CVE-2012-1152
libyaml-libyaml-perl - format string vulnerability
EPSS 3.9%
Description
Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function.
How to fix CVE-2012-1152
To remediate CVE-2012-1152, upgrade the affected package to a fixed version below.
- Debian/libyaml-libyaml-perl—upgrade to 0.38-2 or later
- —upgrade to 0.33-1+squeeze1 or later
Is CVE-2012-1152 being exploited?
Low — EPSS is 3.9%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.38-2
- from 0, < 0.33-1+squeeze1