Search CVE reports


Toggle filters

1 – 5 of 5 results


CVE-2024-35326

Medium priority
Ignored

libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issue is the function yaml_emitter_emit of the file /src/libyaml/src/emitter.c. The manipulation leads to a double-free.

4 affected packages

golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-goyaml Not in release Not in release Not in release Not affected
golang-yaml.v2 Not affected Not affected Not affected Not affected Not affected
libyaml Not affected Not affected Not affected Not affected Not affected
libyaml-libyaml-perl Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-35325

Medium priority
Ignored

A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free.

4 affected packages

golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-goyaml Not in release Not in release Not in release Not affected
golang-yaml.v2 Not affected Not affected Not affected Not affected Not affected
libyaml Not affected Not affected Not affected Not affected Not affected
libyaml-libyaml-perl Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-35328

Medium priority
Ignored

libyaml v0.2.5 is vulnerable to DDOS. Affected by this issue is the function yaml_parser_parse of the file /src/libyaml/src/parser.c.

4 affected packages

golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-goyaml Not in release Not in release Not in release Not affected
golang-yaml.v2 Not affected Not affected Not affected Not affected Not affected
libyaml Not affected Not affected Not affected Not affected Not affected
libyaml-libyaml-perl Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-35329

Medium priority
Ignored

** DISPUTED ** libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application,...

4 affected packages

golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-goyaml Not in release Not in release Not in release Not affected
golang-yaml.v2 Not affected Not affected Not affected Not affected Not affected
libyaml Not affected Not affected Not affected Not affected Not affected
libyaml-libyaml-perl Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-28948

Medium priority

Some fixes available 4 of 12

An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.

4 affected packages

golang-gopkg-yaml.v3, golang-goyaml, golang-yaml.v2, snapd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-gopkg-yaml.v3 Not affected Needs evaluation Not in release Not in release Not in release
golang-goyaml Not in release Not in release Not in release Not in release Not affected
golang-yaml.v2 Not affected Not affected Not affected Not affected Not affected
snapd Fixed Fixed Fixed Vulnerable Needs evaluation
Show less packages