Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | libyaml | 2014-04-10 23:54 | ALAS-2014-321 |
Amazon Linux 1 | perl-YAML-LibYAML | 2014-04-17 14:18 | ALAS-2014-324 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |
NVD | CVSSv2 | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |