CVE-2013-6393
Description
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
8.06
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Fast YAML 1.1 parser and emitter library (USN-2098-1) libyaml-0-2_0.1.4-2ubuntu0.12.04.4_i386.deb | Linux |
| Fast YAML 1.1 parser and emitter library (USN-2098-1) libyaml-0-2_0.1.4-2ubuntu0.12.04.4_amd64.deb | Linux |
| Perl interface to libyaml, a YAML implementation (USN-2161-1) libyaml-libyaml-perl_0.38-2ubuntu0.2_i386.deb | Linux |
| Perl interface to libyaml, a YAML implementation (USN-2161-1) libyaml-libyaml-perl_0.38-2ubuntu0.2_amd64.deb | Linux |
| libyaml-libyaml-perl security update(DSA-3103-1) libyaml-libyaml-perl_0.38-3+deb7u3_i386.deb | Linux |
| SUSE-SU-2015:0953-2(SUSE Linux Enterprise Desktop 12 ) perl-YAML-LibYAML-0.38-10.1.x86_64.rpm | Linux |
| SUSE-SU-2015:0953-2(SUSE Linux Enterprise Desktop 12 ) perl-YAML-LibYAML-debuginfo-0.38-10.1.x86_64.rpm | Linux |
| SUSE-SU-2015:0953-2(SUSE Linux Enterprise Desktop 12 ) perl-YAML-LibYAML-debugsource-0.38-10.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234