Skip to content

Heap Based Buffer Overflow in libyaml

Critical severity GitHub Reviewed Published Aug 31, 2020 to the GitHub Advisory Database • Updated Sep 7, 2023

Package

npm libyaml (npm)

Affected versions

< 0.2.3

Patched versions

0.2.3

Description

Versions 0.2.2 and earlier depend on native libyaml version 0.1.5 or earlier. As such, they are affected by a heap-based buffer overflow vulnerability that may result in a crash or arbitrary code execution when parsing YAML tags.

Recommendation

  • Update to version 0.2.3 that includes a version of LibYAML that contains a fix for this issue.

References

Reviewed Aug 31, 2020
Published to the GitHub Advisory Database Aug 31, 2020
Last updated Sep 7, 2023

Severity

Critical

EPSS score

2.312%
(89th percentile)

Weaknesses

CVE ID

CVE-2013-6393

GHSA ID

GHSA-m75h-cghq-c8h5
Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.