CVE-2014-2525 - Vulnerability Details

Vendors	Products
Opensuse	Leap Opensuse
Pyyaml	Libyaml
Redhat	Openstack Rhel Common Rhel Software Collections

Package	CPE	Advisory	Released Date
OpenStack 3 for RHEL 6
libyaml-0:0.1.3-1.4.el6	cpe:/a:redhat:openstack:3::el6	RHSA-2014:0353	2014-04-02T00:00:00Z
ruby193-libyaml-0:0.1.4-5.1.el6	cpe:/a:redhat:openstack:3::el6	RHSA-2014:0364	2014-04-03T00:00:00Z
OpenStack 4 for RHEL 6
libyaml-0:0.1.3-1.4.el6	cpe:/a:redhat:openstack:4::el6	RHSA-2014:0354	2014-04-02T00:00:00Z
Red Hat Common for RHEL 6
libyaml-0:0.1.3-1.4.el6	cpe:/a:redhat:rhel_common:6::el6	RHSA-2014:0415	2014-04-17T00:00:00Z
Red Hat Software Collections for RHEL-6
ruby193-libyaml-0:0.1.4-5.1.el6	cpe:/a:redhat:rhel_software_collections:1::el6	RHSA-2014:0355	2014-04-02T00:00:00Z

Link	Providers
http://advisories.mageia.org/MGASA-2014-0150.html
http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html
http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html
http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html
http://rhn.redhat.com/errata/RHSA-2014-0353.html
http://rhn.redhat.com/errata/RHSA-2014-0354.html
http://rhn.redhat.com/errata/RHSA-2014-0355.html
http://secunia.com/advisories/57836
http://secunia.com/advisories/57966
http://secunia.com/advisories/57968
http://support.apple.com/kb/HT6443
http://www.debian.org/security/2014/dsa-2884
http://www.debian.org/security/2014/dsa-2885
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/
http://www.mandriva.com/security/advisories?name=MDVSA-2015:060
http://www.ocert.org/advisories/ocert-2014-003.html
http://www.securityfocus.com/bid/66478
http://www.ubuntu.com/usn/USN-2160-1
https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048
https://nvd.nist.gov/vuln/detail/CVE-2014-2525
https://puppet.com/security/cve/cve-2014-2525
https://www.cve.org/CVERecord?id=CVE-2014-2525

Show plain JSON

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-03-26T00:00:00", "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-08T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "66478", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/66478"}, {"name": "57836", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/57836"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://puppet.com/security/cve/cve-2014-2525"}, {"name": "MDVSA-2015:060", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ocert.org/advisories/ocert-2014-003.html"}, {"name": "DSA-2885", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-2885"}, {"name": "USN-2160-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2160-1"}, {"name": "openSUSE-SU-2015:0319", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"}, {"name": "RHSA-2014:0355", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"}, {"name": "DSA-2884", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-2884"}, {"name": "RHSA-2014:0354", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2014-0150.html"}, {"name": "openSUSE-SU-2014:0500", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT6443"}, {"name": "openSUSE-SU-2016:1067", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"}, {"name": "RHSA-2014:0353", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"}, {"name": "57968", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/57968"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"}, {"name": "57966", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/57966"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2014-2525", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "66478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/66478"}, {"name": "57836", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57836"}, {"name": "https://puppet.com/security/cve/cve-2014-2525", "refsource": "CONFIRM", "url": "https://puppet.com/security/cve/cve-2014-2525"}, {"name": "MDVSA-2015:060", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"}, {"name": "http://www.ocert.org/advisories/ocert-2014-003.html", "refsource": "MISC", "url": "http://www.ocert.org/advisories/ocert-2014-003.html"}, {"name": "DSA-2885", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2885"}, {"name": "USN-2160-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2160-1"}, {"name": "openSUSE-SU-2015:0319", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"}, {"name": "RHSA-2014:0355", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"}, {"name": "DSA-2884", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2884"}, {"name": "RHSA-2014:0354", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"}, {"name": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/", "refsource": "CONFIRM", "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"}, {"name": "https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048", "refsource": "CONFIRM", "url": "https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048"}, {"name": "http://advisories.mageia.org/MGASA-2014-0150.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0150.html"}, {"name": "openSUSE-SU-2014:0500", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html"}, {"name": "http://support.apple.com/kb/HT6443", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT6443"}, {"name": "openSUSE-SU-2016:1067", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"}, {"name": "RHSA-2014:0353", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"}, {"name": "57968", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57968"}, {"name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/", "refsource": "CONFIRM", "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"}, {"name": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/", "refsource": "CONFIRM", "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"}, {"name": "57966", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/57966"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:14:26.613Z"}, "title": "CVE Program Container", "references": [{"name": "66478", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/66478"}, {"name": "57836", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/57836"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://puppet.com/security/cve/cve-2014-2525"}, {"name": "MDVSA-2015:060", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.ocert.org/advisories/ocert-2014-003.html"}, {"name": "DSA-2885", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-2885"}, {"name": "USN-2160-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2160-1"}, {"name": "openSUSE-SU-2015:0319", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"}, {"name": "RHSA-2014:0355", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"}, {"name": "DSA-2884", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-2884"}, {"name": "RHSA-2014:0354", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2014-0150.html"}, {"name": "openSUSE-SU-2014:0500", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT6443"}, {"name": "openSUSE-SU-2016:1067", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"}, {"name": "RHSA-2014:0353", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"}, {"name": "57968", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/57968"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"}, {"name": "57966", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/57966"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2014-2525", "datePublished": "2014-03-28T15:00:00", "dateReserved": "2014-03-17T00:00:00", "dateUpdated": "2024-08-06T10:14:26.613Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{

