CVE-2013-6393

The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.

Published: Feb 6, 2014
Updated: May 9, 2024
CVE: CVE-2013-6393
GHSA: GHSA-m75h-cghq-c8h5
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
pyyaml / libyaml	0.1.2	0.1.2.x
pyyaml / libyaml	0.1.3	0.1.3.x
pyyaml / libyaml	0.1.1	0.1.1.x
pyyaml / libyaml	-	0.1.4.x
pyyaml / libyaml	0.0.1	0.0.1.x
canonical / ubuntu_linux	13.10	13.10.x
canonical / ubuntu_linux	12.04	12.04.x
canonical / ubuntu_linux	12.10	12.10.x
redhat / openstack	4.0	4.0.x
redhat / openstack	3.0	3.0.x
debian / debian_linux	7.0	7.0.x
debian / debian_linux	6.0	6.0.x
opensuse / opensuse	11.4	11.4.x
opensuse / leap	42.1	42.1.x
opensuse / opensuse	13.1	13.1.x
opensuse / opensuse	13.2	13.2.x
libyaml	-	0.2.3

Vulnerability Database

289,599

CVE-2013-6393