Source: yaml-cpp Version: 0.5.3-0.2 Severity: important Tags: security upstream Forwarded: https://github.com/jbeder/yaml-cpp/issues/655 Control: clone -1 -2 Control: reassing -2 src:yaml-cpp0.3 0.3.0-1.2 Control: retitle -2 yaml-cpp0.3: CVE-2018-20573: Stack Overflow in Scanner::EnsureTokensInQueue()
Hi, The following vulnerability was published for yaml-cpp. CVE-2018-20573[0]: | The Scanner::EnsureTokensInQueue function in yaml-cpp (aka LibYaml-C++) | 0.6.2 allows remote attackers to cause a denial of service (stack | consumption and application crash) via a crafted YAML file. I was not able to exactly trigger the same code path, but the issue might be covered here. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2018-20573 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20573 [1] https://github.com/jbeder/yaml-cpp/issues/655 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
