(Apr 3) LibYAML could be made to crash or run programs if it opened a speciallycrafted YAML document.
Comment
Posts Tagged YAML
6 results.
Ubuntu: 2161-1: libyaml-libyaml-perl vulnerabilities
Apr03
on April 3, 2014
at 10:45 pm
Posted In: Uncategorized
(Apr 3) libyaml-libyaml-perl could be made to crash or run programs if it opened aspecially crafted YAML file.
Debian: 2870-1: libyaml-libyaml-perl: heap-based buffer overflow
Mar10
on March 10, 2014
at 8:41 pm
Posted In: Uncategorized
(Mar 8) Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, [More…]
Debian: 2850-1: libyaml: heap-based buffer overflow
Feb05
on February 5, 2014
at 4:15 pm
Posted In: Uncategorized
(Jan 31) Florian Weimer of the Red Hat Product Security Team discovered a heap-based buffer overflow flaw in LibYAML, a fast YAML 1.1 parser and emitter library. A remote attacker could provide a YAML document with a specially-crafted tag that, when parsed by an application using libyaml, [More…]
(Jun 26) It was discovered that puppet, a centralized configuration management system, did not correctly handle YAML payloads. A remote attacker could use a specially-crafted payload to execute arbitrary code on the puppet master. [More…]
Debian: 2613-1: rails: insufficient input validati
Jan31
on January 31, 2013
at 11:41 pm
Posted In: Uncategorized
(Jan 30) Lawrence Pit discovered that Ruby on Rails, a web development framenwork, is vulnerable to a flaw in the parsing of JSON to YAML. Using a specially crafted payload attackers can trick the backend into decoding a subset of YAML. [More…]