CVE-2024-3205

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-3205
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The maintainer identified an error in the libyaml fuzzers. It is not possible to reproduce nor exploit the issue.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

27 May 2024, 15:15

Type Values Removed Values Added
CVSS v2 : 7.5
v3 : 7.3 		v2 : unknown
v3 : unknown
CWE CWE-122
References
  • {'url': 'https://drive.google.com/drive/folders/1lwNEs8wqwkUV52f3uQNYMPrxRuXPtGQs?usp=sharing', 'source': 'cna@vuldb.com'}
  • {'url': 'https://vuldb.com/?ctiid.259052', 'source': 'cna@vuldb.com'}
  • {'url': 'https://vuldb.com/?id.259052', 'source': 'cna@vuldb.com'}
  • {'url': 'https://vuldb.com/?submit.304561', 'source': 'cna@vuldb.com'}
Summary
  • (es) Una vulnerabilidad fue encontrada en yaml libyaml hasta 0.2.5 y clasificada como crítica. La función yaml_emitter_emit_flow_sequence_item del archivo /src/libyaml/src/emitter.c es afectada por esta vulnerabilidad. La manipulación conduce a un desbordamiento de búfer de almacenamiento dinámico. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-259052. NOTA: Se contactó primeramente al proveedor sobre esta divulgación, pero no respondió de ninguna manera.
Summary (en) A vulnerability was found in yaml libyaml up to 0.2.5 and classified as critical. Affected by this issue is the function yaml_emitter_emit_flow_sequence_item of the file /src/libyaml/src/emitter.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. (en) Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The maintainer identified an error in the libyaml fuzzers. It is not possible to reproduce nor exploit the issue.

02 Apr 2024, 23:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-04-02 23:15

Updated : 2024-05-27 15:15

NVD link : CVE-2024-3205

Mitre link : CVE-2024-3205

CVE.ORG link : CVE-2024-3205

JSON object : View

Products Affected

No product.

CWE

No CWE.