CVE-2024-3205

SOURCE - nist

Summary

A vulnerability was found in yaml libyaml up to 0.2.5 and classified as critical. Affected by this issue is the function yaml_emitter_emit_flow_sequence_item of the file /src/libyaml/src/emitter.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

EPSS Score⁠: 0.00045 (0.148)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-122⁠

Heap-based Buffer Overflow

SOURCE - redhat

CWE-122⁠

Heap-based Buffer Overflow

Sources (4)

Impacted images

debian

CREATED

2 months ago

UPDATED

2 months ago

SOURCE IDCVE-2024-3205⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
debian/libyaml	deb	debian	12	>=0.2.5-1	Not yet available
debian/libyaml	deb	debian	unstable	>=0.2.5-1	Not yet available
debian/libyaml	deb	debian	11	>=0.2.2-1	Not yet available
debian/libyaml	deb	debian	10	>=0.2.1-1	Not yet available
debian/libyaml	deb	debian	13	>=0.2.5-1	Not yet available

Severity and metrics

No CVSS data available from this source.

nist

CREATED

2 months ago

UPDATED

3 days ago

SOURCE IDCVE-2024-3205⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-122⁠

CVSS SCORE

7.3high

ubuntu

CREATED

2 months ago

UPDATED

4 days ago

SOURCE IDCVE-2024-3205⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

redhat

CREATED

2 months ago

UPDATED

2 months ago

SOURCE IDCVE-2024-3205⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-122⁠

CVSS SCORE

7.3medium