.c en LibYAML anterior a 0.1.5 lleva a cabo un "cast" incorrecto, lo que permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) y probablemente ejecutar código arbitrario a través de etiquetas manipuladas en YAML. (string)

}

]

id : CVE-2013-6393 (string)

lastModified : 2025-04-11T00:51:21.963 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.8 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2014-02-06T22:55:03.217 (string)

references : [ »

0 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://advisories.mageia.org/MGASA-2014-0040.html (string)

}

1 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Broken Link (string)

]

url : http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html (string)

}

2 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Broken Link (string)

]

url : http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html (string)

}

3 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html (string)

}

4 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html (string)

}

5 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html (string)

}

6 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html (string)

}

7 : { »

source : secalert@redhat.com (string)

url : http://osvdb.org/102716 (string)

}

8 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-0353.html (string)

}

9 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-0354.html (string)

}

10 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-0355.html (string)

}

11 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2014/dsa-2850 (string)

}

12 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2014/dsa-2870 (string)

}

13 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:060 (string)

}

14 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/65258 (string)

}

15 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-2098-1 (string)

}

16 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Issue Tracking (string)

]

url : https://bitbucket.org/xi/libyaml/commits/tag/0.1.5 (string)

}

17 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Issue Tracking (string)

]

url : https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff (string)

}

18 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Issue Tracking (string)

1 : Patch (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1033990 (string)

}

19 : { »

source : secalert@redhat.com (string)

url : https://puppet.com/security/cve/cve-2013-6393 (string)

}

20 : { »

source : secalert@redhat.com (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://support.apple.com/kb/HT6536 (string)

}

21 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://advisories.mageia.org/MGASA-2014-0040.html (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Broken Link (string)

]

url : http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html (string)

}

26 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html (string)

}

27 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html (string)

}

28 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://osvdb.org/102716 (string)

}

29 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-0353.html (string)

}

30 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-0354.html (string)

}

31 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-0355.html (string)

}

32 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2014/dsa-2850 (string)

}

33 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.debian.org/security/2014/dsa-2870 (string)

}

34 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:060 (string)

}

35 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

1 : VDB Entry (string)

]

url : http://www.securityfocus.com/bid/65258 (string)

}

36 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://www.ubuntu.com/usn/USN-2098-1 (string)

}

37 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

]

url : https://bitbucket.org/xi/libyaml/commits/tag/0.1.5 (string)

}

38 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

]

url : https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff (string)

}

39 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Issue Tracking (string)

1 : Patch (string)

]

url : https://bugzilla.redhat.com/show_bug.cgi?id=1033990 (string)

}

40 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://puppet.com/security/cve/cve-2013-6393 (string)

}

41 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : https://support.apple.com/kb/HT6536 (string)

}

]

sourceIdentifier : secalert@redhat.com (string)

