| Summary: | dev-cpp/yaml-cpp: remote dos via crafted YAML file in function SingleDocParser::HandleFlowSequence | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED INVALID | ||
| Severity: | minor | CC: | johu |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1686723 | ||
| Whiteboard: | B3 [upstream cve] | ||
| Package list: | Runtime testing required: | --- | |
> ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2019-6285. Reason: This candidate is a duplicate of CVE-2019-6285. A typo caused the wrong ID to be used. Notes: All CVE users should reference CVE-2019-6285 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
|
From ${URL} : The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. Reference: https://github.com/jbeder/yaml-cpp/issues/660 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.