CVE-2013-6393: Buffer Overflow
First published: Mon Nov 25 2013(Updated: )
A heap-based buffer overflow flaw was found in the way libyaml parsed YAML tags. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Acknowledgements: This issue was discovered by Florian Weimer of the Red Hat Product Security Team.
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| npm/libyaml | <0.2.3 | 0.2.3 |
| redhat/libyaml | <0.1.5 | 0.1.5 |
| <=0.1.4 | ||
| =0.0.1 | ||
| =0.1.1 | ||
| =0.1.2 | ||
| =0.1.3 | ||
| =12.04 | ||
| =12.10 | ||
| =13.10 | ||
| =3.0 | ||
| =4.0 | ||
| =6.0 | ||
| =7.0 | ||
| =42.1 | ||
| =11.4 | ||
| =13.1 | ||
| =13.2 | ||
| Pyyaml Libyaml | <=0.1.4 | |
| Pyyaml Libyaml | =0.0.1 | |
| Pyyaml Libyaml | =0.1.1 | |
| Pyyaml Libyaml | =0.1.2 | |
| Pyyaml Libyaml | =0.1.3 | |
| Canonical Ubuntu Linux | =12.04 | |
| Canonical Ubuntu Linux | =12.10 | |
| Canonical Ubuntu Linux | =13.10 | |
| Redhat Openstack | =3.0 | |
| Redhat Openstack | =4.0 | |
| Debian Debian Linux | =6.0 | |
| Debian Debian Linux | =7.0 | |
| openSUSE Leap | =42.1 | |
| openSUSE openSUSE | =11.4 | |
| openSUSE openSUSE | =13.1 | |
| openSUSE openSUSE | =13.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bitbucket.org/xi/libyaml/commits/bce8b60f0b9af69fa9fab3093d0a41ba243de048
- https://www.npmjs.com/advisories/21
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-6393
- https://nvd.nist.gov/vuln/detail/CVE-2013-6393
- https://bitbucket.org/xi/libyaml/commits/tag/0.1.5
- https://bugzilla.redhat.com/attachment.cgi?id=847926&action=diff
- https://bugzilla.redhat.com/show_bug.cgi?id=1033990
- https://puppet.com/security/cve/cve-2013-6393
- https://support.apple.com/kb/HT6536
- http://advisories.mageia.org/MGASA-2014-0040.html
- http://archives.neohapsis.com/archives/bugtraq/2014-04/0134.html
- http://archives.neohapsis.com/archives/bugtraq/2014-10/0103.html
- http://lists.opensuse.org/opensuse-updates/2014-02/msg00064.html
- http://lists.opensuse.org/opensuse-updates/2014-02/msg00065.html
- http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html
- http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html
- http://rhn.redhat.com/errata/RHSA-2014-0353.html
- http://rhn.redhat.com/errata/RHSA-2014-0354.html
- http://rhn.redhat.com/errata/RHSA-2014-0355.html
- http://www.debian.org/security/2014/dsa-2850
- http://www.debian.org/security/2014/dsa-2870
- http://www.ubuntu.com/usn/USN-2098-1
- https://web.archive.org/web/20140302205713/http://www.securityfocus.com/bid/65258
- https://web.archive.org/web/20150523055002/http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2015:060/?name=MDVSA-2015:060
- https://github.com/advisories/GHSA-m75h-cghq-c8h5 (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=847926&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=847926&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=847934&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=847934&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=856317&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=856317&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1033990#c12
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1059009
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1059010
- https://access.redhat.com/security/updates/classification/
- https://bitbucket.org/xi/libyaml/get/0.1.5.tar.gz
- https://bitbucket.org/xi/libyaml/commits/all
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1063866
- https://access.redhat.com/security/cve/CVE-2013-6393
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1063867
- https://bitbucket.org/xi/libyaml/commits/f859ed1eb757a3562b98a28a8ce69274bfd4b3f2
- https://bitbucket.org/xi/libyaml/commits/af3599437a87162554787c52d8b16eab553f537b
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1033990#c30
- https://bitbucket.org/xi/libyaml/commits/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1078083#c20
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1081385
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1081386
- https://rhn.redhat.com/errata/RHSA-2014-0355.html
- https://rhn.redhat.com/errata/RHSA-2014-0354.html
- https://rhn.redhat.com/errata/RHSA-2014-0353.html
- https://rhn.redhat.com/errata/RHSA-2014-0364.html
- https://rhn.redhat.com/errata/RHSA-2014-0415.html
- https://access.redhat.com/support/policy/updates/rhui
- http://osvdb.org/102716
- http://www.mandriva.com/security/advisories?name=MDVSA-2015:060
- http://www.securityfocus.com/bid/65258
- collector/github-advisory-latest
- alias/GHSA-m75h-cghq-c8h5
- alias/CVE-2013-6393
- collector/github-advisory
- collector/nvd-cve
- agent/type
- agent/first-publish-date
- agent/author
- agent/references
- agent/weakness
- agent/remedy
- agent/severity
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- agent/software-canonical-lookup
- package-manager/npm
- vendor/pyyaml
- vendor/canonical
- vendor/redhat
- vendor/debian
- vendor/opensuse
- canonical/pyyaml libyaml
- version/pyyaml libyaml/0.1.4
- version/pyyaml libyaml/0.0.1
- version/pyyaml libyaml/0.1.1
- version/pyyaml libyaml/0.1.2
- version/pyyaml libyaml/0.1.3
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/12.04
- version/canonical ubuntu linux/12.10
- version/canonical ubuntu linux/13.10
- canonical/redhat openstack
- version/redhat openstack/3.0
- version/redhat openstack/4.0
- canonical/debian debian linux
- version/debian debian linux/6.0
- version/debian debian linux/7.0
- canonical/opensuse leap
- version/opensuse leap/42.1
- canonical/opensuse opensuse
- version/opensuse opensuse/11.4
- version/opensuse opensuse/13.1
- version/opensuse opensuse/13.2
- package-manager/redhat