// For flags

CVE-2014-9130

libyaml: assert failure when processing wrapped strings

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.

scanner.c en LibYAML 0.1.5 y 0.1.6, utilizado en el módulo YAML-LibYAML (también conocido como YAML-XS) para Perl, permite a atacantes dependientes de contexto causar una denegación de servicio (fallo de aserción y caída) a través de vectores que involucran la envoltura de líneas (line-wrapping).

An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-11-28 CVE Reserved
  • 2014-12-08 CVE Published
  • 2024-07-20 EPSS Updated
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-20: Improper Input Validation
  • CWE-617: Reachable Assertion
CAPEC
References (33)
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Pyyaml
Search vendor "Pyyaml"
Libyaml
Search vendor "Pyyaml" for product "Libyaml"
0.1.5
Search vendor "Pyyaml" for product "Libyaml" and version "0.1.5"
-
Affected
Pyyaml
Search vendor "Pyyaml"
Libyaml
Search vendor "Pyyaml" for product "Libyaml"
0.1.6
Search vendor "Pyyaml" for product "Libyaml" and version "0.1.6"
-
Affected