scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Pyyaml
  • Libyaml
Redhat
  • Enterprise Linux
  • Openstack
  • Rhel Software Collections

Configuration 1 [-]

OR cpe:2.3:a:pyyaml:libyaml:0.1.5:*:*:*:*:*:*:*
cpe:2.3:a:pyyaml:libyaml:0.1.6:*:*:*:*:*:*:*
Package CPE Advisory Released Date
OpenStack 4 for RHEL 6
libyaml-0:0.1.3-4.el6_6 cpe:/a:redhat:openstack:4::el6 RHSA-2015:0260 2015-02-23T00:00:00Z
Red Hat Enterprise Linux 6
libyaml-0:0.1.3-4.el6_6 cpe:/o:redhat:enterprise_linux:6 RHSA-2015:0100 2015-01-28T00:00:00Z
Red Hat Enterprise Linux 7
libyaml-0:0.1.4-11.el7_0 cpe:/o:redhat:enterprise_linux:7 RHSA-2015:0100 2015-01-28T00:00:00Z
Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6
libyaml-0:0.1.3-4.el6_6 cpe:/a:redhat:openstack:5::el6 RHSA-2015:0260 2015-02-23T00:00:00Z
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6
libyaml-0:0.1.3-4.el6_6 cpe:/a:redhat:rhel_software_collections:1::el6 RHSA-2015:0112 2015-02-02T00:00:00Z
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS
libyaml-0:0.1.3-4.el6_6 cpe:/a:redhat:rhel_software_collections:1::el6 RHSA-2015:0112 2015-02-02T00:00:00Z
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS
libyaml-0:0.1.3-4.el6_6 cpe:/a:redhat:rhel_software_collections:1::el6 RHSA-2015:0112 2015-02-02T00:00:00Z
Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS
libyaml-0:0.1.3-4.el6_6 cpe:/a:redhat:rhel_software_collections:1::el6 RHSA-2015:0112 2015-02-02T00:00:00Z
References
Link Providers
http://advisories.mageia.org/MGASA-2014-0508.html cve-icon cve-icon
http://linux.oracle.com/errata/ELSA-2015-0100.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-0100.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-0112.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-0260.html cve-icon cve-icon
http://secunia.com/advisories/59947 cve-icon cve-icon
http://secunia.com/advisories/60944 cve-icon cve-icon
http://secunia.com/advisories/62164 cve-icon cve-icon
http://secunia.com/advisories/62174 cve-icon cve-icon
http://secunia.com/advisories/62176 cve-icon cve-icon
http://secunia.com/advisories/62705 cve-icon cve-icon
http://secunia.com/advisories/62723 cve-icon cve-icon
http://secunia.com/advisories/62774 cve-icon cve-icon
http://www.debian.org/security/2014/dsa-3102 cve-icon cve-icon
http://www.debian.org/security/2014/dsa-3103 cve-icon cve-icon
http://www.debian.org/security/2014/dsa-3115 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2014:242 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2015:060 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2014/11/28/1 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2014/11/28/8 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2014/11/29/3 cve-icon cve-icon
http://www.securityfocus.com/bid/71349 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2461-1 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2461-2 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-2461-3 cve-icon cve-icon
https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2 cve-icon cve-icon
https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/99047 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2014-9130 cve-icon
https://puppet.com/security/cve/cve-2014-9130 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2014-9130 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-12-08T16:00:00

Updated: 2024-08-06T13:33:13.456Z

Reserved: 2014-11-28T00:00:00

Link: CVE-2014-9130

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-12-08T16:59:04.450

Modified: 2024-11-21T02:20:15.763

Link: CVE-2014-9130

cve-icon Redhat

Severity : Moderate

Publid Date: 2014-11-26T00:00:00Z

Links: CVE-2014-9130 - Bugzilla