{ "threat_severity" : "Moderate", "public_date" : "2014-11-26T00:00:00Z", "bugzilla" : { "description" : "libyaml: assert failure when processing wrapped strings", "id" : "1169369", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1169369" }, "cvss" : { "cvss_base_score" : "4.3", "cvss_scoring_vector" : "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status" : "verified" }, "cwe" : "CWE-617", "details" : [ "scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.", "An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash." ], "affected_release" : [ { "product_name" : "OpenStack 4 for RHEL 6", "release_date" : "2015-02-23T00:00:00Z", "advisory" : "RHSA-2015:0260", "cpe" : "cpe:/a:redhat:openstack:4::el6", "package" : "libyaml-0:0.1.3-4.el6_6" }, { "product_name" : "Red Hat Enterprise Linux 6", "release_date" : "2015-01-28T00:00:00Z", "advisory" : "RHSA-2015:0100", "cpe" : "cpe:/o:redhat:enterprise_linux:6", "package" : "libyaml-0:0.1.3-4.el6_6" }, { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2015-01-28T00:00:00Z", "advisory" : "RHSA-2015:0100", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "libyaml-0:0.1.4-11.el7_0" }, { "product_name" : "Red Hat Enterprise Linux OpenStack Platform 5.0 (Icehouse) for RHEL 6", "release_date" : "2015-02-23T00:00:00Z", "advisory" : "RHSA-2015:0260", "cpe" : "cpe:/a:redhat:openstack:5::el6", "package" : "libyaml-0:0.1.3-4.el6_6" }, { "product_name" : "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6", "release_date" : "2015-02-02T00:00:00Z", "advisory" : "RHSA-2015:0112", "cpe" : "cpe:/a:redhat:rhel_software_collections:1::el6", "package" : "libyaml-0:0.1.3-4.el6_6" }, { "product_name" : "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.4 EUS", "release_date" : "2015-02-02T00:00:00Z", "advisory" : "RHSA-2015:0112", "cpe" : "cpe:/a:redhat:rhel_software_collections:1::el6", "package" : "libyaml-0:0.1.3-4.el6_6" }, { "product_name" : "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.5 EUS", "release_date" : "2015-02-02T00:00:00Z", "advisory" : "RHSA-2015:0112", "cpe" : "cpe:/a:redhat:rhel_software_collections:1::el6", "package" : "libyaml-0:0.1.3-4.el6_6" }, { "product_name" : "Red Hat Software Collections 1 for Red Hat Enterprise Linux 6.6 EUS", "release_date" : "2015-02-02T00:00:00Z", "advisory" : "RHSA-2015:0112", "cpe" : "cpe:/a:redhat:rhel_software_collections:1::el6", "package" : "libyaml-0:0.1.3-4.el6_6" } ], "package_state" : [ { "product_name" : "CloudForms Management Engine 5", "fix_state" : "Not affected", "package_name" : "mingw-libyaml", "cpe" : "cpe:/a:redhat:cloudforms_managementengine:5" }, { "product_name" : "Red Hat Enterprise MRG 1", "fix_state" : "Will not fix", "package_name" : "libyaml", "cpe" : "cpe:/a:redhat:enterprise_mrg:1" }, { "product_name" : "Red Hat Enterprise MRG 2", "fix_state" : "Will not fix", "package_name" : "libyaml", "cpe" : "cpe:/a:redhat:enterprise_mrg:2" }, { "product_name" : "Red Hat Satellite 5", "fix_state" : "Fix deferred", "package_name" : "libyaml", "cpe" : "cpe:/a:redhat:network_satellite:5" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Fix deferred", "package_name" : "libyaml", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Satellite 6", "fix_state" : "Fix deferred", "package_name" : "ruby193-libyaml", "cpe" : "cpe:/a:redhat:satellite:6" }, { "product_name" : "Red Hat Subscription Asset Manager", "fix_state" : "Fix deferred", "package_name" : "libyaml", "cpe" : "cpe:/a:rhel_sam:1" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-9130\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-9130" ], "name" : "CVE-2014-9130", "csaw" : false }