QwikSec

Security Database

CVE

CWE

Training

CVE-2012-1152

Published: Sep 9, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20120309 Re: CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws

mailing-list

x_refsource_MLIST

openSUSE-SU-2012:1000

vendor-advisory

x_refsource_SUSE

FEDORA-2012-4997

vendor-advisory

x_refsource_FEDORA

third-party-advisory

x_refsource_SECUNIA

FEDORA-2012-5035

vendor-advisory

x_refsource_FEDORA

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661548

x_refsource_MISC

openSUSE-SU-2015:0319

vendor-advisory

x_refsource_SUSE

vdb-entry

x_refsource_BID

yaml-load-format-string(73856)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

[oss-security] 20120309 CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws

mailing-list

x_refsource_MLIST

FEDORA-2012-4871

vendor-advisory

x_refsource_FEDORA

https://rt.cpan.org/Public/Bug/Display.html?id=75365

x_refsource_MISC

https://rt.cpan.org/Public/Bug/Display.html?id=46507

x_refsource_MISC

vendor-advisory

x_refsource_DEBIAN

https://bugzilla.redhat.com/show_bug.cgi?id=801738

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.