{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-11-24T00:00:00", "descriptions": [{"lang": "en", "value": "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-08T10:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "openSUSE-SU-2014:0273", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html"}, {"name": "DSA-2870", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-2870"}, {"name": "APPLE-SA-2014-10-16-3", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033990"}, {"name": "APPLE-SA-2014-04-22-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"}, {"name": "102716", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/102716"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff"}, {"name": "MDVSA-2015:060", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"}, {"name": "65258", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/65258"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://advisories.mageia.org/MGASA-2014-0040.html"}, {"name": "openSUSE-SU-2015:0319", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"}, {"name": "RHSA-2014:0355", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"}, {"name": "openSUSE-SU-2014:0272", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html"}, {"name": "RHSA-2014:0354", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT6536"}, {"name": "openSUSE-SU-2016:1067", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"}, {"name": "DSA-2850", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2014/dsa-2850"}, {"name": "RHSA-2014:0353", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://puppet.com/security/cve/cve-2013-6393"}, {"name": "USN-2098-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2098-1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2013-6393", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "openSUSE-SU-2014:0273", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html"}, {"name": "DSA-2870", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2870"}, {"name": "APPLE-SA-2014-10-16-3", "refsource": "APPLE", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1033990", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033990"}, {"name": "APPLE-SA-2014-04-22-1", "refsource": "APPLE", "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"}, {"name": "102716", "refsource": "OSVDB", "url": "http://osvdb.org/102716"}, {"name": "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff", "refsource": "MISC", "url": "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff"}, {"name": "MDVSA-2015:060", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"}, {"name": "65258", "refsource": "BID", "url": "http://www.securityfocus.com/bid/65258"}, {"name": "http://advisories.mageia.org/MGASA-2014-0040.html", "refsource": "CONFIRM", "url": "http://advisories.mageia.org/MGASA-2014-0040.html"}, {"name": "openSUSE-SU-2015:0319", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"}, {"name": "RHSA-2014:0355", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"}, {"name": "openSUSE-SU-2014:0272", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html"}, {"name": "RHSA-2014:0354", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"}, {"name": "https://support.apple.com/kb/HT6536", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT6536"}, {"name": "openSUSE-SU-2016:1067", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"}, {"name": "DSA-2850", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2014/dsa-2850"}, {"name": "RHSA-2014:0353", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"}, {"name": "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5", "refsource": "CONFIRM", "url": "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5"}, {"name": "https://puppet.com/security/cve/cve-2013-6393", "refsource": "CONFIRM", "url": "https://puppet.com/security/cve/cve-2013-6393"}, {"name": "USN-2098-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2098-1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T17:39:01.258Z"}, "title": "CVE Program Container", "references": [{"name": "openSUSE-SU-2014:0273", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html"}, {"name": "DSA-2870", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-2870"}, {"name": "APPLE-SA-2014-10-16-3", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033990"}, {"name": "APPLE-SA-2014-04-22-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"}, {"name": "102716", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/102716"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff"}, {"name": "MDVSA-2015:060", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"}, {"name": "65258", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/65258"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://advisories.mageia.org/MGASA-2014-0040.html"}, {"name": "openSUSE-SU-2015:0319", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"}, {"name": "RHSA-2014:0355", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"}, {"name": "openSUSE-SU-2014:0272", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html"}, {"name": "RHSA-2014:0354", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT6536"}, {"name": "openSUSE-SU-2016:1067", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"}, {"name": "DSA-2850", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2014/dsa-2850"}, {"name": "RHSA-2014:0353", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://puppet.com/security/cve/cve-2013-6393"}, {"name": "USN-2098-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2098-1"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2013-6393", "datePublished": "2014-02-06T22:00:00", "dateReserved": "2013-11-04T00:00:00", "dateUpdated": "2024-08-06T17:39:01.258Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pyyaml:libyaml:*:*:*:*:*:*:*:*", "matchCriteriaId": "64CF0E49-704A-4190-9BA8-6332F1B12430", "versionEndIncluding": "0.1.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:pyyaml:libyaml:0.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "7F454F77-1AB1-44CF-8E1F-47BD71966CB8", "vulnerable": true}, {"criteria": "cpe:2.3:a:pyyaml:libyaml:0.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "2F2A3FC6-ADD6-4890-A91E-7B42138CB1B4", "vulnerable": true}, {"criteria": "cpe:2.3:a:pyyaml:libyaml:0.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "A7892D90-243C-4588-92D0-F49B3443B3DB", "vulnerable": true}, {"criteria": "cpe:2.3:a:pyyaml:libyaml:0.1.3:*:*:*:*:*:*:*", "matchCriteriaId": "9759A8FD-7010-4D10-9E26-A03FDDDA187B", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*", "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:13.10:*:*:*:*:*:*:*", "matchCriteriaId": "7F61F047-129C-41A6-8A27-FFCBB8563E91", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:openstack:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "6533B15B-F748-4A5D-AB86-31D38DFAE60F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:openstack:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "1802FDB8-C919-4D5E-A8AD-4C5B72525090", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "matchCriteriaId": "4863BE36-D16A-4D75-90D9-FD76DB5B48B7", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "DE554781-1EB9-446E-911F-6C11970C47F4", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow."