Debian Security Advisory DSA 2850-1 (libyaml - Heap-based Buffer Overflow) Network Vulnerability

Summary

Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

Solution

For the oldstable distribution (squeeze), this problem has been fixed in version 0.1.3-1+deb6u2. For the stable distribution (wheezy), this problem has been fixed in version 0.1.4-2+deb7u2. For the unstable distribution (sid), this problem has been fixed in version 0.1.4-3. We recommend that you upgrade your libyaml packages.

Affected

libyaml on Debian Linux

Detection

This check tests the installed software version using the apt package manager.

References

http://www.debian.org/security/2014/dsa-2850.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-6393

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 2850-1 (libyaml - heap-based buffer overflow)

Take action and discover your vulnerabilities