{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57601?format=json","vulnerability_id":"VCID-pkg9-61ah-kbex","summary":"security update","aliases":[{"alias":"CVE-2014-2525"},{"alias":"GHSA-rffm-7xqq-h2v6"},{"alias":"OSV-105027"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572258?format=json","purl":"pkg:deb/debian/libyaml@0.1.4-2%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ft98-s9x5-byev"},{"vulnerability":"VCID-pkg9-61ah-kbex"},{"vulnerability":"VCID-rj4z-edkc-pbdw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libyaml@0.1.4-2%252Bdeb7u5"},{"url":"http://public2.vulnerablecode.io/api/packages/929356?format=json","purl":"pkg:deb/debian/libyaml@0.1.4-3.2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libyaml@0.1.4-3.2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1056535?format=json","purl":"pkg:deb/debian/libyaml@0.1.6-3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libyaml@0.1.6-3"},{"url":"http://public2.vulnerablecode.io/api/packages/929354?format=json","purl":"pkg:deb/debian/libyaml@0.2.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libyaml@0.2.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929352?format=json","purl":"pkg:deb/debian/libyaml@0.2.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libyaml@0.2.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929355?format=json","purl":"pkg:deb/debian/libyaml@0.2.5-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libyaml@0.2.5-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/571652?format=json","purl":"pkg:deb/debian/libyaml-libyaml-perl@0.38-3%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ft98-s9x5-byev"},{"vulnerability":"VCID-pkg9-61ah-kbex"},{"vulnerability":"VCID-rj4z-edkc-pbdw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libyaml-libyaml-perl@0.38-3%252Bdeb7u3"},{"url":"http://public2.vulnerablecode.io/api/packages/929364?format=json","purl":"pkg:deb/debian/libyaml-libyaml-perl@0.41-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libyaml-libyaml-perl@0.41-5%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/1057648?format=json","purl":"pkg:deb/debian/libyaml-libyaml-perl@0.41-6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libyaml-libyaml-perl@0.41-6"},{"url":"http://public2.vulnerablecode.io/api/packages/929360?format=json","purl":"pkg:deb/debian/libyaml-libyaml-perl@0.82%2Brepack-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-6zxb-1pvy-yqcp"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libyaml-libyaml-perl@0.82%252Brepack-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929358?format=json","purl":"pkg:deb/debian/libyaml-libyaml-perl@0.86%2Bds-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libyaml-libyaml-perl@0.86%252Bds-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929362?format=json","purl":"pkg:deb/debian/libyaml-libyaml-perl@0.903.0%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libyaml-libyaml-perl@0.903.0%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/929361?format=json","purl":"pkg:deb/debian/libyaml-libyaml-perl@0.904.0%2Bds-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libyaml-libyaml-perl@0.904.0%252Bds-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/84163?format=json","purl":"pkg:ebuild/dev-libs/libyaml@0.1.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/libyaml@0.1.6"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572255?format=json","purl":"pkg:deb/debian/libyaml@0.1.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ft98-s9x5-byev"},{"vulnerability":"VCID-pkg9-61ah-kbex"},{"vulnerability":"VCID-rj4z-edkc-pbdw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libyaml@0.1.1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/572256?format=json","purl":"pkg:deb/debian/libyaml@0.1.3-1%2Bdeb6u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ft98-s9x5-byev"},{"vulnerability":"VCID-pkg9-61ah-kbex"},{"vulnerability":"VCID-rj4z-edkc-pbdw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libyaml@0.1.3-1%252Bdeb6u4"},{"url":"http://public2.vulnerablecode.io/api/packages/572257?format=json","purl":"pkg:deb/debian/libyaml@0.1.3-1%2Bdeb6u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ft98-s9x5-byev"},{"vulnerability":"VCID-pkg9-61ah-kbex"},{"vulnerability":"VCID-rj4z-edkc-pbdw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libyaml@0.1.3-1%252Bdeb6u5"},{"url":"http://public2.vulnerablecode.io/api/packages/572258?format=json","purl":"pkg:deb/debian/libyaml@0.1.4-2%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ft98-s9x5-byev"},{"vulnerability":"VCID-pkg9-61ah-kbex"},{"vulnerability":"VCID-rj4z-edkc-pbdw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libyaml@0.1.4-2%252Bdeb7u5"},{"url":"http://public2.vulnerablecode.io/api/packages/571648?format=json","purl":"pkg:deb/debian/libyaml-libyaml-perl@0.33-1%2Bsqueeze3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gya-adz6-2qgf"},{"vulnerability":"VCID-ft98-s9x5-byev"},{"vulnerability":"VCID-pkg9-61ah-kbex"},{"vulnerability":"VCID-rj4z-edkc-pbdw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libyaml-libyaml-perl@0.33-1%252Bsqueeze3"},{"url":"http://public2.vulnerablecode.io/api/packages/571650?format=json","purl":"pkg:deb/debian/libyaml-libyaml-perl@0.33-1%2Bsqueeze4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2gya-adz6-2qgf"},{"vulnerability":"VCID-ft98-s9x5-byev"},{"vulnerability