containers : { »

cna : { »

affected : [ »

0 : { »

product : n/a (string)

vendor : n/a (string)

versions : [ »

0 : { »

status : affected (string)

version : n/a (string)

}

]

}

]

datePublic : 2014-03-26T00:00:00 (string)

descriptions : [ »

0 : { »

lang : en (string)

value : Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file. (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

description : n/a (string)

lang : en (string)

type : text (string)

}

]

}

]

providerMetadata : { »

dateUpdated : 2017-12-08T10:57:01 (string)

orgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

shortName : mitre (string)

}

references : [ »

0 : { »

name : 66478 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

]

url : http://www.securityfocus.com/bid/66478 (string)

}

1 : { »

name : 57836 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/57836 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://puppet.com/security/cve/cve-2014-2525 (string)

}

3 : { »

name : MDVSA-2015:060 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MANDRIVA (string)

]

url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:060 (string)

}

4 : { »

tags : [ »

0 : x_refsource_MISC (string)

]

url : http://www.ocert.org/advisories/ocert-2014-003.html (string)

}

5 : { »

name : DSA-2885 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2014/dsa-2885 (string)

}

6 : { »

name : USN-2160-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

]

url : http://www.ubuntu.com/usn/USN-2160-1 (string)

}

7 : { »

name : openSUSE-SU-2015:0319 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html (string)

}

8 : { »

name : RHSA-2014:0355 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-0355.html (string)

}

9 : { »

name : DSA-2884 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

]

url : http://www.debian.org/security/2014/dsa-2884 (string)

}

10 : { »

name : RHSA-2014:0354 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-0354.html (string)

}

11 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/ (string)

}

12 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048 (string)

}

13 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://advisories.mageia.org/MGASA-2014-0150.html (string)

}

14 : { »

name : openSUSE-SU-2014:0500 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html (string)

}

15 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://support.apple.com/kb/HT6443 (string)

}

16 : { »

name : openSUSE-SU-2016:1067 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

]

url : http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html (string)

}

17 : { »

name : RHSA-2014:0353 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-0353.html (string)

}

18 : { »

name : 57968 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/57968 (string)

}

19 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/ (string)

}

20 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

]

url : http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/ (string)

}

21 : { »

name : 57966 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

]

url : http://secunia.com/advisories/57966 (string)

}

]

x_legacyV4Record : { »

CVE_data_meta : { »

ASSIGNER : cve@mitre.org (string)

ID : CVE-2014-2525 (string)

STATE : PUBLIC (string)

}

affects : { »

vendor : { »

vendor_data : [ »

