There is a new security vulnerability report with ID CVE-2024-35326
The reproducer is available here: https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35326.c
Could please anybody, who understands the codebase of libyaml, verify that this is really an issue/vulnerability? Previous experiences teach us that not all CVEs are really something to fix here.
There is a new security vulnerability report with ID CVE-2024-35326
The reproducer is available here: https://github.com/idhyt/pocs/blob/main/libyaml/CVE-2024-35326.c
Could please anybody, who understands the codebase of libyaml, verify that this is really an issue/vulnerability? Previous experiences teach us that not all CVEs are really something to fix here.