FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2013-6393

This CVE name corresponds to:

Entered Topic
2014-02-01 libyaml heap overflow resulting in possible code execution

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2013-6393 at cve.mitre.org

Details

Type Candidate
Name CVE-2013-6393
Phase Assigned(20131104)

Description

The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.

References

Source Reference
MISC https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff
CONFIRM https://bitbucket.org/xi/libyaml/commits/tag/0.1.5
CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=1033990
CONFIRM https://support.apple.com/kb/HT6536
CONFIRM http://advisories.mageia.org/MGASA-2014-0040.html
APPLE APPLE-SA-2014-04-22-1
APPLE APPLE-SA-2014-10-16-3
DEBIAN DSA-2850
DEBIAN DSA-2870
MANDRIVA MDVSA-2015:060
REDHAT RHSA-2014:0353
REDHAT RHSA-2014:0354
REDHAT RHSA-2014:0355
SUSE openSUSE-SU-2014:0272
SUSE openSUSE-SU-2014:0273
SUSE openSUSE-SU-2015:0319
SUSE openSUSE-SU-2016:1067
UBUNTU USN-2098-1
BID 65258
OSVDB 102716

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.