CVE-2014-2525
Published: 27 March 2014
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
Priority
Status
Package | Release | Status |
---|---|---|
libyaml Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(0.1.4-2ubuntu0.12.04.3)
|
|
quantal |
Released
(0.1.4-2ubuntu0.12.10.3)
|
|
saucy |
Released
(0.1.4-2ubuntu0.13.10.3)
|
|
upstream |
Needed
|
|
Patches: vendor: https://www.debian.org/security/2014/dsa-2884 upstream: https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048 |
||
libyaml-libyaml-perl Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(0.38-2ubuntu0.1)
|
|
quantal |
Released
(0.38-3ubuntu0.12.10.1)
|
|
saucy |
Released
(0.38-3ubuntu0.13.10.1)
|
|
upstream |
Released
(0.41-5)
|
|
Patches: vendor: https://www.debian.org/security/2014/dsa-2885 upstream: https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048 |