Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1152

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2012-1152
Last Modified 17 Mar 2015 09:59:10
Published 09 Sep 2012 05:55:05
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1152

Summary

Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function.

Vulnerable Systems

Application

  • Ingy Yaml%3a%3alibyaml 0.38


References

MISC - https://rt.cpan.org/Public/Bug/Display.html?id=75365

MISC - https://rt.cpan.org/Public/Bug/Display.html?id=46507

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=801738

XF - yaml-load-format-string(73856)

BID - 52381

MLIST - [oss-security] 20120309 Re: CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws

MLIST - [oss-security] 20120309 CVE Request -- libdbd-pg-perl / perl-DBD-Pg && libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws

DEBIAN - DSA-2432

SECUNIA - 48317

FEDORA - FEDORA-2012-4871

FEDORA - FEDORA-2012-5035

FEDORA - FEDORA-2012-4997

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661548

SUSE - openSUSE-SU-2012:1000

SECUNIA - 50277

SUSE - openSUSE-SU-2015:0319


Last Updated: 27 May 2016 11:00:32