{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3205", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "REJECTED", "assignerShortName": "VulDB", "dateReserved": "2024-04-02T16:38:00.619Z", "datePublished": "2024-04-02T22:31:05.374Z", "dateUpdated": "2024-05-27T15:10:36.308Z", "dateRejected": "2024-05-27T15:10:36.308Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2024-05-27T15:10:36.308Z"}, "rejectedReasons": [{"lang": "en", "value": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The maintainer identified an error in the libyaml fuzzers. It is not possible to reproduce nor exploit the issue."}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The maintainer identified an error in the libyaml fuzzers. It is not possible to reproduce nor exploit the issue."}], "id": "CVE-2024-3205", "lastModified": "2024-05-27T15:15:08.930", "metrics": {}, "published": "2024-04-02T23:15:54.627", "references": [], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Rejected"}

{"bugzilla": {"description": "libyaml: Heap-Based Buffer Overflow", "id": "2272889", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2272889"}, "csaw": false, "cvss3": {"cvss3_base_score": "0.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "status": "draft"}, "details": ["[REJECTED CVE] A vulnerability was found in yaml libyaml up to 0.2.5 and classified as critical. Affected by this issue is the function yaml_emitter_emit_flow_sequence_item of the file /src/libyaml/src/emitter.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely."], "name": "CVE-2024-3205", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "libyaml", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Not affected", "package_name": "python-ruamel-yaml-clib", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "libyaml", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "libyaml", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "libyaml", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "perl-YAML-LibYAML", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "libyaml", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "python-ruamel-yaml-clib", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2024-04-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-3205\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-3205"], "statement": "This CVE has been rejected by upstream: https://github.com/yaml/libyaml/issues/258#issuecomment-2063497383.\nRed Hat has also evaluated this issue and determined that it does not meet the criteria to be classified as a security vulnerability. This assessment is based on the issue not posing a significant security risk, being a result of misconfiguration or usage error, or falling outside the scope of security considerations. \nAs such, this CVE has been marked as \"Rejected\" in alignment with Red Hat's vulnerability management policies.\nIf you have additional information or concerns regarding this determination, please contact Red Hat Product Security for further clarification."}

{}