CVE-2022-28948

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Go-Yaml version v3

Description An issue in the Unmarshal function causes the program to crash or panic when attempting to deserialize invalid input.

Recommendations For Go-Yaml version v3, consider validating input data before attempting to deserialize it to prevent the program from crashing or panicking. As a temporary workaround, consider adding error handling to the Unmarshal function to manage invalid input gracefully. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

AZL-31966

BDU:2025-02343

CLEANSTART-2026-HV28992

CVE-2022-28948

GHSA-HP87-P4GW-J4GQ

GO-2022-0603

OPENSUSE-SU-2024:0319-1

OPENSUSE-SU-2024:12490-1

OPENSUSE-SU-2025:15510-1

OPENSUSE-SU-2025:15529-1

SUSE-SU-2025:02998-1

SUSE-SU-2025:02999-1

SUSE-SU-2025:03000-1

SUSE-SU-2025:03001-1

SUSE-SU-2025_03001-1

Affected Products

Astra Linux

Debian

Go-Yaml

Suse

CVE-2022-28948

Weakness Enumeration

Related Identifiers

Affected Products

References · 73