Fluid Attacks Database

Description

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	pyyaml	>=0 <3.11-2	3.11-2
debian 13	libyaml-libyaml-perl	>=0 <0.41-6	0.41-6
debian 12	libyaml-libyaml-perl	>=0 <0.41-6	0.41-6
debian 14	libyaml-libyaml-perl	>=0 <0.41-6	0.41-6
debian 11	libyaml-libyaml-perl	>=0 <0.41-6	0.41-6
debian 13	libyaml	>=0 <0.1.6-3	0.1.6-3
debian 11	libyaml	>=0 <0.1.6-3	0.1.6-3
debian 11	pyyaml	>=0 <3.11-2	3.11-2
debian 12	libyaml	>=0 <0.1.6-3	0.1.6-3
debian 13	pyyaml	>=0 <3.11-2	3.11-2

1-10 of 15

Aliases

1. CVE-2014-91302. NVD-2014-91303. OSV-DEBIAN-2014-91304. OSV-2014-91305. OSV-ALPINE-2014-91306. SECURITY-TRACKER-CVE-2014-91307. SECURITY-CVE-2014-9130

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.