Your submission was sent successfully! Close

Thank you for contacting us. A member of our team will be in touch shortly. Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

Search CVE reports

Toggle filters

1 – 7 of 7 results

CVE-2024-35326

Medium priority
Ignored

libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issue is the function yaml_emitter_emit of the file /src/libyaml/src/emitter.c. The manipulation leads to a double-free.

4 affected packages

golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-goyaml Not in release Not in release Not in release Not affected
golang-yaml.v2 Not affected Not affected Not affected Not affected Not affected
libyaml Not affected Not affected Not affected Not affected Not affected
libyaml-libyaml-perl Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-35325

Medium priority
Ignored

A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free.

4 affected packages

golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-goyaml Not in release Not in release Not in release Not affected
golang-yaml.v2 Not affected Not affected Not affected Not affected Not affected
libyaml Not affected Not affected Not affected Not affected Not affected
libyaml-libyaml-perl Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-35328

Medium priority
Ignored

libyaml v0.2.5 is vulnerable to DDOS. Affected by this issue is the function yaml_parser_parse of the file /src/libyaml/src/parser.c.

4 affected packages

golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-goyaml Not in release Not in release Not in release Not affected
golang-yaml.v2 Not affected Not affected Not affected Not affected Not affected
libyaml Not affected Not affected Not affected Not affected Not affected
libyaml-libyaml-perl Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2024-35329

Medium priority
Ignored

** DISPUTED ** libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application,...

4 affected packages

golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-goyaml Not in release Not in release Not in release Not affected
golang-yaml.v2 Not affected Not affected Not affected Not affected Not affected
libyaml Not affected Not affected Not affected Not affected Not affected
libyaml-libyaml-perl Not affected Not affected Not affected Not affected Not affected
Show less packages

CVE-2022-3064

Medium priority

Some fixes available 3 of 30

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.

6 affected packages

golang-github-coreos-discovery-etcd-io, golang-gopkg-yaml.v3, golang-yaml.v2, kubernetes, singularity-container, webhook

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-github-coreos-discovery-etcd-io Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
golang-gopkg-yaml.v3 Not affected Not affected Not in release Not in release Ignored
golang-yaml.v2 Not affected Not affected Fixed Fixed Fixed
kubernetes Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
singularity-container Needs evaluation Not in release Not in release Needs evaluation Ignored
webhook Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2021-4235

Medium priority

Some fixes available 3 of 30

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.

6 affected packages

golang-github-coreos-discovery-etcd-io, golang-gopkg-yaml.v3, golang-yaml.v2, kubernetes, singularity-container, webhook

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-github-coreos-discovery-etcd-io Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
golang-gopkg-yaml.v3 Not affected Not affected Not in release Not in release Ignored
golang-yaml.v2 Not affected Not affected Fixed Fixed Fixed
kubernetes Needs evaluation Needs evaluation Needs evaluation Not in release Ignored
singularity-container Needs evaluation Not in release Not in release Needs evaluation Ignored
webhook Needs evaluation Needs evaluation Needs evaluation Needs evaluation Ignored
Show less packages

CVE-2022-28948

Medium priority

Some fixes available 4 of 12

An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.

4 affected packages

golang-gopkg-yaml.v3, golang-goyaml, golang-yaml.v2, snapd

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
golang-gopkg-yaml.v3 Not affected Needs evaluation Not in release Not in release Not in release
golang-goyaml Not in release Not in release Not in release Not in release Not affected
golang-yaml.v2 Not affected Not affected Not affected Not affected Not affected
snapd Fixed Fixed Fixed Vulnerable Needs evaluation
Show less packages