-
Notifications
You must be signed in to change notification settings - Fork 1.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stack Overflow in SingleDocParser::HandleFlowSequence(YAML::EventHandler&) () #660
Comments
It seems that CVE-2019-6285 is a duplicate of CVE-2018-20710 (same description and same references) and - maybe - CVE-2019-6285 and CVE-2018-20710 are a duplicate of CVE-2019-6292. If that's the case @E4ck, @wcventure, can you please update the status of the CVE in order to avoid duplicates? Thank you! |
...and, if CVE-2019-6285 is a duplicate of CVE-2019-6292 then this issue is probably a duplicate of #657. |
Yeah, this does look like a dupe after a high-level look. Here's my gdb backtrace with symbols:
|
Thanks @sgayou! I have just requested to mark CVE-2018-20710 as duplicate to CVE-2019-6285 via CVE Request web form and I will share any updates about that. |
Leonardo Taccari writes:
[...]
I have just requested to mark CVE-2018-20710 as duplicate to CVE-2019-6285 via [CVE Request web form](https://cveform.mitre.org/) and I will share any updates about that.
[...]
JFTR, CVE-2018-20710 is now rejected and marked as duplicated to
CVE-2019-6285.
|
Is there any fix to the issue though? Thanks :) |
Stack Overflow in SingleDocParser::HandleFlowSequence(YAML::EventHandler&) ()
position:code
poc
To reproduce:
./parse < crash0
gdb:
Program received signal SIGSEGV, Segmentation fault.
0x0807e61d in YAML::SingleDocParser::HandleFlowSequence(YAML::EventHandler&) ()
ASAN:
The text was updated successfully, but these errors were encountered: