CVE-2014-2525
libyaml-libyaml-perl - security update
EPSS 53.8%
Description
Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file.
How to fix CVE-2014-2525
To remediate CVE-2014-2525, upgrade the affected package to a fixed version below.
- Debian/libyaml—upgrade to 0.1.4-3.2 or later
- Debian/libyaml—upgrade to 0.1.3-1+deb6u4 or later
- Debian/libyaml-libyaml-perl—upgrade to 0.41-5 or later
- —upgrade to 0.33-1+squeeze3 or later
Is CVE-2014-2525 being exploited?
Likely — EPSS is 53.8%, placing CVE-2014-2525 in the top tier of vulnerabilities by exploitation probability. Prioritise patching.
Affected packages (4)
- from 0, < 0.1.4-3.2
- from 0, < 0.1.3-1+deb6u4
- from 0, < 0.41-5
- from 0, < 0.33-1+squeeze3