[v3.0] yaml: reachable assertion issue in the libyaml (CVE-2014-9130)
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
References:
http://seclists.org/oss-sec/2014/q4/854
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9130
MISC:https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
CONFIRM:https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
(from redmine: issue id 3772, created on 2015-01-27, closed on 2017-06-06)
- Relations:
- parent #3771 (closed)