2272889 – (CVE-2024-3205) CVE-2024-3205 libyaml: Heap-Based Buffer Overflow

Bug 2272889 (CVE-2024-3205) - CVE-2024-3205 libyaml: Heap-Based Buffer Overflow

Summary: CVE-2024-3205 libyaml: Heap-Based Buffer Overflow

Keywords:
Status:	NEW
Alias:	CVE-2024-3205
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2272890 2272891 2272892 2272893
Blocks:	2272894
TreeView+	depends on / blocked

Reported:	2024-04-03 05:08 UTC by Avinash Hanwate
Modified:	2024-04-17 07:08 UTC (History)
CC List:	36 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in the libyaml library. A specially crafted YAML file can cause a heap-based buffer over-read in the yaml_emitter_emit_flow_sequence_item function in the src/emitter.c file, resulting in denial of service in the application linked to the library.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	yaml libyaml issues 289	0	None	open	How is this CVE-2024-3205 affected?	2024-04-03 12:08:47 UTC

Description Avinash Hanwate 2024-04-03 05:08:12 UTC

A vulnerability was found in yaml libyaml up to 0.2.5 and classified as critical. Affected by this issue is the function yaml_emitter_emit_flow_sequence_item of the file /src/libyaml/src/emitter.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

https://drive.google.com/drive/folders/1lwNEs8wqwkUV52f3uQNYMPrxRuXPtGQs?usp=sharing
https://vuldb.com/?ctiid.259052
https://vuldb.com/?id.259052
https://vuldb.com/?submit.304561

Comment 1 Avinash Hanwate 2024-04-03 05:09:53 UTC

Created R-yaml tracking bugs for this issue:

Affects: fedora-all [bug 2272891]


Created ghc-yaml tracking bugs for this issue:

Affects: epel-all [bug 2272890]


Created libyaml tracking bugs for this issue:

Affects: fedora-all [bug 2272892]


Created python-ruamel-yaml-clib tracking bugs for this issue:

Affects: fedora-all [bug 2272893]

Comment 4 Lumír Balhar 2024-04-17 07:08:17 UTC

It seems that it's not actually a vulnerability in libyaml but a bug or misuse of libyaml in the fuzzer. They will probably try to reject the CVE.

Analysis: https://github.com/yaml/libyaml/issues/258#issuecomment-2058613931
Issues for oss-fuzz: https://github.com/google/oss-fuzz/issues/11811 https://github.com/google/oss-fuzz/issues/11786

Note You need to log in before you can comment on or make changes to this bug.

aarif
agarcial
aoconnor
aprice
asegurap
bdettelb
caswilli
dfreiber
dhalasz
dkuc
drow
fjansen
hkataria
jburrell
jbuscemi
jmitchel
jsamir
jsherril
jtanner
kaycoth
kshier
lbalhar
luizcosta
mpierce
nweather
orabin
psegedy
sidakwo
stcannon
sthirugn
vkrizan
vkumar
vmugicag
xiaoxwan
yguenane
zzhou