Bug 1226363

Summary: VUL-0: CVE-2024-35326: petsc: libyaml: double-free in yaml_emitter_emit in /src/libyaml/src/emitter.c
Product: [openSUSE] openSUSE Distribution Reporter: Camila Camargo de Matos <camila.matos>
Component: SecurityAssignee: Egbert Eich <eich>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Major    
Priority: P3 - Medium CC: camila.matos, security-team, smash_bz
Version: Leap 15.6   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/410665/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1226340    

Description Camila Camargo de Matos 2024-06-14 14:22:57 UTC 
+++ This bug was initially created as a clone of Bug #1226340 +++

libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issue is the function yaml_emitter_emit of the file /src/libyaml/src/emitter.c. The manipulation leads to a double-free.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2024-35326
https://www.cve.org/CVERecord?id=CVE-2024-35326
https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35326.c
https://bugzilla.redhat.com/show_bug.cgi?id=2292351
Comment 2 Camila Camargo de Matos 2024-06-14 15:23:26 UTC 
Although petsc embeds a copy of libyaml (since version 3.15), the upstream README file present in the directory where the libyaml code can be found [0] states that 
this copy is partial, and does not include the emitter API, which, in this case, is the piece of the library that contains the vulnerable code.

That being said, this bug will be closed as petsc seems to not be affected by the vulnerability considered here.

[0] https://gitlab.com/petsc/petsc/-/blob/main/src/sys/yaml/README.md?ref_type=heads