CVE-2022-38749
Summary
| CVE | CVE-2022-38749 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2022-09-05 10:15:00 UTC |
|---|
| Updated | 2024-03-15 11:15:00 UTC |
|---|
| Description | Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| snakeyaml: Multiple Vulnerabilities (GLSA 202305-28) — Gentoo security |
GENTOO |
security.gentoo.org |
|
| snakeyaml / snakeyaml
/ issues
/ #525 - Got StackOverflowError for many open unmatched brackets
— Bitbucket |
MISC |
bitbucket.org |
|
| security.netapp.com/advisory/ntap-20240315-0010 |
|
security.netapp.com |
|
| [SECURITY] [DLA 3132-1] snakeyaml security update |
MLIST |
lists.debian.org |
|
| 47024 -
oss-fuzz -
OSS-Fuzz: Fuzzing the planet -
Monorail |
MISC |
bugs.chromium.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 181092 Debian Security Update for snakeyaml (DLA 3132-1)
- 182240 Debian Security Update for snakeyaml (CVE-2022-38749)
- 199232 Ubuntu Security Notification for SnakeYAML Vulnerabilities (USN-5944-1)
- 20396 IBM DB2 Multiple Vulnerabilities (7095807)
- 241405 Red Hat Update for Satellite 6.13 (RHSA-2023:2097)
- 710729 Gentoo Linux snakeyaml Multiple Vulnerabilities (GLSA 202305-28)
- 753357 SUSE Enterprise Linux Security Update for snakeyaml (SUSE-SU-2022:3397-1)
- 903870 Common Base Linux Mariner (CBL-Mariner) Security Update for snakeyaml (10866)
- 960924 Rocky Linux Security Update for Satellite (RLSA-2023:2097)
