Improper input validation in Pyyaml Libyaml

CVE-2014-9130

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.576 (98.2th percentile) — read the EPSS interpretation.

Affected products

Pyyaml Libyaml — versions 0.1.5, 0.1.6
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

References

62705 (x_refsource_SECUNIA, third-party-advisory)
cve@mitre.org (x_refsource_CONFIRM, Exploit)
71349 (vdb-entry, x_refsource_BID)
DSA-3102 (vendor-advisory, x_refsource_DEBIAN)
62174 (x_refsource_SECUNIA, third-party-advisory)
RHSA-2015:0112 (x_refsource_REDHAT, vendor-advisory)
[oss-security] 20141128 libyaml / YAML-LibYAML DoS (mailing-list, x_refsource_MLIST, Exploit)
MDVSA-2015:060 (vendor-advisory, x_refsource_MANDRIVA)
USN-2461-3 (x_refsource_UBUNTU, vendor-advisory)
DSA-3115 (vendor-advisory, x_refsource_DEBIAN)