":"VCID-pkg9-61ah-kbex"},{"vulnerability":"VCID-rj4z-edkc-pbdw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libyaml-libyaml-perl@0.33-1%252Bsqueeze4"},{"url":"http://public2.vulnerablecode.io/api/packages/571652?format=json","purl":"pkg:deb/debian/libyaml-libyaml-perl@0.38-3%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ft98-s9x5-byev"},{"vulnerability":"VCID-pkg9-61ah-kbex"},{"vulnerability":"VCID-rj4z-edkc-pbdw"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/libyaml-libyaml-perl@0.38-3%252Bdeb7u3"},{"url":"http://public2.vulnerablecode.io/api/packages/122821?format=json","purl":"pkg:rpm/redhat/libyaml@0.1.3-1.4?arch=el6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ft98-s9x5-byev"},{"vulnerability":"VCID-pkg9-61ah-kbex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libyaml@0.1.3-1.4%3Farch=el6"},{"url":"http://public2.vulnerablecode.io/api/packages/122822?format=json","purl":"pkg:rpm/redhat/ruby193-libyaml@0.1.4-5.1?arch=el6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ft98-s9x5-byev"},{"vulnerability":"VCID-pkg9-61ah-kbex"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/ruby193-libyaml@0.1.4-5.1%3Farch=el6"},{"url":"http://public2.vulnerablecode.io/api/packages/130658?format=json","purl":"pkg:ruby/ruby@2.0.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1bdw-9rs5-6ycg"},{"vulnerability":"VCID-3uaa-r5vu-2fg9"},{"vulnerability":"VCID-cvs2-zecm-z3h8"},{"vulnerability":"VCID-g7ju-q41v-wyhd"},{"vulnerability":"VCID-k6dd-ykw2-nfh6"},{"vulnerability":"VCID-pkg9-61ah-kbex"},{"vulnerability":"VCID-wzdf-d9fv-u3hh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:ruby/ruby@2.0.1"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2525.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2525.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2525","reference_id":"","reference_type":"","scores":[{"value":"0.63229","scoring_system":"epss","scoring_elements":"0.98384","published_at":"2026-04-01T12:55:00Z"},{"value":"0.63229","scoring_system":"epss","scoring_elements":"0.98386","published_at":"2026-04-02T12:55:00Z"},{"value":"0.63229","scoring_system":"epss","scoring_elements":"0.9839","published_at":"2026-04-04T12:55:00Z"},{"value":"0.63229","scoring_system":"epss","scoring_elements":"0.98393","published_at":"2026-04-07T12:55:00Z"},{"value":"0.63229","scoring_system":"epss","scoring_elements":"0.98397","published_at":"2026-04-08T12:55:00Z"},{"value":"0.63229","scoring_system":"epss","scoring_elements":"0.98398","published_at":"2026-04-09T12:55:00Z"},{"value":"0.63229","scoring_system":"epss","scoring_elements":"0.98401","published_at":"2026-04-13T12:55:00Z"},{"value":"0.63229","scoring_system":"epss","scoring_elements":"0.98406","published_at":"2026-04-16T12:55:00Z"},{"value":"0.63229","scoring_system":"epss","scoring_elements":"0.98405","published_at":"2026-04-21T12:55:00Z"},{"value":"0.63229","scoring_system":"epss","scoring_elements":"0.98409","published_at":"2026-04-26T12:55:00Z"},{"value":"0.63229","scoring_system":"epss","scoring_elements":"0.9841","published_at":"2026-04-29T12:55:00Z"},{"value":"0.63229","scoring_system":"epss","scoring_elements":"0.98414","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2525"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2525","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2525"},{"reference_url":"https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525","reference_id":"","reference_type":"","scores":[],"url":"https://www.ruby-lang.org/en/news/2014/03/29/heap-overflow-in-yaml-uri-escape-parsing-cve-2014-2525"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1078083","reference_id":"1078083","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1078083"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742732","reference_id":"742732","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742732"},{"reference_url":"https://security.gentoo.org/glsa/201405-27","reference_id":"GLSA-201405-27","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201405-27"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0353","reference_id":"RHSA-2014:0353","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0353"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0354","reference_id":"RHSA-2014:0354","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0354"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0355","reference_id":"RHSA-2014:0355","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0355"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0364","reference_id":"RHSA-2014:0364","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0364"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0415","reference_id":"RHSA-2014:0415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0415"},{"reference_url":"https://usn.ubuntu.com/2160-1/","reference_id":"USN-2160-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2160-1/"},{"reference_url":"https://usn.ubuntu.com/2161-1/","reference_id":"USN-2161-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2161-1/"}],"weaknesses":[{"cwe_id":122,"name":"Heap-based Buffer Overflow","description":"A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc()."}],"exploits":[],"severity_range_score":null,"exploitability":"0.5","weighted_severity":"0.6","risk_score":0.3,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pkg9-61ah-kbex"}