Vulnerability Details : CVE-2013-6393

The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.

Vulnerability category: OverflowExecute codeDenial of service

Published 2014-02-06 22:55:03

Updated 2018-10-30 16:27:36

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2013-6393

Probability of exploitation activity in the next 30 days: 2.20%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2013-6393

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
6.8	MEDIUM	AV:N/AC:M/Au:N/C:P/I:P/A:P	8.6	6.4	nvd@nist.gov
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2013-6393

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2013-6393

http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html

openSUSE-SU-2014:0273-1: moderate: update for libyaml
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2014-0355.html

RHSA-2014:0355 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.debian.org/security/2014/dsa-2850

Debian -- Security Information -- DSA-2850-1 libyaml
Third Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html

Broken Link

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2014-0353.html

RHSA-2014:0353 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html

openSUSE-SU-2014:0272-1: moderate: update for libyaml
Third Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html

Broken Link

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=1033990

1033990 – (CVE-2013-6393) CVE-2013-6393 libyaml: heap-based buffer overflow when parsing YAML tags
Patch;Issue Tracking
http://www.securityfocus.com/bid/65258

LibYAML 'scanner.c' Remote Heap Based Buffer Overflow Vulnerability
Third Party Advisory;VDB Entry
http://advisories.mageia.org/MGASA-2014-0040.html

Mageia Advisory: MGASA-2014-0040 - Updated yaml packages fix CVE-2013-6393
Third Party Advisory
https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff

Attachment 847926 Details for Bug 1033990 – String overflow patch
Issue Tracking
http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html

openSUSE-SU-2015:0319-1: moderate: Security update for perl-YAML-LibYAML
Third Party Advisory

CVEs referencing this url
https://bitbucket.org/xi/libyaml/commits/tag/0.1.5

xi / libyaml / Commits — Bitbucket
Issue Tracking
https://support.apple.com/kb/HT6536

About the security content of OS X Server v4.0 - Apple Support
Third Party Advisory

CVEs referencing this url
http://www.debian.org/security/2014/dsa-2870

Debian -- Security Information -- DSA-2870-1 libyaml-libyaml-perl
Third Party Advisory
http://www.ubuntu.com/usn/USN-2098-1

USN-2098-1: LibYAML vulnerability | Ubuntu security notices
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2015:060

mandriva.com
Third Party Advisory

CVEs referencing this url
http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html

openSUSE-SU-2016:1067-1: moderate: Security update for perl-YAML-LibYAML
Third Party Advisory

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2014-0354.html

RHSA-2014:0354 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
https://puppet.com/security/cve/cve-2013-6393

CVE-2013-6393 | Puppet

Products affected by CVE-2013-6393

Debian » Debian Linux » Version: 6.0
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
Matching versions
Debian » Debian Linux » Version: 7.0
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
Matching versions
Redhat » Openstack » Version: 4.0
cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
Matching versions
Redhat » Openstack » Version: 3.0
cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.10
cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 12.04 LTS Edition
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 13.10
cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 11.4
cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 13.2
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Matching versions
Opensuse » Opensuse » Version: 13.1
cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Matching versions
Opensuse » Leap » Version: 42.1
cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
Matching versions
Pyyaml » Libyaml
Versions up to, including, (<=) 0.1.4
cpe:2.3:a:pyyaml:libyaml:*:*:*:*:*:*:*:*
Matching versions
Pyyaml » Libyaml » Version: 0.1.2
cpe:2.3:a:pyyaml:libyaml:0.1.2:*:*:*:*:*:*:*
Matching versions
Pyyaml » Libyaml » Version: 0.1.1
cpe:2.3:a:pyyaml:libyaml:0.1.1:*:*:*:*:*:*:*
Matching versions
Pyyaml » Libyaml » Version: 0.0.1
cpe:2.3:a:pyyaml:libyaml:0.0.1:*:*:*:*:*:*:*
Matching versions
Pyyaml » Libyaml » Version: 0.1.3
cpe:2.3:a:pyyaml:libyaml:0.1.3:*:*:*:*:*:*:*
Matching versions