Vulnerability Details : CVE-2014-9130
Potential exploit
scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
Vulnerability category: Denial of service
Products affected by CVE-2014-9130
- cpe:2.3:a:pyyaml:libyaml:0.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:pyyaml:libyaml:0.1.5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-9130
60.42%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-9130
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-9130
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-9130
-
http://www.ubuntu.com/usn/USN-2461-2
USN-2461-2: libyaml-libyaml-perl vulnerability | Ubuntu security notices
-
http://www.debian.org/security/2014/dsa-3102
Debian -- Security Information -- DSA-3102-1 libyaml
-
http://secunia.com/advisories/62164
Sign in
-
http://rhn.redhat.com/errata/RHSA-2015-0112.html
RHSA-2015:0112 - Security Advisory - Red Hat Customer Portal
-
https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
xi / libyaml / commit / 2b9156756423 — BitbucketExploit
-
http://secunia.com/advisories/59947
Sign in
-
https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
xi / libyaml / issues / #10 - Wrapped strings cause assert failure — BitbucketExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/99047
LibYAML and the perl YAML-LibYAML module scanner.c denial of service CVE-2014-9130 Vulnerability Report
-
http://secunia.com/advisories/60944
Sign in
-
http://www.openwall.com/lists/oss-security/2014/11/28/1
oss-security - libyaml / YAML-LibYAML DoSExploit
-
http://rhn.redhat.com/errata/RHSA-2015-0100.html
RHSA-2015:0100 - Security Advisory - Red Hat Customer Portal
-
http://secunia.com/advisories/62774
Sign in
-
http://rhn.redhat.com/errata/RHSA-2015-0260.html
RHSA-2015:0260 - Security Advisory - Red Hat Customer Portal
-
http://www.ubuntu.com/usn/USN-2461-1
USN-2461-1: LibYAML vulnerability | Ubuntu security notices
-
http://www.securityfocus.com/bid/71349
LibYAML and Perl YAML-LibYAML Module 'scanner.c' Remote Denial of Service Vulnerability
-
http://advisories.mageia.org/MGASA-2014-0508.html
Mageia Advisory: MGASA-2014-0508 - Updated yaml & perl-YAML-LibYAML packages fix CVE-2014-9130
-
http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html
openSUSE-SU-2015:0319-1: moderate: Security update for perl-YAML-LibYAML
-
http://secunia.com/advisories/62705
Sign in
-
http://linux.oracle.com/errata/ELSA-2015-0100.html
linux.oracle.com | ELSA-2015-0100
-
http://secunia.com/advisories/62174
Sign in
-
http://secunia.com/advisories/62723
Sign in
-
http://www.mandriva.com/security/advisories?name=MDVSA-2015:060
mandriva.com
-
http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html
openSUSE-SU-2016:1067-1: moderate: Security update for perl-YAML-LibYAML
-
http://www.ubuntu.com/usn/USN-2461-3
USN-2461-3: PyYAML vulnerability | Ubuntu security notices
-
http://www.openwall.com/lists/oss-security/2014/11/28/8
oss-security - Re: libyaml / YAML-LibYAML DoS
-
https://puppet.com/security/cve/cve-2014-9130
CVE-2014-9130 | Puppet
-
http://secunia.com/advisories/62176
Sign in
-
http://www.debian.org/security/2014/dsa-3115
Debian -- Security Information -- DSA-3115-1 pyyaml
-
http://www.openwall.com/lists/oss-security/2014/11/29/3
oss-security - Re: Re: libyaml / YAML-LibYAML DoS
-
http://www.mandriva.com/security/advisories?name=MDVSA-2014:242
mandriva.com
-
http://www.debian.org/security/2014/dsa-3103
Debian -- Security Information -- DSA-3103-1 libyaml-libyaml-perl
Jump to