}, {"lang": "es", "value": "La funci\u00f3n yaml_parser_scan_tag_uri en scanner.c en LibYAML anterior a 0.1.5 lleva a cabo un \"cast\" incorrecto, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda de la aplicaci\u00f3n) y probablemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de etiquetas manipuladas en YAML."}], "id": "CVE-2013-6393", "lastModified": "2024-11-21T01:59:08.313", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-02-06T22:55:03.217", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://advisories.mageia.org/MGASA-2014-0040.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/102716"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2014/dsa-2850"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2014/dsa-2870"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/65258"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2098-1"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033990"}, {"source": "secalert@redhat.com", "url": "https://puppet.com/security/cve/cve-2013-6393"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT6536"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://advisories.mageia.org/MGASA-2014-0040.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/102716"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0353.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0354.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2014-0355.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2014/dsa-2850"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2014/dsa-2870"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:060"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/65258"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-2098-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bitbucket.org/xi/libyaml/commits/tag/0.1.5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033990"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://puppet.com/security/cve/cve-2013-6393"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT6536"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Florian Weimer (Red Hat Product Security Team).", "affected_release": [{"advisory": "RHSA-2014:0353", "cpe": "cpe:/a:redhat:openstack:3::el6", "package": "libyaml-0:0.1.3-1.4.el6", "product_name": "OpenStack 3 for RHEL 6", "release_date": "2014-04-02T00:00:00Z"}, {"advisory": "RHSA-2014:0364", "cpe": "cpe:/a:redhat:openstack:3::el6", "package": "ruby193-libyaml-0:0.1.4-5.1.el6", "product_name": "OpenStack 3 for RHEL 6", "release_date": "2014-04-03T00:00:00Z"}, {"advisory": "RHSA-2014:0354", "cpe": "cpe:/a:redhat:openstack:4::el6", "package": "libyaml-0:0.1.3-1.4.el6", "product_name": "OpenStack 4 for RHEL 6", "release_date": "2014-04-02T00:00:00Z"}, {"advisory": "RHSA-2014:0415", "cpe": "cpe:/a:redhat:rhel_common:6::el6", "package": "libyaml-0:0.1.3-1.4.el6", "product_name": "Red Hat Common for RHEL 6", "release_date": "2014-04-17T00:00:00Z"}, {"advisory": "RHSA-2014:0355", "cpe": "cpe:/a:redhat:rhel_software_collections:1::el6", "package": "ruby193-libyaml-0:0.1.4-5.1.el6", "product_name": "Red Hat Software Collections for RHEL-6", "release_date": "2014-04-02T00:00:00Z"}], "bugzilla": {"description": "libyaml: heap-based buffer overflow when parsing YAML tags", "id": "1033990", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1033990"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:A/AC:H/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-122", "details": ["The yaml_parser_scan_tag_uri function in scanner.c in LibYAML before 0.1.5 performs an incorrect cast, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted tags in a YAML document, which triggers a heap-based buffer overflow."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2013-6393", "package_state": [{"cpe": "cpe:/a:redhat:cloudforms_managementengine:5", "fix_state": "Not affected", "package_name": "ruby193-libyaml", "product_name": "CloudForms Management Engine 5"}, {"cpe": "cpe:/a:redhat:openshift:1", "fix_state": "Will not fix", "package_name": "ruby193-libyaml", "product_name": "OpenShift Enterprise 1"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "libyaml", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "libyaml", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:1", "fix_state": "Will not fix", "package_name": "libyaml", "product_name": "Red Hat Enterprise MRG 1"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Will not fix", "package_name": "libyaml", "product_name": "Red Hat Enterprise MRG 2"}, {"cpe": "cpe:/a:redhat:network_satellite:5.3", "fix_state": "Will not fix", "package_name": "libyaml", "product_name": "Red Hat Satellite 5.3"}, {"cpe": "cpe:/a:redhat:network_satellite:5.4", "fix_state": "Will not fix", "package_name": "libyaml", "product_name": "Red Hat Satellite 5.4"}, {"cpe": "cpe:/a:redhat:network_satellite:5.5", "fix_state": "Will not fix", "package_name": "libyaml", "product_name": "Red Hat Satellite 5.5"}, {"cpe": "cpe:/a:redhat:network_satellite:5.6", "fix_state": "Will not fix", "package_name": "libyaml", "product_name": "Red Hat Satellite 5.6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "libyaml", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "ruby193-libyaml", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:1", "fix_state": "Affected", "package_name": "libyaml", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:rhel_sam:1", "fix_state": "Will not fix", "package_name": "libyaml", "product_name": "Red Hat Subscription Asset Manager"}, {"cpe": "cpe:/a:redhat:rhui:2", "fix_state": "Will not fix", "package_name": "libyaml", "product_name": "RHUI for RHEL 6"}], "public_date": "2014-01-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-6393\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-6393"], "statement": "The Red Hat security response team has rated this issue as having low security impact in Red Hat Enterpise MRG 1 and 2, CloudForms 3, and Red Hat Network Satellite 5. This issue is not currently planned to be addressed in future updates.Redhat satellite 6 does not ship libyaml\nThe Red Hat security response team has rated this issue as having low security impact in Red Hat Update Infrastructure. A future update may address this issue. \nThe Red Hat security response team has rated this issue as having moderate security impact in Subscription Asset Manager 1. A future update may address this issue.\nFor additional information, refer to the Issue Severity Classification:\nhttps://access.redhat.com/security/updates/classification/", "threat_severity": "Moderate", "upstream_fix": "libyaml 0.1.5"}