Perl YAML-LibYAML Module 'perl_libyaml.c' Multiple Format String Vulnerabilities

Bugtraq ID:	52381
Class:	Input Validation Error
CVE:	CVE-2012-1152
Remote:	Yes
Local:	No
Published:	Mar 09 2012 12:00AM
Updated:	May 02 2017 01:08AM
Credit:	Dominic Hargreaves
Vulnerable:	Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 CPAN YAML-LibYAML 0.38 CPAN YAML-LibYAML 0.33-1
Not Vulnerable:

Perl YAML-LibYAML Module 'perl_libyaml.c' Multiple Format String Vulnerabilities

Perl YAML-LibYAML module is prone to multiple format-string vulnerabilities.

An attacker may exploit these issues to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.

Perl YAML-LibYAML 0.38 is vulnerable; other versions may also be affected.

Perl YAML-LibYAML Module 'perl_libyaml.c' Multiple Format String Vulnerabilities

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Perl YAML-LibYAML Module 'perl_libyaml.c' Multiple Format String Vulnerabilities

Solution:
Updates are available. Please see the references for more information.

Perl YAML-LibYAML Module 'perl_libyaml.c' Multiple Format String Vulnerabilities

References:

• ingydotnet/yaml-libyaml-pm (ingydotnet)
  
• libyaml-libyaml-perl: FTBFS with hardening flags enabled: -Werror=format-securit (Dominic Hargreaves)
  
• YAML-LibYAML Homepage (CPAN)