PT-2022-6915 · Snakeyaml+5 · Snakeyaml+5

Published

2022-09-05

Updated

2024-03-15

CVE-2022-38749

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions snakeYAML (affected versions not specified)

Description The issue is related to a Denial of Service (DOS) attack that can occur when using snakeYAML to parse untrusted YAML files. If the parser is running on user-supplied input, an attacker may supply content that causes the parser to crash due to a stack overflow. This can be exploited by a remote attacker to cause a service disruption.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

BDU:2023-05608

CVE-2022-38749

DLA-3132-1

GHSA-C4R9-R8FH-9VJ2

OESA-2023-1162

OESA-2023-1163

OESA-2023-1164

OESA-2023-1165

OPENSUSE-SU-2022_3397-1

OPENSUSE-SU-2024:12308-1

RHSA-2023:1043

RHSA-2023:1044

RHSA-2023:1045

RHSA-2023:2097

RLSA-2023:2097

SUSE-SU-2022:3397-1

SUSE-SU-2022:3560-1

USN-5944-1

Affected Products

Astra Linux

Linuxmint

Rocky Linux

Suse

Ubuntu

Snakeyaml

PT-2022-6915 · Snakeyaml+5 · Snakeyaml+5

CVE-2022-38749

Weakness Enumeration

Related Identifiers

Affected Products

References · 58