GHSA-m75h-cghq-c8h5

Suggest an improvement
Source
https://github.com/advisories/GHSA-m75h-cghq-c8h5
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/08/GHSA-m75h-cghq-c8h5/GHSA-m75h-cghq-c8h5.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-m75h-cghq-c8h5
Aliases
Published
2020-08-31T22:51:50Z
Modified
2023-11-08T03:57:25.877815Z
Summary
Heap Based Buffer Overflow in libyaml
Details

Versions 0.2.2 and earlier depend on native libyaml version 0.1.5 or earlier. As such, they are affected by a heap-based buffer overflow vulnerability that may result in a crash or arbitrary code execution when parsing YAML tags.

Recommendation

  • Update to version 0.2.3 that includes a version of LibYAML that contains a fix for this issue.
References

Affected packages

npm / libyaml

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.2.3