vulnStatus : Deferred (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-119 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security Team).", "affected_release": [{"advisory": "RHSA-2014:0353", "cpe": "cpe:/a:redhat:openstack:3::el6", "package": "libyaml-0:0.1.3-1.4.el6", "product_name": "OpenStack 3 for RHEL 6", "release_date": "2014-04-02T00:00:00Z"}, {"advisory": "RHSA-2014:0364", "cpe": "cpe:/a:redhat:openstack:3::el6", "package": "ruby193-libyaml-0:0.1.4-5.1.el6", "product_name": "OpenStack 3 for RHEL 6", "release_date": "2014-04-03T00:00:00Z"}, {"advisory": "RHSA-2014:0354", "cpe": "cpe:/a:redhat:openstack:4::el6", "package": "libyaml-0:0.1.3-1.4.el6", "product_name": "OpenStack 4 for RHEL 6", "release_date": "2014-04-02T00:00:00Z"}, {"advisory": "RHSA-2014:0415", "cpe": "cpe:/a:redhat:rhel_common:6::el6", "package": "libyaml-0:0.1.3-1.4.el6", "product_name": "Red Hat Common for RHEL 6", "release_date": "2014-04-17T00:00:00Z"}, {"advisory": "RHSA-2014:0355", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "ruby193-libyaml-0:0.1.4-5.1.el6", "product_name": "Red Hat Software Collections for RHEL-6", "release_date": "2014-04-02T00:00:00Z"}], "bugzilla": {"description": "libyaml: heap-based buffer overflow when parsing YAML tags", "id": "1033990", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033990"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-122", "details": ["The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2013-6393", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Not affected", "package_name": "ruby193-libyaml", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:openshift:1", "fix_state": "Will not fix", "package_name": "ruby193-libyaml", "product_name": "OpenShift Enterprise 1"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "libyaml", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libyaml", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:1", "fix_state": "Will not fix", "package_name": "libyaml", "product_name": "Red Hat Enterprise MRG 1"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Will not fix", "package_name": "libyaml", "product_name": "Red Hat Enterprise MRG 2"}, {"cpe": "cpe:/a:redhat:network_satellite:5.3", "fix_state": "Will not fix", "package_name": "libyaml", "product_name": "Red Hat Satellite 5.3"}, {"cpe": "cpe:/a:redhat:network_satellite:5.4", "fix_state": "Will not fix", "package_name": "libyaml", "product_name": "Red Hat Satellite 5.4"}, {"cpe": "cpe:/a:redhat:network_satellite:5.5", "fix_state": "Will not fix", "package_name": "libyaml", "product_name": "Red Hat Satellite 5.5"}, {"cpe": "cpe:/a:redhat:network_satellite:5.6", "fix_state": "Will not fix", "package_name": "libyaml", "product_name": "Red Hat Satellite 5.6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "libyaml", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "ruby193-libyaml", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:1", "fix_state": "Affected", "package_name": "libyaml", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Will not fix", "package_name": "libyaml", "product_name": "Red Hat Subscription Asset Manager"}, {"cpe": "cpe:/a:redhat:rhui:2", "fix_state": "Will not fix", "package_name": "libyaml", "product_name": "RHUI for RHEL 6"}], "public_date": "2014-01-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-6393\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-6393"], "statement": "The Red Hat security response team has rated this issue as having low security impact in Red Hat Enterpise MRG 1 and 2, CloudForms 3, and Red Hat Network Satellite 5. This issue is not currently planned to be addressed in future updates.Redhat satellite 6 does not ship libyaml\nThe Red Hat security response team has rated this issue as having low security impact in Red Hat Update Infrastructure. A future update may address this issue. \nThe Red Hat security response team has rated this issue as having moderate security impact in Subscription Asset Manager 1. A future update may address this issue.\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/", "threat_severity": "Moderate"}

{

acknowledgement : This issue was discovered by Florian Weimer (Red Hat Product Security Team). (string)

affected_release : [ »

0 : { »

advisory : RHSA-2014:0353 (string)

cpe : cpe:/a:redhat:openstack:3::el6 (string)

package : libyaml-0:0.1.3-1.4.el6 (string)

product_name : OpenStack 3 for RHEL 6 (string)

release_date : 2014-04-02T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2014:0364 (string)

cpe : cpe:/a:redhat:openstack:3::el6 (string)

package : ruby193-libyaml-0:0.1.4-5.1.el6 (string)

product_name : OpenStack 3 for RHEL 6 (string)

release_date : 2014-04-03T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2014:0354 (string)

cpe : cpe:/a:redhat:openstack:4::el6 (string)

package : libyaml-0:0.1.3-1.4.el6 (string)

product_name : OpenStack 4 for RHEL 6 (string)

release_date : 2014-04-02T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2014:0415 (string)

cpe : cpe:/a:redhat:rhel_common:6::el6 (string)

package : libyaml-0:0.1.3-1.4.el6 (string)

product_name : Red Hat Common for RHEL 6 (string)

release_date : 2014-04-17T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2014:0355 (string)

cpe : cpe:/a:redhat:rhel_software_collections:1::el6 (string)

package : ruby193-libyaml-0:0.1.4-5.1.el6 (string)

product_name : Red Hat Software Collections for RHEL-6 (string)

release_date : 2014-04-02T00:00:00Z (string)

