Overview

CVE-2014-2525 (LibYAML vulnerability could allow arbitrary code execution in a URI in a YAML file)

Posted April 15, 2014
Assessed Risk Level: Medium

For LibYAML versions before 0.1.6, heap-based buffer overflow in the `yaml_parser_scan_uri_escapes` could allow attackers to execute arbitrary code via a long sequence of percent-endcoded characters in a URI in a YAML file.

Status

Resolved in Puppet Enterprise 3.2.2

Overview

CVE-2014-2525 (LibYAML vulnerability could allow arbitrary code execution in a URI in a YAML file)

Posted April 15, 2014

Assessed Risk Level: Medium

Status