PT-2022-6918 · Snakeyaml+3 · Snakeyaml+3

Published

2022-11-11

Updated

2026-05-18

CVE-2022-41854

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions SnakeYAML (affected versions not specified)

Description The issue is related to a buffer overflow on the stack in the SnakeYAML library for serializing and deserializing YAML documents. This can be exploited by a remote attacker to cause a denial of service. The vulnerability can be triggered when the parser is running on user-supplied input, allowing an attacker to supply content that causes the parser to crash due to a stack overflow, potentially supporting a denial of service attack.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Stack Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121CWE-787

Related Identifiers

BDU:2023-05611

CLEANSTART-2026-GH89210

CVE-2022-41854

GHSA-W37G-RHQ8-7M4J

OESA-2023-1162

OESA-2023-1163

OESA-2023-1164

OESA-2023-1165

OESA-2023-1503

RHSA-2023:1512

RHSA-2023:1513

RHSA-2023:1514

RHSA-2023:2705

RHSA-2023:2706

RHSA-2023:2707

Affected Products

Astra Linux

Debian

Red Os

Snakeyaml

PT-2022-6918 · Snakeyaml+3 · Snakeyaml+3

CVE-2022-41854

Weakness Enumeration

Related Identifiers

Affected Products

References · 123