Source: yaml-cpp Version: 0.5.3-0.2 Severity: grave Tags: security Forwarded: https://github.com/jbeder/yaml-cpp/issues/654 Control: clone -1 -2 Control: reassign -2 src:yaml-cpp0.3 0.3.0-1.2 Control: retitle -2 yaml-cpp0.3: CVE-2018-20574: Stack Overflow in SingleDocParser::HandleFlowMap()
Hi, The following vulnerability was published for yaml-cpp. CVE-2018-20574[0]: | The SingleDocParser::HandleFlowMap function in yaml-cpp (aka | LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service | (stack consumption and application crash) via a crafted YAML file. The issue looks similar to CVE-2017-5950, but it is triggered in different part, thus I think the two distinct CVEs seems valid. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-20574 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20574 [1] https://github.com/jbeder/yaml-cpp/issues/654 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