0 : { »

product : { »

product_data : [ »

0 : { »

product_name : n/a (string)

version : { »

version_data : [ »

0 : { »

version_value : n/a (string)

}

]

}

]

}

vendor_name : n/a (string)

}

]

}

data_format : MITRE (string)

data_type : CVE (string)

data_version : 4.0 (string)

description : { »

description_data : [ »

0 : { »

lang : eng (string)

value : Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file. (string)

}

]

}

problemtype : { »

problemtype_data : [ »

0 : { »

description : [ »

0 : { »

lang : eng (string)

value : n/a (string)

}

]

}

]

}

references : { »

reference_data : [ »

0 : { »

name : 66478 (string)

refsource : BID (string)

url : http://www.securityfocus.com/bid/66478 (string)

}

1 : { »

name : 57836 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/57836 (string)

}

2 : { »

name : https://puppet.com/security/cve/cve-2014-2525 (string)

refsource : CONFIRM (string)

url : https://puppet.com/security/cve/cve-2014-2525 (string)

}

3 : { »

name : MDVSA-2015:060 (string)

refsource : MANDRIVA (string)

url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:060 (string)

}

4 : { »

name : http://www.ocert.org/advisories/ocert-2014-003.html (string)

refsource : MISC (string)

url : http://www.ocert.org/advisories/ocert-2014-003.html (string)

}

5 : { »

name : DSA-2885 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2014/dsa-2885 (string)

}

6 : { »

name : USN-2160-1 (string)

refsource : UBUNTU (string)

url : http://www.ubuntu.com/usn/USN-2160-1 (string)

}

7 : { »

name : openSUSE-SU-2015:0319 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html (string)

}

8 : { »

name : RHSA-2014:0355 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2014-0355.html (string)

}

9 : { »

name : DSA-2884 (string)

refsource : DEBIAN (string)

url : http://www.debian.org/security/2014/dsa-2884 (string)

}

10 : { »

name : RHSA-2014:0354 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2014-0354.html (string)

}

11 : { »

name : http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/ (string)

refsource : CONFIRM (string)

url : http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/ (string)

}

12 : { »

name : https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048 (string)

refsource : CONFIRM (string)

url : https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048 (string)

}

13 : { »

name : http://advisories.mageia.org/MGASA-2014-0150.html (string)

refsource : CONFIRM (string)

url : http://advisories.mageia.org/MGASA-2014-0150.html (string)

}

14 : { »

name : openSUSE-SU-2014:0500 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html (string)

}

15 : { »

name : http://support.apple.com/kb/HT6443 (string)

refsource : CONFIRM (string)

url : http://support.apple.com/kb/HT6443 (string)

}

16 : { »

name : openSUSE-SU-2016:1067 (string)

refsource : SUSE (string)

url : http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html (string)

}

17 : { »

name : RHSA-2014:0353 (string)

refsource : REDHAT (string)

url : http://rhn.redhat.com/errata/RHSA-2014-0353.html (string)

}

18 : { »

name : 57968 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/57968 (string)

}

19 : { »

name : http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/ (string)

refsource : CONFIRM (string)

url : http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/ (string)

}

20 : { »

name : http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/ (string)

refsource : CONFIRM (string)

url : http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/ (string)

}

21 : { »

name : 57966 (string)

refsource : SECUNIA (string)

url : http://secunia.com/advisories/57966 (string)

}

]

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-06T10:14:26.613Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

name : 66478 (string)

tags : [ »

0 : vdb-entry (string)

1 : x_refsource_BID (string)

2 : x_transferred (string)

]

url : http://www.securityfocus.com/bid/66478 (string)

}

1 : { »

name : 57836 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/57836 (string)

}

2 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://puppet.com/security/cve/cve-2014-2525 (string)

}

3 : { »

name : MDVSA-2015:060 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_MANDRIVA (string)

2 : x_transferred (string)

]

url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:060 (string)

}

4 : { »

tags : [ »

0 : x_refsource_MISC (string)

1 : x_transferred (string)

]

url : http://www.ocert.org/advisories/ocert-2014-003.html (string)

}

5 : { »

name : DSA-2885 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2014/dsa-2885 (string)

