CVE-2014-2525
⚪ Do wiadomości
Przepełnienie bufora w LibYAML umożliwia zdalne wykonanie kodu przez złośliwy URI.
CVSS
6.8
EPSS
63.2%
Exploit
poc
Vendor
pyyaml
Opis źródłowy (NVD)
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
buffer-overflow exploit
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 6.8 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 63.2% |
| Opublikowano (NVD) | 2014-03-28 15:55:08 UTC |
| Ostatnia modyfikacja (NVD) | 2026-05-06 22:30:45 UTC |
Referencje
- http://advisories.mageia.org/MGASA-2014-0150.html (cve@mitre.org) [Third Party Advisory]
- http://lists.opensuse.org/opensuse-updates/2014-04/msg00022.html (cve@mitre.org) [Third Party Advisory]
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html (cve@mitre.org) [Third Party Advisory]
- http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html (cve@mitre.org) [Third Party Advisory]
- http://rhn.redhat.com/errata/RHSA-2014-0353.html (cve@mitre.org)
- http://rhn.redhat.com/errata/RHSA-2014-0354.html (cve@mitre.org)
- http://rhn.redhat.com/errata/RHSA-2014-0355.html (cve@mitre.org)
- http://secunia.com/advisories/57836 (cve@mitre.org)
- http://secunia.com/advisories/57966 (cve@mitre.org)
- http://secunia.com/advisories/57968 (cve@mitre.org)
- http://support.apple.com/kb/HT6443 (cve@mitre.org)
- http://www.debian.org/security/2014/dsa-2884 (cve@mitre.org)
- http://www.debian.org/security/2014/dsa-2885 (cve@mitre.org)
- http://www.getchef.com/blog/2014/04/09/chef-server-11-0-12-release/ (cve@mitre.org)
- http://www.getchef.com/blog/2014/04/09/enterprise-chef-1-4-9-release/ (cve@mitre.org)
- http://www.getchef.com/blog/2014/04/09/enterprise-chef-11-1-3-release/ (cve@mitre.org)
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:060 (cve@mitre.org)
- http://www.ocert.org/advisories/ocert-2014-003.html (cve@mitre.org) [US Government Resource]
- http://www.securityfocus.com/bid/66478 (cve@mitre.org)
- http://www.ubuntu.com/usn/USN-2160-1 (cve@mitre.org)
- https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048 (cve@mitre.org) [Exploit, Patch]
- https://puppet.com/security/cve/cve-2014-2525 (cve@mitre.org)