Candidate: CVE-2019-6285
PublicDate: 2019-01-14 22:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6285
Description:
 The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka
 LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service
 (stack consumption and application crash) via a crafted YAML file.
Ubuntu-Description:
Notes:
 mdeslaur> same commit as CVE-2018-20573
Bugs:
 https://github.com/jbeder/yaml-cpp/issues/660
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919432
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM]

Patches_yaml-cpp0.3:
upstream_yaml-cpp0.3: needs-triage
precise/esm_yaml-cpp0.3: DNE
trusty_yaml-cpp0.3: ignored (reached end-of-life)
trusty/esm_yaml-cpp0.3: DNE (trusty was needs-triage)
xenial_yaml-cpp0.3: ignored (end of standard support, was needs-triage)
bionic_yaml-cpp0.3: needs-triage
cosmic_yaml-cpp0.3: ignored (reached end-of-life)
disco_yaml-cpp0.3: DNE
eoan_yaml-cpp0.3: DNE
focal_yaml-cpp0.3: DNE
groovy_yaml-cpp0.3: DNE
hirsute_yaml-cpp0.3: DNE
impish_yaml-cpp0.3: DNE
jammy_yaml-cpp0.3: DNE
devel_yaml-cpp0.3: DNE

Patches_yaml-cpp:
 upstream: https://github.com/jbeder/yaml-cpp/commit/4edff1fa5dbfca16fc72d89870841bee89f8ef89
upstream_yaml-cpp: released (0.6.3-1)
precise/esm_yaml-cpp: DNE
trusty_yaml-cpp: ignored (out of standard support)
trusty/esm_yaml-cpp: needed
xenial_yaml-cpp: ignored (end of standard support, was needed)
bionic_yaml-cpp: needed
cosmic_yaml-cpp: ignored (reached end-of-life)
disco_yaml-cpp: ignored (reached end-of-life)
eoan_yaml-cpp: ignored (reached end-of-life)
focal_yaml-cpp: needed
groovy_yaml-cpp: not-affected (0.6.3-9)
hirsute_yaml-cpp: not-affected (0.6.3-9)
impish_yaml-cpp: not-affected (0.6.3-9)
jammy_yaml-cpp: not-affected (0.6.3-9)
devel_yaml-cpp: not-affected (0.6.3-9)