}

6 : { »

name : USN-2160-1 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_UBUNTU (string)

2 : x_transferred (string)

]

url : http://www.ubuntu.com/usn/USN-2160-1 (string)

}

7 : { »

name : openSUSE-SU-2015:0319 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html (string)

}

8 : { »

name : RHSA-2014:0355 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-0355.html (string)

}

9 : { »

name : DSA-2884 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_DEBIAN (string)

2 : x_transferred (string)

]

url : http://www.debian.org/security/2014/dsa-2884 (string)

}

10 : { »

name : RHSA-2014:0354 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-0354.html (string)

}

11 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/ (string)

}

12 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048 (string)

}

13 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://advisories.mageia.org/MGASA-2014-0150.html (string)

}

14 : { »

name : openSUSE-SU-2014:0500 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html (string)

}

15 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://support.apple.com/kb/HT6443 (string)

}

16 : { »

name : openSUSE-SU-2016:1067 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_SUSE (string)

2 : x_transferred (string)

]

url : http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html (string)

}

17 : { »

name : RHSA-2014:0353 (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_refsource_REDHAT (string)

2 : x_transferred (string)

]

url : http://rhn.redhat.com/errata/RHSA-2014-0353.html (string)

}

18 : { »

name : 57968 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/57968 (string)

}

19 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/ (string)

}

20 : { »

tags : [ »

0 : x_refsource_CONFIRM (string)

1 : x_transferred (string)

]

url : http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/ (string)

}

21 : { »

name : 57966 (string)

tags : [ »

0 : third-party-advisory (string)

1 : x_refsource_SECUNIA (string)

2 : x_transferred (string)

]

url : http://secunia.com/advisories/57966 (string)

}

]

}

]

}

cveMetadata : { »

assignerOrgId : 8254265b-2729-46b6-b9e3-3dfca2d5bfca (string)

assignerShortName : mitre (string)

cveId : CVE-2014-2525 (string)

datePublished : 2014-03-28T15:00:00 (string)

dateReserved : 2014-03-17T00:00:00 (string)

dateUpdated : 2024-08-06T10:14:26.613Z (string)

state : PUBLISHED (string)

}

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pyyaml:libyaml:*:*:*:*:*:*:*:*", "matchCriteriaId": "BF15A6D7-D1CD-4B9A-8A90-81E441C531EF", "versionEndIncluding": "0.1.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:pyyaml:libyaml:0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F454F77-1AB1-44CF-8E1F-47BD71966CB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:pyyaml:libyaml:0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2F2A3FC6-ADD6-4890-A91E-7B42138CB1B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:pyyaml:libyaml:0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "A7892D90-243C-4588-92D0-F49B3443B3DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:pyyaml:libyaml:0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "9759A8FD-7010-4D10-9E26-A03FDDDA187B", "vulnerable": true}, {"criteria": "cpe:2.3:a:pyyaml:libyaml:0.1.4:*:*:*:*:*:*:*", "matchCriteriaId": "7AE63A49-551A-4C0F-8ED9-AE1DB049B141", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file."}, {"lang": "es", "value": "Desbordamiento de buffer basado en memoria din\u00e1mica en la funci\u00f3n yaml_parser_scan_uri_escapes en LibYAML anterior a 0.1.6 permite a atacantes dependientes de contexto ejecutar c\u00f3digo arbitrario a trav\u00e9s de una secuencia larga de caracteres codificados de porcentaje en una URI en un archivo YAML."}], "id": "CVE-2014-2525", "lastModified": "2024-11-21T02:06:28.450", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-03-28T15:55:08.670", "references": [{"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://advisories.mageia.org/MGASA-2014-0150.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"}, {"source": "cve@mitre.org", "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/57836"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/57966"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/57968"}, {"source": "cve@mitre.org", "url": "http://support.apple.com/kb/HT6443"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2014/dsa-2884"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2014/dsa-2885"}, {"source": "cve@mitre.org", "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"}, {"source": "cve@mitre.org", "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"}, {"source": "cve@mitre.org", "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"}, {"source": "cve@mitre.org", "tags": ["US Government Resource"], "url": "http://www.ocert.org/advisories/ocert-2014-003.html"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/66478"}, {"source": "cve@mitre.org", "url": "http://www.ubuntu.com/usn/USN-2160-1"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048"}, {"source": "cve@mitre.org", "url": "https://puppet.com/security/cve/cve-2014-2525"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://advisories.mageia.org/MGASA-2014-0150.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/57836"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/57966"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/57968"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://support.apple.com/kb/HT6443"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-2884"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2014/dsa-2885"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["US Government Resource"], "url": "http://www.ocert.org/advisories/ocert-2014-003.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/66478"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2160-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch"], "url": "https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://puppet.com/security/cve/cve-2014-2525"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:pyyaml:libyaml:*:*:*:*:*:*:*:* (string)

