CVE-2024-35325

Note

golang-goyaml is a go translation of libyaml and shouldn't share
implementation flaws, but may share design flaws
This is a misuse of the API per the upstream libyaml developers.
This CVE is likely to get rejected, marking as deferred to
make sure.

Package	Release	Status
golang-goyaml Launchpad, Ubuntu, Debian	focal	Does not exist
	jammy	Does not exist
	mantic	Does not exist
	noble	Does not exist
	upstream	Needs triage
	xenial	Deferred (2024-07-24)
golang-yaml.v2 Launchpad, Ubuntu, Debian	bionic	Deferred (2024-07-24)
	focal	Deferred (2024-07-24)
	jammy	Deferred (2024-07-24)
	mantic	Ignored (end of life, was deferred [2024-07-24])
	noble	Deferred (2024-07-24)
	upstream	Needs triage
	xenial	Deferred (2024-07-24)
libyaml Launchpad, Ubuntu, Debian	bionic	Deferred (2024-07-24)
	focal	Deferred (2024-07-24)
	jammy	Deferred (2024-07-24)
	mantic	Ignored (end of life, was deferred [2024-07-24])
	noble	Deferred (2024-07-24)
	trusty	Deferred (2024-07-24)
	upstream	Needs triage
	xenial	Deferred (2024-07-24)
libyaml-libyaml-perl Launchpad, Ubuntu, Debian	bionic	Deferred (2024-07-24)
	focal	Deferred (2024-07-24)
	jammy	Deferred (2024-07-24)
	mantic	Ignored (end of life, was deferred [2024-07-24])
	noble	Deferred (2024-07-24)
	upstream	Needs triage
	xenial	Deferred (2024-07-24)

Parameter	Value
Base score	9.8
Attack vector	Network
Attack complexity	Low
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2024-35325

Notes

Priority

Cvss 3 Severity Score

Status

Severity score breakdown

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading