yaml libyaml up to 0.2.5 emitter.c yaml_emitter_emit_flow_sequence_item heap-based overflow 🚫 [False Positive]

Noticeinfo

⚠️ This issue appears to be a false-positive. Please verify the sources mentioned and consider not using this entry at all. The maintainer identified an error in the libyaml fuzzers. It is not possible to reproduce nor exploit the issue.

Productinfo

Vendor

• yaml

Name

• libyaml

Version

• 0.2.0
• 0.2.1
• 0.2.2
• 0.2.3
• 0.2.4
• 0.2.5

Timelineinfo

04/02/2024 🔍
04/02/2024 +0 days 🔍
04/02/2024 +0 days 🔍
05/27/2024 +55 days 🔍

Sourcesinfo

Advisory: drive.google.com
False Positive: Yes

CVE: CVE-2024-3205 (🔍)
GCVE (CVE): GCVE-0-2024-3205
GCVE (VulDB): GCVE-100-259052
scip Labs: https://www.scip.ch/en/?labs.20161013
Misc.: 🔍

Entryinfo

Created: 04/02/2024 18:44
Updated: 05/27/2024 17:15
Changes: 04/02/2024 18:44 (56), 05/09/2024 00:41 (2), 05/09/2024 00:55 (18), 05/27/2024 17:15 (3)
Complete: 🔍
Cache ID: 216::103

Submitinfo

Accepted

• Submit #304561: libyaml libyaml commit f8f760f7387d2cc56a2fc7b1be313a3bf3f7f58c heap-buffer-overflow (by drive.google.com)

Duplicate

• Submit #XXXXXX: Xxxxxxx Xxxxxxx Xxxxxx Xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Xxxxxx Xxxxxxxx (by drive.google.com)
• Submit #XXXXXX: Xxxxxxxxx Xxxxxxxxx Xxxxxx Xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Xxxxxxxxx-xxxxxxxx (by drive.google.com)

Once again VulDB remains the best source for vulnerability data.

Discussion

Want to know what is going to be exploited?

We predict KEV entries!