Bug 1222284 (CVE-2024-3205)

Summary: VUL-0: REJECTED: CVE-2024-3205: libyaml,perl-YAML-LibYAML: heap-based buffer overflow in yaml_emitter_emit_flow_sequence_item() in src/emitter.c
Product: [Novell Products] SUSE Security Incidents Reporter: SMASH SMASH <smash_bz>
Component: IncidentsAssignee: Jordi Massaguer <jmassaguerpla>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: abergmann, camila.matos, carlos.lopez, cxiong, meissner, pmonrealgonzalez, tina.mueller
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/400065/
Whiteboard: CVSSv3.1:SUSE:CVE-2024-3205:8.6:(AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H)
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description SMASH SMASH 2024-04-03 16:59:21 UTC 
A vulnerability was found in yaml libyaml up to 0.2.5 and classified as critical. Affected by this issue is the function yaml_emitter_emit_flow_sequence_item of the file /src/libyaml/src/emitter.c. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-3205
https://www.cve.org/CVERecord?id=CVE-2024-3205
https://drive.google.com/drive/folders/1lwNEs8wqwkUV52f3uQNYMPrxRuXPtGQs?usp=sharing
https://vuldb.com/?ctiid.259052
https://vuldb.com/?id.259052
https://vuldb.com/?submit.304561
https://bugzilla.redhat.com/show_bug.cgi?id=2272889
Comment 2 Camila Camargo de Matos 2024-04-03 17:07:34 UTC 
Two issues related to this vulnerability has been opened in the upstream GitHub repository:
https://github.com/yaml/libyaml/issues/258 (created Nov. 2022)
https://github.com/yaml/libyaml/issues/289 (created April 2024)
Related to the above issues there is the following PR:
https://github.com/yaml/libyaml/pull/259
Comment 11 Camila Camargo de Matos 2024-04-09 08:08:36 UTC 
New GitHub PR: https://github.com/yaml/libyaml/pull/290
Comment 19 Tina Müller 2024-05-27 15:17:04 UTC 
I contacted VulDB to reject the CVE.
They just replied and confirmed that the CVE is rejected:
https://www.cve.org/CVERecord
https://vuldb.com/?diff.259052

What else is to be done here for us?
Comment 20 Carlos López 2024-05-27 15:27:12 UTC 
CVE rejected, closing.