-
Notifications
You must be signed in to change notification settings - Fork 316
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CVE-2024-35325 #303
Comments
If I may offer a suggestion, given that pointers are passed within structures, it might be useful to explicitly set pointers to NULL after being freed. While this does not correct a bad caller from double freeing, what it does to is change the action to SIGSEGV when an attempt is made to free a NULL. This would, hopefully, change the target of the vulnerability to the caller, were it rightly belongs. |
This is similar CVE as the previous ones from the same author. yaml/libyaml#303 explain why this is misuse (or wrong use) of libyaml. (From OE-Core rev: f233c1b7d55fbc8c1968c105905462eed5c793e6) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Steve Sakoman <[email protected]>
This is similar CVE as the previous ones from the same author. yaml/libyaml#303 explain why this is misuse (or wrong use) of libyaml. (From OE-Core rev: a28240d49c111050e253e373507ac3094b74f6e1) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Steve Sakoman <[email protected]>
This is similar CVE as the previous ones from the same author. yaml/libyaml#303 explain why this is misuse (or wrong use) of libyaml. (From OE-Core rev: 1a1ada9ccf1a4c1ab34c084dfcf6dd1bde45fa9c) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Richard Purdie <[email protected]>
This is similar CVE as the previous ones from the same author. yaml/libyaml#303 explain why this is misuse (or wrong use) of libyaml. Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Richard Purdie <[email protected]>
This is similar CVE as the previous ones from the same author. yaml/libyaml#303 explain why this is misuse (or wrong use) of libyaml. (From OE-Core rev: 5a150a5a9cd7b75c2a4d6e9f14d6d9896aee0173) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Alexandre Belloni <[email protected]>
This is similar CVE as the previous ones from the same author. yaml/libyaml#303 explain why this is misuse (or wrong use) of libyaml. (From OE-Core rev: c97f00d122f60501751625e27b9c70166396d754) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Richard Purdie <[email protected]>
This is similar CVE as the previous ones from the same author. yaml/libyaml#303 explain why this is misuse (or wrong use) of libyaml. Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Richard Purdie <[email protected]>
This is similar CVE as the previous ones from the same author. yaml/libyaml#303 explain why this is misuse (or wrong use) of libyaml. (From OE-Core rev: c97f00d122f60501751625e27b9c70166396d754) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Richard Purdie <[email protected]>
This is similar CVE as the previous ones from the same author. yaml/libyaml#303 explain why this is misuse (or wrong use) of libyaml. (From OE-Core rev: c97f00d122f60501751625e27b9c70166396d754) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Richard Purdie <[email protected]>
This is similar CVE as the previous ones from the same author. yaml/libyaml#303 explain why this is misuse (or wrong use) of libyaml. (From OE-Core rev: c97f00d122f60501751625e27b9c70166396d754) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Richard Purdie <[email protected]>
This is similar CVE as the previous ones from the same author. yaml/libyaml#303 explain why this is misuse (or wrong use) of libyaml. (From OE-Core rev: c97f00d122f60501751625e27b9c70166396d754) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Richard Purdie <[email protected]>
This is similar CVE as the previous ones from the same author. yaml/libyaml#303 explain why this is misuse (or wrong use) of libyaml. (From OE-Core rev: c97f00d122f60501751625e27b9c70166396d754) Signed-off-by: Peter Marko <peter.markosiemens.com> Signed-off-by: Richard Purdie <richard.purdielinuxfoundation.org>
This is similar CVE as the previous ones from the same author. yaml/libyaml#303 explain why this is misuse (or wrong use) of libyaml. (From OE-Core rev: a28240d49c111050e253e373507ac3094b74f6e1) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Steve Sakoman <[email protected]>
This is similar CVE as the previous ones from the same author. yaml/libyaml#303 explain why this is misuse (or wrong use) of libyaml. (From OE-Core rev: 5a150a5a9cd7b75c2a4d6e9f14d6d9896aee0173) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Alexandre Belloni <[email protected]>
