Bug 2272889 (CVE-2024-3205) - CVE-2024-3205 libyaml: Heap-Based Buffer Overflow
Summary: CVE-2024-3205 libyaml: Heap-Based Buffer Overflow
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2024-3205
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2272890 2272891 2272892 2272893
Blocks: 2272894
TreeView+ depends on / blocked
 
Reported: 2024-04-03 05:08 UTC by Avinash Hanwate
Modified: 2024-06-03 06:01 UTC (History)
36 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the libyaml library. A specially crafted YAML file can cause a heap-based buffer over-read in the yaml_emitter_emit_flow_sequence_item function in the src/emitter.c file, resulting in denial of service in the application linked to the library.
Clone Of:
Environment:
Last Closed: 2024-06-03 06:01:03 UTC
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github yaml libyaml issues 289 0 None open How is this CVE-2024-3205 affected? 2024-04-03 12:08:47 UTC

Description Avinash Hanwate 2024-04-03 05:08:12 UTC
A vulnerability was found in yaml libyaml up to 0.2.5 and classified as critical. Affected by this issue is the function yaml_emitter_emit_flow_sequence_item of the file /src/libyaml/src/emitter.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

https://drive.google.com/drive/folders/1lwNEs8wqwkUV52f3uQNYMPrxRuXPtGQs?usp=sharing
https://vuldb.com/?ctiid.259052
https://vuldb.com/?id.259052
https://vuldb.com/?submit.304561

Comment 1 Avinash Hanwate 2024-04-03 05:09:53 UTC
Created R-yaml tracking bugs for this issue:

Affects: fedora-all [bug 2272891]


Created ghc-yaml tracking bugs for this issue:

Affects: epel-all [bug 2272890]


Created libyaml tracking bugs for this issue:

Affects: fedora-all [bug 2272892]


Created python-ruamel-yaml-clib tracking bugs for this issue:

Affects: fedora-all [bug 2272893]

Comment 4 Lumír Balhar 2024-04-17 07:08:17 UTC
It seems that it's not actually a vulnerability in libyaml but a bug or misuse of libyaml in the fuzzer. They will probably try to reject the CVE.

Analysis: https://github.com/yaml/libyaml/issues/258#issuecomment-2058613931
Issues for oss-fuzz: https://github.com/google/oss-fuzz/issues/11811 https://github.com/google/oss-fuzz/issues/11786

Comment 5 Charalampos Stratakis 2024-05-16 15:46:47 UTC
Also upstream has rejected this CVE: https://github.com/yaml/libyaml/issues/258#issuecomment-2063497383

Avinash what's the next steps? Can we remove the trackers and the bugs?


Note You need to log in before you can comment on or make changes to this bug.