CVE-2014-2525

libyaml: heap-based buffer overflow when parsing URLs

Severity Score

9.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.

Desbordamiento de buffer basado en memoria dinámica en la función yaml_parser_scan_uri_escapes en LibYAML anterior a 0.1.6 permite a atacantes dependientes de contexto ejecutar código arbitrario a través de una secuencia larga de caracteres codificados de porcentaje en una URI en un archivo YAML.

Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Ivan Fratric of the Google Security Team discovered a heap-based buffer overflow vulnerability in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2014-03-17 CVE Reserved
2014-03-26 CVE Published
2024-08-06 CVE Updated
2024-08-06 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-122: Heap-based Buffer Overflow

CAPEC

References (24)

URL	Tag	Source
http://advisories.mageia.org/MGASA-2014-0150.html	Third Party Advisory
http://secunia.com/advisories/57836	Third Party Advisory
http://secunia.com/advisories/57966	Third Party Advisory
http://secunia.com/advisories/57968	Third Party Advisory
http://support.apple.com/kb/HT6443	X_refsource_confirm
http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release	X_refsource_confirm
http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release	X_refsource_confirm
http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release	X_refsource_confirm
http://www.ocert.org/advisories/ocert-2014-003.html	Us Government Resource
http://www.securityfocus.com/bid/66478	Vdb Entry
https://puppet.com/security/cve/cve-2014-2525	X_refsource_confirm

URL	Date	SRC
https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048	2024-08-06

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html	2018-10-30
http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html	2018-10-30
http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html	2018-10-30
http://rhn.redhat.com/errata/RHSA-2014-0353.html	2018-10-30
http://rhn.redhat.com/errata/RHSA-2014-0354.html	2018-10-30
http://rhn.redhat.com/errata/RHSA-2014-0355.html	2018-10-30
http://www.debian.org/security/2014/dsa-2884	2018-10-30
http://www.debian.org/security/2014/dsa-2885	2018-10-30
http://www.mandriva.com/security/advisories?name=MDVSA-2015:060	2018-10-30
http://www.ubuntu.com/usn/USN-2160-1	2018-10-30
https://access.redhat.com/security/cve/CVE-2014-2525	2014-04-17
https://bugzilla.redhat.com/show_bug.cgi?id=1078083	2014-04-17

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Pyyaml Search vendor "Pyyaml"		Libyaml Search vendor "Pyyaml" for product "Libyaml"				<= 0.1.5 Search vendor "Pyyaml" for product "Libyaml" and version " <= 0.1.5"		-		Affected
Pyyaml Search vendor "Pyyaml"		Libyaml Search vendor "Pyyaml" for product "Libyaml"				0.0.1 Search vendor "Pyyaml" for product "Libyaml" and version "0.0.1"		-		Affected
Pyyaml Search vendor "Pyyaml"		Libyaml Search vendor "Pyyaml" for product "Libyaml"				0.1.1 Search vendor "Pyyaml" for product "Libyaml" and version "0.1.1"		-		Affected
Pyyaml Search vendor "Pyyaml"		Libyaml Search vendor "Pyyaml" for product "Libyaml"				0.1.2 Search vendor "Pyyaml" for product "Libyaml" and version "0.1.2"		-		Affected
Pyyaml Search vendor "Pyyaml"		Libyaml Search vendor "Pyyaml" for product "Libyaml"				0.1.3 Search vendor "Pyyaml" for product "Libyaml" and version "0.1.3"		-		Affected
Pyyaml Search vendor "Pyyaml"		Libyaml Search vendor "Pyyaml" for product "Libyaml"				0.1.4 Search vendor "Pyyaml" for product "Libyaml" and version "0.1.4"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				42.1 Search vendor "Opensuse" for product "Leap" and version "42.1"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				13.1 Search vendor "Opensuse" for product "Opensuse" and version "13.1"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				13.2 Search vendor "Opensuse" for product "Opensuse" and version "13.2"		-		Affected