Search CVE reports
1 – 5 of 5 results
CVE-2024-35326
Medium prioritylibyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issue is the function yaml_emitter_emit of the file /src/libyaml/src/emitter.c. The manipulation leads to a double-free.
4 affected packages
golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-goyaml | Not in release | Not in release | Not in release | — | Not affected |
| golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| libyaml | Not affected | Not affected | Not affected | Not affected | Not affected |
| libyaml-libyaml-perl | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-35325
Medium priorityA vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free.
4 affected packages
golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-goyaml | Not in release | Not in release | Not in release | — | Not affected |
| golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| libyaml | Not affected | Not affected | Not affected | Not affected | Not affected |
| libyaml-libyaml-perl | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-35328
Medium prioritylibyaml v0.2.5 is vulnerable to DDOS. Affected by this issue is the function yaml_parser_parse of the file /src/libyaml/src/parser.c.
4 affected packages
golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-goyaml | Not in release | Not in release | Not in release | — | Not affected |
| golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| libyaml | Not affected | Not affected | Not affected | Not affected | Not affected |
| libyaml-libyaml-perl | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-35329
Medium priority** DISPUTED ** libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application,...
4 affected packages
golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-goyaml | Not in release | Not in release | Not in release | — | Not affected |
| golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| libyaml | Not affected | Not affected | Not affected | Not affected | Not affected |
| libyaml-libyaml-perl | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-28948
Medium prioritySome fixes available 4 of 12
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.
4 affected packages
golang-gopkg-yaml.v3, golang-goyaml, golang-yaml.v2, snapd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-gopkg-yaml.v3 | Not affected | Needs evaluation | Not in release | Not in release | Not in release |
| golang-goyaml | Not in release | Not in release | Not in release | Not in release | Not affected |
| golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| snapd | Fixed | Fixed | Fixed | Vulnerable | Needs evaluation |