Out-of-Bounds in yaml-cpp

Do your applications use this vulnerable package? Test your applications

Overview

yaml-cpp is a YAML parser and emitter in C++.

Affected versions of this package are vulnerable to Out-of-Bounds. The attacks are possible because the SingleDocParser::HandleNode() function does not handle YAML files properly, allowing the attackers to trigger stack consumption and application crash using malicious YAML files.

Remediation

There is no fixed version for yaml-cpp.

References

GitHub Issue
Security Focus

Attack Vector

Local
Attack Complexity

Low
Privileges Required

None
User Interaction

Required
Scope

Unchanged
Confidentiality

None
Integrity

None
Availability

High

Credit: Kamil Frankowicz
CVE: CVE-2017-5950
CWE: CWE-119
Snyk ID: SNYK-COCOAPODS-YAMLCPP-471234
Disclosed: 03 Apr, 2017
Published: 02 Oct, 2019

Out-of-Bounds
Affecting yaml-cpp package, versions >0.0.0

Overview

Remediation

References

CVSS Score

Out-of-Bounds Affecting yaml-cpp package, versions >0.0.0

Overview

Remediation

References

Out-of-Bounds
Affecting yaml-cpp package, versions >0.0.0