CVE-2019-6292 (https://nvd.nist.gov/vuln/detail/CVE-2019-6292): An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file. CVE-2019-6285 (https://nvd.nist.gov/vuln/detail/CVE-2019-6285): The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
(In reply to GLSAMaker/CVETool Bot from comment #0) > CVE-2019-6285 (https://nvd.nist.gov/vuln/detail/CVE-2019-6285): > The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka > LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service > (stack consumption and application crash) via a crafted YAML file. Patches: https://github.com/jbeder/yaml-cpp/pull/807
That PR mentions fixing these too: CVE-2018-20573: The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. CVE-2018-20574: The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=9530f57129611ca33ca70dc96727466a082784e4 commit 9530f57129611ca33ca70dc96727466a082784e4 Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-07-07 01:19:02 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-07-27 02:18:13 +0000 dev-cpp/yaml-cpp: Revbump to add security patch Bug: https://bugs.gentoo.org/719150 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Signed-off-by: Sam James <sam@gentoo.org> .../files/yaml-cpp-0.6.3-fix-overflows.patch | 149 +++++++++++++++++++++ dev-cpp/yaml-cpp/yaml-cpp-0.6.3-r3.ebuild | 49 +++++++ 2 files changed, 198 insertions(+)
Should be OK to stable but let's give it a few days first because we've had problems in the past with this package.
sparc done
arm64 done
amd64 stable
x86 stable
ppc done
ppc64 done all arches done
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e80822e8f1fb71bcb7faec08eade7ba7171cb29b commit e80822e8f1fb71bcb7faec08eade7ba7171cb29b Author: Sam James <sam@gentoo.org> AuthorDate: 2020-08-30 05:51:18 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-08-30 05:51:18 +0000 dev-cpp/yaml-cpp: security cleanup Closes: https://bugs.gentoo.org/719150 Package-Manager: Portage-3.0.4, Repoman-3.0.1 Signed-off-by: Sam James <sam@gentoo.org> dev-cpp/yaml-cpp/yaml-cpp-0.6.3-r2.ebuild | 48 ------------------------------- 1 file changed, 48 deletions(-)