}

]

bugzilla : { »

description : libyaml: heap-based buffer overflow when parsing YAML tags (string)

id : 1033990 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1033990 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 4.3 (string)

cvss_scoring_vector : AV:A/AC:H/Au:N/C:P/I:P/A:P (string)

status : verified (string)

}

cwe : CWE-122 (string)

details : [ »

0 : The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow. (string)

]

mitigation : { »

lang : en:us (string)

value : Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. (string)

}

name : CVE-2013-6393 (string)

package_state : [ »

0 : { »

cpe : cpe:/a:redhat:cloudforms_managementengine:5 (string)

fix_state : Not affected (string)

package_name : ruby193-libyaml (string)

product_name : CloudForms Management Engine 5 (string)

}

1 : { »

cpe : cpe:/a:redhat:openshift:1 (string)

fix_state : Will not fix (string)

package_name : ruby193-libyaml (string)

product_name : OpenShift Enterprise 1 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Affected (string)

package_name : libyaml (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

3 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Not affected (string)

package_name : libyaml (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

4 : { »

cpe : cpe:/a:redhat:enterprise_mrg:1 (string)

fix_state : Will not fix (string)

package_name : libyaml (string)

product_name : Red Hat Enterprise MRG 1 (string)

}

5 : { »

cpe : cpe:/a:redhat:enterprise_mrg:2 (string)

fix_state : Will not fix (string)

package_name : libyaml (string)

product_name : Red Hat Enterprise MRG 2 (string)

}

6 : { »

cpe : cpe:/a:redhat:network_satellite:5.3 (string)

fix_state : Will not fix (string)

package_name : libyaml (string)

product_name : Red Hat Satellite 5.3 (string)

}

7 : { »

cpe : cpe:/a:redhat:network_satellite:5.4 (string)

fix_state : Will not fix (string)

package_name : libyaml (string)

product_name : Red Hat Satellite 5.4 (string)

}

8 : { »

cpe : cpe:/a:redhat:network_satellite:5.5 (string)

fix_state : Will not fix (string)

package_name : libyaml (string)

product_name : Red Hat Satellite 5.5 (string)

}

9 : { »

cpe : cpe:/a:redhat:network_satellite:5.6 (string)

fix_state : Will not fix (string)

package_name : libyaml (string)

product_name : Red Hat Satellite 5.6 (string)

}

10 : { »

cpe : cpe:/a:redhat:satellite:6 (string)

fix_state : Not affected (string)

package_name : libyaml (string)

product_name : Red Hat Satellite 6 (string)

}

11 : { »

cpe : cpe:/a:redhat:satellite:6 (string)

fix_state : Not affected (string)

package_name : ruby193-libyaml (string)

product_name : Red Hat Satellite 6 (string)

}

12 : { »

cpe : cpe:/a:redhat:rhel_software_collections:1 (string)

fix_state : Affected (string)

package_name : libyaml (string)

product_name : Red Hat Software Collections (string)

}

13 : { »

cpe : cpe:/a:rhel_sam:1 (string)

fix_state : Will not fix (string)

package_name : libyaml (string)

product_name : Red Hat Subscription Asset Manager (string)

}

14 : { »

cpe : cpe:/a:redhat:rhui:2 (string)

fix_state : Will not fix (string)

package_name : libyaml (string)

product_name : RHUI for RHEL 6 (string)

}

]

public_date : 2014-01-27T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2013-6393 https://nvd.nist.gov/vuln/detail/CVE-2013-6393 (string)

]

statement : The Red Hat security response team has rated this issue as having low security impact in Red Hat Enterpise MRG 1 and 2, CloudForms 3, and Red Hat Network Satellite 5. This issue is not currently planned to be addressed in future updates.Redhat satellite 6 does not ship libyaml The Red Hat security response team has rated this issue as having low security impact in Red Hat Update Infrastructure. A future update may address this issue. The Red Hat security response team has rated this issue as having moderate security impact in Subscription Asset Manager 1. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/ (string)

threat_severity : Moderate (string)

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object