ALAS-2014-324 ---- perl-YAML-LibYAMLID: oval:org.secpod.oval:def:1600081 | Date: (C)2016-01-07 (M)2022-10-10 |
Class: PATCH | Family: unix |
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
Platform: |
Amazon Linux AMI |
Product: |
perl-YAML-LibYAML |