Vulnerability Details : CVE-2013-6393
The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2013-6393
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*
- cpe:2.3:a:pyyaml:libyaml:*:*:*:*:*:*:*:*
- cpe:2.3:a:pyyaml:libyaml:0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:pyyaml:libyaml:0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:pyyaml:libyaml:0.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:pyyaml:libyaml:0.1.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-6393
2.24%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 89 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-6393
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2013-6393
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6393
-
http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html
openSUSE-SU-2014:0273-1: moderate: update for libyamlThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-0355.html
RHSA-2014:0355 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://www.debian.org/security/2014/dsa-2850
Debian -- Security Information -- DSA-2850-1 libyamlThird Party Advisory
-
http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html
Broken Link
-
http://rhn.redhat.com/errata/RHSA-2014-0353.html
RHSA-2014:0353 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html
openSUSE-SU-2014:0272-1: moderate: update for libyamlThird Party Advisory
-
http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
Broken Link
-
https://bugzilla.redhat.com/show_bug.cgi?id=1033990
1033990 – (CVE-2013-6393) CVE-2013-6393 libyaml: heap-based buffer overflow when parsing YAML tagsPatch;Issue Tracking
-
http://www.securityfocus.com/bid/65258
LibYAML 'scanner.c' Remote Heap Based Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://advisories.mageia.org/MGASA-2014-0040.html
Mageia Advisory: MGASA-2014-0040 - Updated yaml packages fix CVE-2013-6393Third Party Advisory
-
https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff
Attachment 847926 Details for Bug 1033990 – String overflow patchIssue Tracking
-
http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html
openSUSE-SU-2015:0319-1: moderate: Security update for perl-YAML-LibYAMLThird Party Advisory
-
https://bitbucket.org/xi/libyaml/commits/tag/0.1.5
xi / libyaml / Commits — BitbucketIssue Tracking
-
https://support.apple.com/kb/HT6536
About the security content of OS X Server v4.0 - Apple SupportThird Party Advisory
-
http://www.debian.org/security/2014/dsa-2870
Debian -- Security Information -- DSA-2870-1 libyaml-libyaml-perlThird Party Advisory
-
http://www.ubuntu.com/usn/USN-2098-1
USN-2098-1: LibYAML vulnerability | Ubuntu security noticesThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:060
mandriva.comThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html
openSUSE-SU-2016:1067-1: moderate: Security update for perl-YAML-LibYAMLThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2014-0354.html
RHSA-2014:0354 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://puppet.com/security/cve/cve-2013-6393
CVE-2013-6393 | Puppet
Jump to