CVE-2014-2525

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.

References

http://advisories.mageia.org/MGASA-2014-0150.html

http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html

http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html

http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html

http://rhn.redhat.com/errata/RHSA-2014-0353.html

http://rhn.redhat.com/errata/RHSA-2014-0354.html

http://rhn.redhat.com/errata/RHSA-2014-0355.html

http://secunia.com/advisories/57836

http://secunia.com/advisories/57966

http://secunia.com/advisories/57968

http://support.apple.com/kb/HT6443

http://www.debian.org/security/2014/dsa-2884

http://www.debian.org/security/2014/dsa-2885

http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/

http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/

http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/

http://www.mandriva.com/security/advisories?name=MDVSA-2015:060

http://www.ocert.org/advisories/ocert-2014-003.html

http://www.securityfocus.com/bid/66478

http://www.ubuntu.com/usn/USN-2160-1

https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048

https://puppet.com/security/cve/cve-2014-2525

Details

Source: MITRE

Published: 2014-03-28

Updated: 2018-10-30

Type: CWE-119

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (26 total)

IDNameProductFamilySeverity
124948EulerOS Virtualization 3.0.1.0 : libyaml (EulerOS-SA-2019-1445)NessusHuawei Local Security Checks
medium
90563openSUSE Security Update : perl-YAML-LibYAML (openSUSE-2016-473)NessusSuSE Local Security Checks
medium
83869SUSE SLED12 / SLES12 Security Update : perl-YAML-LibYAML (SUSE-SU-2015:0953-2)NessusSuSE Local Security Checks
medium
83868SUSE SLES12 Security Update : perl-YAML-LibYAML (SUSE-SU-2015:0953-1)NessusSuSE Local Security Checks
medium
81943Mandriva Linux Security Advisory : yaml (MDVSA-2015:060)NessusMandriva Local Security Checks
medium
81417openSUSE Security Update : perl-YAML-LibYAML (openSUSE-2015-162)NessusSuSE Local Security Checks
medium
79012RHEL 6 : libyaml (RHSA-2014:0415)NessusRed Hat Local Security Checks
medium
8394Mac OS X < 10.9.5 Multiple Vulnerabilities (Security Update 2014-004)Nessus Network MonitorWeb Clients
critical
77748Mac OS X 10.9.x < 10.9.5 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
75319openSUSE Security Update : libyaml (openSUSE-SU-2014:0500-1)NessusSuSE Local Security Checks
medium
74171GLSA-201405-27 : LibYAML: Arbitrary code executionNessusGentoo Local Security Checks
medium
74126CentOS 6 : Important: / ruby193-libyaml (CESA-2014:0355)NessusCentOS Local Security Checks
medium
73652Amazon Linux AMI : perl-YAML-LibYAML (ALAS-2014-324)NessusAmazon Linux Local Security Checks
medium
73649Amazon Linux AMI : libyaml (ALAS-2014-321)NessusAmazon Linux Local Security Checks
medium
73637Slackware 13.1 / 13.37 / 14.0 / 14.1 / current : libyaml (SSA:2014-111-01)NessusSlackware Local Security Checks
medium
73446Mandriva Linux Security Advisory : yaml (MDVSA-2014:071)NessusMandriva Local Security Checks
medium
73445Mandriva Linux Security Advisory : perl-YAML-LibYAML (MDVSA-2014:069)NessusMandriva Local Security Checks
medium
73366Fedora 20 : perl-YAML-LibYAML-0.41-4.fc20 (2014-4548)NessusFedora Local Security Checks
medium
73364Fedora 19 : perl-YAML-LibYAML-0.41-4.fc19 (2014-4517)NessusFedora Local Security Checks
medium
73358Fedora 20 : libyaml-0.1.6-1.fc20 (2014-4440)NessusFedora Local Security Checks
medium
73357Fedora 19 : libyaml-0.1.6-1.fc19 (2014-4438)NessusFedora Local Security Checks
medium
73329Ubuntu 12.04 LTS / 12.10 / 13.10 : libyaml-libyaml-perl vulnerabilities (USN-2161-1)NessusUbuntu Local Security Checks
medium
73328Ubuntu 12.04 LTS / 12.10 / 13.10 : libyaml vulnerability (USN-2160-1)NessusUbuntu Local Security Checks
medium
73321FreeBSD : LibYAML input sanitization errors (580cc46b-bb1e-11e3-b144-2c4138874f7d)NessusFreeBSD Local Security Checks
medium
73215Debian DSA-2885-1 : libyaml-libyaml-perl - security updateNessusDebian Local Security Checks
medium
73214Debian DSA-2884-1 : libyaml - security updateNessusDebian Local Security Checks
medium