Posted February 10, 2014
Assessed Risk Level: High
A flaw in the way `libyaml` parsed YAML tags could lead to a heap-based buffer overflow. An attacker could submit a YAML document that, when parsed by an application using `libyaml`, would cause the application to crash or potentially execute malicious code. This has been patched in PE 3.1.3.
- Affected Versions: Puppet Enterprise 3.0.x, 3.1.x
- Resolved in Puppet Enterprise 3.1.3