CVE-2024-3205 - Vulnerability Details - OpenCVE

Description

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The maintainer identified an error in the libyaml fuzzers. It is not possible to reproduce nor exploit the issue.

Published: 2024-04-02

Score: 0.0 Low

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

No data.

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://nvd.nist.gov/vuln/detail/CVE-2024-3205
https://www.cve.org/CVERecord?id=CVE-2024-3205

History

Fri, 14 Mar 2025 02:45:00 +0000

Type	Values Removed	Values Added
Weaknesses	CWE-122

Subscriptions

No data.

MITRE

Status: REJECTED

Assigner: VulDB

Published: 2024-04-02T22:31:05.374Z

Updated: 2024-05-27T15:10:36.308Z

Reserved: 2024-04-02T16:38:00.619Z

Link: CVE-2024-3205

Vulnrichment

No data.

NVD

Status : Rejected

Published: 2024-04-02T23:15:54.627

Modified: 2024-05-27T15:15:08.930

Link: CVE-2024-3205

Redhat

Severity :

Publid Date: 2024-04-02T00:00:00Z

Links: CVE-2024-3205 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

No weakness.

{"bugzilla": {"description": "libyaml: Heap-Based Buffer Overflow", "id": "2272889", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272889"}, "csaw": false, "cvss3": {"cvss3_base_score": "0.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "status": "draft"}, "details": ["[REJECTED CVE] A vulnerability was found in yaml libyaml up to 0.2.5 and classified as critical. Affected by this issue is the function yaml_emitter_emit_flow_sequence_item of the file /src/libyaml/src/emitter.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely."], "name": "CVE-2024-3205", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "libyaml", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "python-ruamel-yaml-clib", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libyaml", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "libyaml", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libyaml", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "perl-YAML-LibYAML", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "libyaml", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "python-ruamel-yaml-clib", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-3205\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-3205"], "statement": "This CVE has been rejected by upstream: https://github.com/yaml/libyaml/issues/258#issuecomment-2063497383.\nRed Hat has also evaluated this issue and determined that it does not meet the criteria to be classified as a security vulnerability. This assessment is based on the issue not posing a significant security risk, being a result of misconfiguration or usage error, or falling outside the scope of security considerations. \nAs such, this CVE has been marked as \"Rejected\" in alignment with Red Hat's vulnerability management policies.\nIf you have additional information or concerns regarding this determination, please contact Red Hat Product Security for further clarification."}