CVE-2014-9130

NameCVE-2014-9130
Descriptionscanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDLA-109-1, DLA-110-1, DLA-127-1, DSA-3102-1, DSA-3103-1, DSA-3115-1
Debian Bugs771365, 771366, 772815

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libyaml (PTS)jessie0.1.6-3fixed
stretch0.1.7-2fixed
buster0.2.1-1fixed
bullseye0.2.2-1fixed
sid, trixie, bookworm0.2.5-1fixed
libyaml-libyaml-perl (PTS)jessie0.41-6fixed
stretch0.63-2fixed
buster0.76+repack-1fixed
bullseye0.82+repack-1fixed
bookworm0.86+ds-1fixed
sid, trixie0.902.0+ds-2fixed
pyyaml (PTS)jessie3.11-2fixed
stretch3.12-1fixed
buster3.13-2fixed
bullseye5.3.1-5fixed
bookworm6.0-3fixed
sid, trixie6.0.2-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libyamlsourcesqueeze0.1.3-1+deb6u5DLA-110-1
libyamlsourcewheezy0.1.4-2+deb7u5DSA-3102-1
libyamlsource(unstable)0.1.6-3771366
libyaml-libyaml-perlsourcesqueeze0.33-1+squeeze4DLA-109-1
libyaml-libyaml-perlsourcewheezy0.38-3+deb7u3DSA-3103-1
libyaml-libyaml-perlsource(unstable)0.41-6771365
pyyamlsourcesqueeze3.09-5+deb6u1DLA-127-1
pyyamlsourcewheezy3.10-4+deb7u1DSA-3115-1
pyyamlsource(unstable)3.11-2772815

Notes

https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
for pyyaml: might be need to be removed here (no-CVE assigned) or separate CVE
for pyyaml: https://bitbucket.org/xi/pyyaml/commits/ddf211a41bb231c365fece5599b7e484e6dc33fc/raw/

Search for package or bug name: Reporting problems