This is similar CVE as the previous ones from the same author. yaml/libyaml#303 explain why this is misuse (or wrong use) of libyaml. (From OE-Core rev: f233c1b7d55fbc8c1968c105905462eed5c793e6) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Steve Sakoman <[email protected]>
This is similar CVE as the previous ones from the same author. yaml/libyaml#303 explain why this is misuse (or wrong use) of libyaml. (From OE-Core rev: c97f00d122f60501751625e27b9c70166396d754) Signed-off-by: Peter Marko <peter.markosiemens.com> Signed-off-by: Richard Purdie <richard.purdielinuxfoundation.org>
Source: poky MR: 158408, 161388 Type: Integration Disposition: Merged from poky-nut ChangeID: a727c779c422dd5af4df0996a387df95f27e55a8 Description: This is similar CVE as the previous ones from the same author. yaml/libyaml#303 explain why this is misuse (or wrong use) of libyaml. Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Steve Sakoman <[email protected]> Signed-off-by: Jeremy A. Puhlman <[email protected]>
This is similar CVE as the previous ones from the same author. yaml/libyaml#303 explain why this is misuse (or wrong use) of libyaml. (From OE-Core rev: a28240d49c111050e253e373507ac3094b74f6e1) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Steve Sakoman <[email protected]>
This is similar CVE as the previous ones from the same author. yaml/libyaml#303 explain why this is misuse (or wrong use) of libyaml. (From OE-Core rev: f233c1b7d55fbc8c1968c105905462eed5c793e6) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Steve Sakoman <[email protected]>
This is similar CVE as the previous ones from the same author. yaml/libyaml#303 explain why this is misuse (or wrong use) of libyaml. Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Steve Sakoman <[email protected]>
This is similar CVE as the previous ones from the same author. yaml/libyaml#303 explain why this is misuse (or wrong use) of libyaml. (From OE-Core rev: f233c1b7d55fbc8c1968c105905462eed5c793e6) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Steve Sakoman <[email protected]>
This is similar CVE as the previous ones from the same author. yaml/libyaml#303 explain why this is misuse (or wrong use) of libyaml. Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Steve Sakoman <[email protected]>
This is similar CVE as the previous ones from the same author. yaml/libyaml#303 explain why this is misuse (or wrong use) of libyaml. (From OE-Core rev: a28240d49c111050e253e373507ac3094b74f6e1) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Steve Sakoman <[email protected]>
This CVE has been rejected. |
This is similar CVE as the previous ones from the same author. yaml/libyaml#303 explain why this is misuse (or wrong use) of libyaml. (From OE-Core rev: c97f00d122f60501751625e27b9c70166396d754) Signed-off-by: Peter Marko <peter.markosiemens.com> Signed-off-by: Richard Purdie <richard.purdielinuxfoundation.org>
Source: poky MR: 161391, 158190 Type: Security Fix Disposition: Merged from poky ChangeID: da07e6e Description: This is similar CVE as the previous ones from the same author. yaml/libyaml#303 explain why this is misuse (or wrong use) of libyaml. (From OE-Core rev: a28240d49c111050e253e373507ac3094b74f6e1) Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Steve Sakoman <[email protected]> Signed-off-by: Jeremy A. Puhlman <[email protected]>
The following CVE is a misuse of the libyaml API:
I can copy the relevant part of the code:
yaml_emitter_emit()
is responsible for deleting the events, you are not supposed to callyaml_event_delete()
yourself.yaml_event_delete()
cannot check if the event was already deleted due to the nature of the struct. The struct would have to be changed, and all code using libyaml, for example bindings, would have to be changed.I couldn't find a way to check it wit the current struct.
The vulnerability is in code that is using libyaml in a wrong way, not in libyaml directly.
Of course nowadays one might say the design of libyaml is bad and should prevent such misusage, but libyaml is quite a few years old, and preventing that will break things, like I said, and would be quite some work, and I don't know anyone who would have the free time for this.
So I'm not sure if that counts as a CVE.
I can improve the documentation (when I have some free time).
Anyone who knows more about when something is deserving to have a CVE or not is welcome to comment.
There was already a discussion about that CVE in #297 but the thread is distracting because I was arguing with the issue author about the way it was reported and published.
The text was updated successfully, but these errors were encountered: