CVE-2014-2525

Publication date 27 March 2014

Last updated 24 July 2024

Ubuntu priority

Description

Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
libyaml	13.10 saucy	Fixed 0.1.4-2ubuntu0.13.10.3
	12.10 quantal	Fixed 0.1.4-2ubuntu0.12.10.3
	12.04 LTS precise	Fixed 0.1.4-2ubuntu0.12.04.3
	10.04 LTS lucid	Ignored end of life
libyaml-libyaml-perl	13.10 saucy	Fixed 0.38-3ubuntu0.13.10.1
	12.10 quantal	Fixed 0.38-3ubuntu0.12.10.1
	12.04 LTS precise	Fixed 0.38-2ubuntu0.1
	10.04 LTS lucid	Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libyaml	Vendor: https://www.debian.org/security/2014/dsa-2884 Upstream: https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048
libyaml-libyaml-perl	Vendor: https://www.debian.org/security/2014/dsa-2885 Upstream: https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048

CVE-2014-2525

Description

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references