Overview

CVE-2014-2525 (LibYAML vulnerability could allow arbitrary code execution in a URI in a YAML file)

  • Posted April 15, 2014

  • Assessed Risk Level: Medium

For LibYAML versions before 0.1.6, heap-based buffer overflow in the `yaml_parser_scan_uri_escapes` could allow attackers to execute arbitrary code via a long sequence of percent-endcoded characters in a URI in a YAML file.

Status

  • Resolved in Puppet Enterprise 3.2.2