Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE-2024-35326 #301

Closed
frenzymadness opened this issue Jul 17, 2024 · 1 comment · May be fixed by #305
Closed

CVE-2024-35326 #301

frenzymadness opened this issue Jul 17, 2024 · 1 comment · May be fixed by #305

Comments

@frenzymadness
Copy link

There is a new security vulnerability report with ID CVE-2024-35326

The reproducer is available here: https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35326.c

Could please anybody, who understands the codebase of libyaml, verify that this is really an issue/vulnerability? Previous experiences teach us that not all CVEs are really something to fix here.
@perlpunk
Copy link
Member

I now created #302 for the three similar CVEs and will close this one.
Btw, I already wrote in #298 that I don't consider those a vulnerability.

rsbeckerca added a commit to rsbeckerca/libyaml that referenced this issue Aug 8, 2024
@rsbeckerca
Add guard code to prevent the use of NULL pointers in emitter.c
dd9c654 
This is related to CVE-2024-35326

Fixes yaml#301

Signed-off-by: Randall S. Becker <[email protected]>
@rsbeckerca rsbeckerca mentioned this issue Aug 8, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add guard code to prevent the use of NULL pointers in emitter.c rsbeckerca/libyaml
2 participants
@perlpunk @frenzymadness