Vulnerability DatabaseCVE-2022-41854
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2022-41854
November 11, 2022
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
Affected Packages
org.yaml:snakeyaml (JAVA):
Affected version(s) >=1.4 <1.32
Fix Suggestion:
Update to version 1.32
Related ResourcesĀ (19)
https://security.netapp.com/advisory/ntap-20240315-0009/
https://security.netapp.com/advisory/ntap-20240621-0006
https://bitbucket.org/snakeyaml/snakeyaml
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR
https://nvd.nist.gov/vuln/detail/CVE-2022-41854
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355
https://access.redhat.com/security/cve/CVE-2022-41854
https://bitbucket.org/snakeyaml/snakeyaml/commits/e230a1758842beec93d28eddfde568c21774780a
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR/
https://bitbucket.org/snakeyaml/snakeyaml/issues/531
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR
https://security.netapp.com/advisory/ntap-20240621-0006/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J/
https://security.netapp.com/advisory/ntap-20240315-0009
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE/
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
PASSIVE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
HIGH
CVSS v3
Base Score:
5.8
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH
Weakness Type (CWE)
Out-of-bounds Write
CWE-787
Stack-based Buffer Overflow
CWE-121
EPSS
Base Score:
0.09