CVE-2013-6393: eap-based buffer overflow when parsing YAML tags

February 6, 2014 (updated October 30, 2018)

LibYAML, the library that libyaml provides bindings for is vulnerable to a heap-based buffer overflow when parsing YAML tags.

References

bitbucket.org/xi/libyaml/pull-request/1/fix-cve-2013-6393/diff

Code Behaviors & Features

Detect and mitigate CVE-2013-6393 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →