Date: Thu, 27 Mar 2014 00:07:31 +0100 From: Andrea Barisani <lcars@...rt.org> To: oss-security@...ts.openwall.com, ocert-announce@...ts.ocert.org, bugtraq@...urityfocus.com Subject: [oCERT-2014-003] LibYAML input sanitization errors #2014-003 LibYAML input sanitization errors Description: The LibYAML project is an open source YAML 1.1 parser and emitter written in C. The library is affected by a heap-based buffer overflow which can lead to arbitrary code execution. The vulnerability is caused by lack of proper expansion for the string passed to the yaml_parser_scan_uri_escapes() function. A specially crafted YAML file, with a long sequence of percent-encoded characters in a URL, can be used to trigger the overflow. Affected version: LibYAML <= 0.1.5 Fixed version: LibYAML >= 0.1.6 Credit: vulnerability report received from Ivan Fratric of the Google Security Team. CVE: CVE-2014-2525 Timeline: 2014-03-11: vulnerability report received 2014-03-14: maintainer provides patch for review 2014-03-17: reporter confirms patch 2014-03-17: disclosure coordinated on 2014-03-26 2014-03-18: contacted affected vendors 2014-03-18: assigned CVE 2014-03-26: LibYAML 0.1.6 released 2014-03-26: advisory release References: http://pyyaml.org/wiki/LibYAML https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048 Permalink: http://www.ocert.org/advisories/ocert-2014-003.html -- Andrea Barisani | Founder & Project Coordinator oCERT | OSS Computer Security Incident Response Team <lcars@...rt.org> http://www.ocert.org 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E "Pluralitas non est ponenda sine necessitate"
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.