Assigner | mitre |
Reserved | 2024-05-17 |
Published | 2024-06-11 |
Updated | 2024-06-12 |
Description
libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application, which was making use of the libyaml library, omitted the required calls to the yaml_document_initialize and yaml_document_delete functions.
References
https://drive.google.com/file/d/1xgQ9hJ7Sn5RVEsdMGvIy0s3b_bg3Wyk-/view?usp=sharing
https://github.com/yaml/libyaml/releases/tag/0.2.5