Wind River Support Network

HomeDefectsLIN5-18049
Fixed

LIN5-18049 : Security Advisory - libyaml - CVE-2013-6393

Created: Feb 16, 2014    Updated: Dec 19, 2017
Resolved Date: Apr 9, 2014
Found In Version: 5.0.1.14
Fix Version: 5.0.1.14
Severity: Standard
Applicable for: Wind River Linux 5
Component/s: Userspace

Description

The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6393

Other Downloads


Live chat
Online