CVE-2014-9130

Published: Dec 8, 2014Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.

Affected (2)

Products: Pyyaml: Libyaml

Pyyaml

1 product

Libyaml

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Pyyaml Libyaml	Version 0.1.5
Pyyaml Libyaml	Version 0.1.6

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (62)

http://advisories.mageia.org/MGASA-2014-0508.html

Source: cve@mitre.org

http://linux.oracle.com/errata/ELSA-2015-0100.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2015-0100.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2015-0112.html

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2015-0260.html

Source: cve@mitre.org

http://secunia.com/advisories/59947

Source: cve@mitre.org

http://secunia.com/advisories/60944

Source: cve@mitre.org

http://secunia.com/advisories/62164

Source: cve@mitre.org

http://secunia.com/advisories/62174

Source: cve@mitre.org

http://secunia.com/advisories/62176

Source: cve@mitre.org

http://secunia.com/advisories/62705

Source: cve@mitre.org

http://secunia.com/advisories/62723

Source: cve@mitre.org

http://secunia.com/advisories/62774

Source: cve@mitre.org

http://www.debian.org/security/2014/dsa-3102

Source: cve@mitre.org

http://www.debian.org/security/2014/dsa-3103

Source: cve@mitre.org

http://www.debian.org/security/2014/dsa-3115

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2014:242

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2015:060

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2014/11/28/1

Source: cve@mitre.org

Exploit

http://www.openwall.com/lists/oss-security/2014/11/28/8

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2014/11/29/3

Source: cve@mitre.org

http://www.securityfocus.com/bid/71349

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-2461-1

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-2461-2

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-2461-3

Source: cve@mitre.org

https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2

Source: cve@mitre.org

Exploit

https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/99047

Source: cve@mitre.org

https://puppet.com/security/cve/cve-2014-9130

Source: cve@mitre.org

http://advisories.mageia.org/MGASA-2014-0508.html