CVE-2024-35325
Libyaml Double-Free Vulnerability
Description
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
INFO
Published Date :
June 13, 2024, 5:15 p.m.
Last Modified :
Aug. 28, 2024, 4:15 p.m.
Remotely Exploit :
No
Source :
[email protected]
Public PoC/Exploit Available at Github
CVE-2024-35325 has a 1 public
PoC/Exploit available at Github.
Go to the Public Exploits tab to see the list.
We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).
Fluentbit container image built as small as possible with security in mind
docker-image dockerfile fluent-bit
Dockerfile
Results are limited to the first 15 repositories due to potential performance issues.
The following list is the news that have been mention
CVE-2024-35325 vulnerability anywhere in the article.
The following table lists the changes that have been made to the
CVE-2024-35325 vulnerability over time.
Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.
-
CVE Translated by [email protected]
Aug. 28, 2024
Action Type Old Value New Value Removed Translation Title: libyaml Description: Se encontró una vulnerabilidad en libyaml hasta 0.2.5. La función yaml_event_delete del archivo /src/libyaml/src/api.c es afectada por esta vulnerabilidad. La manipulación conduce a una doble libertad. -
CVE Rejected by [email protected]
Aug. 28, 2024
Action Type Old Value New Value -
CVE Modified by [email protected]
Aug. 28, 2024
Action Type Old Value New Value Changed Description A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free. Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Removed Reference MITRE https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c Removed Reference MITRE https://github.com/idhyt/pocs/tree/main/libyaml Removed CWE NIST CWE-415 Removed CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Removed CPE Configuration OR *cpe:2.3:a:pyyaml:libyaml:*:*:*:*:*:*:*:* versions from (including) 0.2.5 -
CVE Modified by [email protected]
Aug. 28, 2024
Action Type Old Value New Value Added Reference MITRE https://github.com/idhyt/pocs/tree/main/libyaml [No types assigned] -
Initial Analysis by [email protected]
Aug. 23, 2024
Action Type Old Value New Value Added CVSS V3.1 NIST AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Changed Reference Type https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c No Types Assigned https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c Exploit, Third Party Advisory Added CWE NIST CWE-415 Added CPE Configuration OR *cpe:2.3:a:pyyaml:libyaml:*:*:*:*:*:*:*:* versions up to (including) 0.2.5 -
CVE Received by [email protected]
Jun. 13, 2024
Action Type Old Value New Value Added Description A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free. Added Reference MITRE https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35325.c [No types assigned]