Overview

CVE-2013-6393 (Threat of denial of service and potential for arbitrary code execution due to a flaw in libyaml)

  • Posted February 10, 2014

  • Assessed Risk Level: High

A flaw in the way `libyaml` parsed YAML tags could lead to a heap-based buffer overflow. An attacker could submit a YAML document that, when parsed by an application using `libyaml`, would cause the application to crash or potentially execute malicious code. This has been patched in PE 3.1.3.

Status

  • Affected Versions: Puppet Enterprise 3.0.x, 3.1.x
  • Resolved in Puppet Enterprise 3.1.3