CVE-2014-2525

Published Mar 28, 2014

Last updated 3 months ago

CVSS info 6.8

Overview

Description: Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:pyyaml:libyaml:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BF15A6D7-D1CD-4B9A-8A90-81E441C531EF",
            "versionEndIncluding": "0.1.5"
          },
          {
            "criteria": "cpe:2.3:a:pyyaml:libyaml:0.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7F454F77-1AB1-44CF-8E1F-47BD71966CB8"
          },
          {
            "criteria": "cpe:2.3:a:pyyaml:libyaml:0.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F2A3FC6-ADD6-4890-A91E-7B42138CB1B4"
          },
          {
            "criteria": "cpe:2.3:a:pyyaml:libyaml:0.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A7892D90-243C-4588-92D0-F49B3443B3DB"
          },
          {
            "criteria": "cpe:2.3:a:pyyaml:libyaml:0.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9759A8FD-7010-4D10-9E26-A03FDDDA187B"
          },
          {
            "criteria": "cpe:2.3:a:pyyaml:libyaml:0.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7AE63A49-551A-4C0F-8ED9-AE1DB049B141"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References