matchCriteriaId : BF15A6D7-D1CD-4B9A-8A90-81E441C531EF (string)

versionEndIncluding : 0.1.5 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:pyyaml:libyaml:0.0.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 7F454F77-1AB1-44CF-8E1F-47BD71966CB8 (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:a:pyyaml:libyaml:0.1.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 2F2A3FC6-ADD6-4890-A91E-7B42138CB1B4 (string)

vulnerable : true (boolean)

}

3 : { »

criteria : cpe:2.3:a:pyyaml:libyaml:0.1.2:*:*:*:*:*:*:* (string)

matchCriteriaId : A7892D90-243C-4588-92D0-F49B3443B3DB (string)

vulnerable : true (boolean)

}

4 : { »

criteria : cpe:2.3:a:pyyaml:libyaml:0.1.3:*:*:*:*:*:*:* (string)

matchCriteriaId : 9759A8FD-7010-4D10-9E26-A03FDDDA187B (string)

vulnerable : true (boolean)

}

5 : { »

criteria : cpe:2.3:a:pyyaml:libyaml:0.1.4:*:*:*:*:*:*:* (string)

matchCriteriaId : 7AE63A49-551A-4C0F-8ED9-AE1DB049B141 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

1 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:* (string)

matchCriteriaId : 4863BE36-D16A-4D75-90D9-FD76DB5B48B7 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:* (string)

matchCriteriaId : A10BC294-9196-425F-9FB0-B1625465B47F (string)

vulnerable : true (boolean)

}

2 : { »

criteria : cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:* (string)

matchCriteriaId : 03117DF1-3BEC-4B8D-AD63-DBBDB2126081 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

descriptions : [ »

0 : { »

lang : en (string)

value : Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file. (string)

}

1 : { »

lang : es (string)

value : Desbordamiento de buffer basado en memoria dinámica en la función yaml_parser_scan_uri_escapes en LibYAML anterior a 0.1.6 permite a atacantes dependientes de contexto ejecutar código arbitrario a través de una secuencia larga de caracteres codificados de porcentaje en una URI en un archivo YAML. (string)

}

]

id : CVE-2014-2525 (string)

lastModified : 2024-11-21T02:06:28.450 (string)

metrics : { »

cvssMetricV2 : [ »

0 : { »

acInsufInfo : false (boolean)

baseSeverity : MEDIUM (string)

cvssData : { »

accessComplexity : MEDIUM (string)

accessVector : NETWORK (string)

authentication : NONE (string)

availabilityImpact : PARTIAL (string)

baseScore : 6.8 (number)

confidentialityImpact : PARTIAL (string)

integrityImpact : PARTIAL (string)

vectorString : AV:N/AC:M/Au:N/C:P/I:P/A:P (string)

version : 2.0 (string)

}

exploitabilityScore : 8.6 (number)

impactScore : 6.4 (number)

obtainAllPrivilege : false (boolean)

obtainOtherPrivilege : false (boolean)

obtainUserPrivilege : false (boolean)

source : nvd@nist.gov (string)

type : Primary (string)

userInteractionRequired : false (boolean)

}

]

}

published : 2014-03-28T15:55:08.670 (string)

references : [ »

0 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://advisories.mageia.org/MGASA-2014-0150.html (string)

}

1 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html (string)

}

2 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html (string)

}

3 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html (string)

