CVE-2014-9130

Exp

scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.

Published: 2014-12-08 Last update: 2026-05-06 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2014-9130 is rated High Exploit Risk (71.7/100): CVSS Medium severity, with high exploitation likelihood (EPSS 57.63%, 98th percentile). 3 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +2.29% over the last day, indicating growing attacker interest. Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2014-9130

EDB-ID Source Kind Published Link
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2014-9130

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-05-27 55.34% 57.63% +2.29%
2 2026-05-01 54.85% 55.34% +0.49%
3 2026-03-28 54.85%

Full EPSS history (54 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2014-9130

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
5.0 2.0 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:N)
No confidentiality impact.
Integrity impact (I:N)
No integrity impact.
Availability impact (A:P)
Partial availability impact.
 10.0 2.9 [email protected]

Weakness enumeration for CVE-2014-9130

OS Trackers for CVE-2014-9130

vendor priority summary link
debian not yet assigned CVE-2014-9130 not yet assigned priority: Debian including 3 source packages (libyaml, libyaml-libyaml-perl, pyyaml), 15 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 15. https://security-tracker.debian.org/tracker/CVE-2014-9130
redhat medium https://access.redhat.com/security/cve/CVE-2014-9130
suse medium CVE-2014-9130 severity moderate: SUSE including 361 source package names (4.0.0:libyaml-0-2-0.1.6-4.1, amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, …), 531 product×package rows across 109 product lines (Container caasp/v4/salt-api, Container caasp/v4/salt-master, … (109 product lines)): Fixed 305, Known Affected 157, Known Not Affected 69. https://www.suse.com/security/cve/CVE-2014-9130/
ubuntu medium CVE-2014-9130 medium priority: Ubuntu including 3 source packages (libyaml, libyaml-libyaml-perl, pyyaml), 15 status rows across 5 suites (lucid, precise, trusty, upstream, utopic): released 11, ignored 3, needed 1. https://ubuntu.com/security/CVE-2014-9130

Affected software / configurations for CVE-2014-9130

Vendor Product Version Raw CPE
pyyaml libyaml 0.1.5 cpe:2.3:a:pyyaml:libyaml:0.1.5:*:*:*:*:*:*:*
pyyaml libyaml 0.1.6 cpe:2.3:a:pyyaml:libyaml:0.1.6:*:*:*:*:*:*:*

References for CVE-2014-9130

URL Tags
http://advisories.mageia.org/MGASA-2014-0508.html
http://linux.oracle.com/errata/ELSA-2015-0100.html
http://lists.opensuse.org/opensuse-updates/2015-02/msg00078.html
http://lists.opensuse.org/opensuse-updates/2016-04/msg00050.html
http://rhn.redhat.com/errata/RHSA-2015-0100.html
http://rhn.redhat.com/errata/RHSA-2015-0112.html
http://rhn.redhat.com/errata/RHSA-2015-0260.html
http://secunia.com/advisories/59947
http://secunia.com/advisories/60944
http://secunia.com/advisories/62164
http://secunia.com/advisories/62174
http://secunia.com/advisories/62176
http://secunia.com/advisories/62705
http://secunia.com/advisories/62723
http://secunia.com/advisories/62774
http://www.debian.org/security/2014/dsa-3102
http://www.debian.org/security/2014/dsa-3103
http://www.debian.org/security/2014/dsa-3115
http://www.mandriva.com/security/advisories?name=MDVSA-2014:242
http://www.mandriva.com/security/advisories?name=MDVSA-2015:060
http://www.openwall.com/lists/oss-security/2014/11/28/1 Exploit
http://www.openwall.com/lists/oss-security/2014/11/28/8
http://www.openwall.com/lists/oss-security/2014/11/29/3
http://www.securityfocus.com/bid/71349
http://www.ubuntu.com/usn/USN-2461-1
http://www.ubuntu.com/usn/USN-2461-2
http://www.ubuntu.com/usn/USN-2461-3
https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2 Exploit
https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/99047
https://puppet.com/security/cve/cve-2014-9130
cvelogic Threat Intelligence