}

4 : { »

source : cve@mitre.org (string)

url : http://rhn.redhat.com/errata/RHSA-2014-0353.html (string)

}

5 : { »

source : cve@mitre.org (string)

url : http://rhn.redhat.com/errata/RHSA-2014-0354.html (string)

}

6 : { »

source : cve@mitre.org (string)

url : http://rhn.redhat.com/errata/RHSA-2014-0355.html (string)

}

7 : { »

source : cve@mitre.org (string)

url : http://secunia.com/advisories/57836 (string)

}

8 : { »

source : cve@mitre.org (string)

url : http://secunia.com/advisories/57966 (string)

}

9 : { »

source : cve@mitre.org (string)

url : http://secunia.com/advisories/57968 (string)

}

10 : { »

source : cve@mitre.org (string)

url : http://support.apple.com/kb/HT6443 (string)

}

11 : { »

source : cve@mitre.org (string)

url : http://www.debian.org/security/2014/dsa-2884 (string)

}

12 : { »

source : cve@mitre.org (string)

url : http://www.debian.org/security/2014/dsa-2885 (string)

}

13 : { »

source : cve@mitre.org (string)

url : http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/ (string)

}

14 : { »

source : cve@mitre.org (string)

url : http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/ (string)

}

15 : { »

source : cve@mitre.org (string)

url : http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/ (string)

}

16 : { »

source : cve@mitre.org (string)

url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:060 (string)

}

17 : { »

source : cve@mitre.org (string)

tags : [ »

0 : US Government Resource (string)

]

url : http://www.ocert.org/advisories/ocert-2014-003.html (string)

}

18 : { »

source : cve@mitre.org (string)

url : http://www.securityfocus.com/bid/66478 (string)

}

19 : { »

source : cve@mitre.org (string)

url : http://www.ubuntu.com/usn/USN-2160-1 (string)

}

20 : { »

source : cve@mitre.org (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

]

url : https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048 (string)

}

21 : { »

source : cve@mitre.org (string)

url : https://puppet.com/security/cve/cve-2014-2525 (string)

}

22 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://advisories.mageia.org/MGASA-2014-0150.html (string)

}

23 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html (string)

}

24 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html (string)

}

25 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Third Party Advisory (string)

]

url : http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html (string)

}

26 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2014-0353.html (string)

}

27 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2014-0354.html (string)

}

28 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://rhn.redhat.com/errata/RHSA-2014-0355.html (string)

}

29 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://secunia.com/advisories/57836 (string)

}

30 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://secunia.com/advisories/57966 (string)

}

31 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://secunia.com/advisories/57968 (string)

}

32 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://support.apple.com/kb/HT6443 (string)

}

33 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.debian.org/security/2014/dsa-2884 (string)

}

34 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.debian.org/security/2014/dsa-2885 (string)

}

35 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/ (string)

}

36 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/ (string)

}

37 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/ (string)

}

38 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:060 (string)

}

39 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : US Government Resource (string)

]

url : http://www.ocert.org/advisories/ocert-2014-003.html (string)

}

40 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.securityfocus.com/bid/66478 (string)

}

41 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : http://www.ubuntu.com/usn/USN-2160-1 (string)

}

42 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Exploit (string)

1 : Patch (string)

]

url : https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048 (string)

}

43 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

url : https://puppet.com/security/cve/cve-2014-2525 (string)

}

]

sourceIdentifier : cve@mitre.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-119 (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"acknowledgement": "Red Hat would like to thank oCERT for reporting this issue.", "affected_release": [{"advisory": "RHSA-2014:0353", "cpe": "cpe:/a:redhat:openstack:3::el6", "package": "libyaml-0:0.1.3-1.4.el6", "product_name": "OpenStack 3 for RHEL 6", "release_date": "2014-04-02T00:00:00Z"}, {"advisory": "RHSA-2014:0364", "cpe": "cpe:/a:redhat:openstack:3::el6", "package": "ruby193-libyaml-0:0.1.4-5.1.el6", "product_name": "OpenStack 3 for RHEL 6", "release_date": "2014-04-03T00:00:00Z"}, {"advisory": "RHSA-2014:0354", "cpe": "cpe:/a:redhat:openstack:4::el6", "package": "libyaml-0:0.1.3-1.4.el6", "product_name": "OpenStack 4 for RHEL 6", "release_date": "2014-04-02T00:00:00Z"}, {"advisory": "RHSA-2014:0415", "cpe": "cpe:/a:redhat:rhel_common:6::el6", "package": "libyaml-0:0.1.3-1.4.el6", "product_name": "Red Hat Common for RHEL 6", "release_date": "2014-04-17T00:00:00Z"}, {"advisory": "RHSA-2014:0355", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "ruby193-libyaml-0:0.1.4-5.1.el6", "product_name": "Red Hat Software Collections for RHEL-6", "release_date": "2014-04-02T00:00:00Z"}], "bugzilla": {"description": "libyaml: heap-based buffer overflow when parsing URLs", "id": "1078083", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1078083"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-122", "details": ["Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2014-2525", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Not affected", "package_name": "ruby193-libyaml", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:openshift:1", "fix_state": "Will not fix", "package_name": "ruby193-libyaml", "product_name": "OpenShift Enterprise 1"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "libyaml", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libyaml", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:1", "fix_state": "Will not fix", "package_name": "libyaml", "product_name": "Red Hat Enterprise MRG 1"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Will not fix", "package_name": "libyaml", "product_name": "Red Hat Enterprise MRG 2"}, {"cpe": "cpe:/a:redhat:network_satellite:5.3", "fix_state": "Will not fix", "package_name": "libyaml", "product_name": "Red Hat Satellite 5.3"}, {"cpe": "cpe:/a:redhat:network_satellite:5.4", "fix_state": "Will not fix", "package_name": "libyaml", "product_name": "Red Hat Satellite 5.4"}, {"cpe": "cpe:/a:redhat:network_satellite:5.5", "fix_state": "Will not fix", "package_name": "libyaml", "product_name": "Red Hat Satellite 5.5"}, {"cpe": "cpe:/a:redhat:network_satellite:5.6", "fix_state": "Not affected", "package_name": "libyaml", "product_name": "Red Hat Satellite 5.6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "libyaml", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:1", "fix_state": "Not affected", "package_name": "libyaml", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Affected", "package_name": "libyaml", "product_name": "Red Hat Subscription Asset Manager"}, {"cpe": "cpe:/a:redhat:rhui:2", "fix_state": "Will not fix", "package_name": "libyaml", "product_name": "RHUI for RHEL 6"}], "public_date": "2014-03-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2014-2525\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-2525"], "statement": "Redhat satellite does not ship libyaml package but instead consumes the package from the RHEL distribution which is why it has been marked as not affected.", "threat_severity": "Important"}

{

acknowledgement : Red Hat would like to thank oCERT for reporting this issue. (string)

affected_release : [ »

0 : { »

advisory : RHSA-2014:0353 (string)

cpe : cpe:/a:redhat:openstack:3::el6 (string)

package : libyaml-0:0.1.3-1.4.el6 (string)

product_name : OpenStack 3 for RHEL 6 (string)

release_date : 2014-04-02T00:00:00Z (string)

}

1 : { »

advisory : RHSA-2014:0364 (string)

cpe : cpe:/a:redhat:openstack:3::el6 (string)

package : ruby193-libyaml-0:0.1.4-5.1.el6 (string)

product_name : OpenStack 3 for RHEL 6 (string)

release_date : 2014-04-03T00:00:00Z (string)

}

2 : { »

advisory : RHSA-2014:0354 (string)

cpe : cpe:/a:redhat:openstack:4::el6 (string)

package : libyaml-0:0.1.3-1.4.el6 (string)

product_name : OpenStack 4 for RHEL 6 (string)

release_date : 2014-04-02T00:00:00Z (string)

}

3 : { »

advisory : RHSA-2014:0415 (string)

cpe : cpe:/a:redhat:rhel_common:6::el6 (string)

package : libyaml-0:0.1.3-1.4.el6 (string)

product_name : Red Hat Common for RHEL 6 (string)

release_date : 2014-04-17T00:00:00Z (string)

}

4 : { »

advisory : RHSA-2014:0355 (string)

cpe : cpe:/a:redhat:rhel_software_collections:1::el6 (string)

package : ruby193-libyaml-0:0.1.4-5.1.el6 (string)

product_name : Red Hat Software Collections for RHEL-6 (string)

release_date : 2014-04-02T00:00:00Z (string)

}

]

bugzilla : { »

description : libyaml: heap-based buffer overflow when parsing URLs (string)

id : 1078083 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=1078083 (string)

}

csaw : false (boolean)

cvss : { »

cvss_base_score : 6.8 (string)

cvss_scoring_vector : AV:N/AC:M/Au:N/C:P/I:P/A:P (string)

status : verified (string)

}

cwe : CWE-122 (string)

details : [ »

0 : Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file. (string)

]

mitigation : { »

lang : en:us (string)

value : Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. (string)

}

name : CVE-2014-2525 (string)

package_state : [ »

0 : { »

cpe : cpe:/a:redhat:cloudforms_managementengine:5 (string)

fix_state : Not affected (string)

package_name : ruby193-libyaml (string)

product_name : CloudForms Management Engine 5 (string)

}

1 : { »

cpe : cpe:/a:redhat:openshift:1 (string)

fix_state : Will not fix (string)

package_name : ruby193-libyaml (string)

product_name : OpenShift Enterprise 1 (string)

}

2 : { »

cpe : cpe:/o:redhat:enterprise_linux:6 (string)

fix_state : Affected (string)

package_name : libyaml (string)

product_name : Red Hat Enterprise Linux 6 (string)

}

3 : { »

cpe : cpe:/o:redhat:enterprise_linux:7 (string)

fix_state : Not affected (string)

package_name : libyaml (string)

product_name : Red Hat Enterprise Linux 7 (string)

}

4 : { »

cpe : cpe:/a:redhat:enterprise_mrg:1 (string)

fix_state : Will not fix (string)

package_name : libyaml (string)

product_name : Red Hat Enterprise MRG 1 (string)

}

5 : { »

cpe : cpe:/a:redhat:enterprise_mrg:2 (string)

fix_state : Will not fix (string)

package_name : libyaml (string)

product_name : Red Hat Enterprise MRG 2 (string)

}

6 : { »

cpe : cpe:/a:redhat:network_satellite:5.3 (string)

fix_state : Will not fix (string)

package_name : libyaml (string)

product_name : Red Hat Satellite 5.3 (string)

}

7 : { »

cpe : cpe:/a:redhat:network_satellite:5.4 (string)

fix_state : Will not fix (string)

package_name : libyaml (string)

product_name : Red Hat Satellite 5.4 (string)

}

8 : { »

cpe : cpe:/a:redhat:network_satellite:5.5 (string)

fix_state : Will not fix (string)

package_name : libyaml (string)

product_name : Red Hat Satellite 5.5 (string)

}

9 : { »

cpe : cpe:/a:redhat:network_satellite:5.6 (string)

fix_state : Not affected (string)

package_name : libyaml (string)

product_name : Red Hat Satellite 5.6 (string)

}

10 : { »

cpe : cpe:/a:redhat:satellite:6 (string)

fix_state : Not affected (string)

package_name : libyaml (string)

product_name : Red Hat Satellite 6 (string)

}

11 : { »

cpe : cpe:/a:redhat:rhel_software_collections:1 (string)

fix_state : Not affected (string)

package_name : libyaml (string)

product_name : Red Hat Software Collections (string)

}

12 : { »

cpe : cpe:/a:rhel_sam:1 (string)

fix_state : Affected (string)

package_name : libyaml (string)

product_name : Red Hat Subscription Asset Manager (string)

}

13 : { »

cpe : cpe:/a:redhat:rhui:2 (string)

fix_state : Will not fix (string)

package_name : libyaml (string)

product_name : RHUI for RHEL 6 (string)

}

]

public_date : 2014-03-27T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2014-2525 https://nvd.nist.gov/vuln/detail/CVE-2014-2525 (string)

]

statement : Redhat satellite does not ship libyaml package but instead consumes the package from the RHEL distribution which is why it has been marked as not affected. (string)

threat_severity : Important (string)

}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object