Security Advisories

CGA-jqmf-qxq4-phw6

Published

Last updated

https://images.chainguard.dev/security/CGA-jqmf-qxq4-phw6

Package

management-api-for-apache-cassandra-4.0

Latest Update

Fixed

Fixed Version

0.1.89-r0

Aliases

CVE-2022-38752
GHSA-9w3m-gqgf-c4p9

Severity

6.5

Medium

CVSS V3

Summary

snakeYAML before 1.32 vulnerable to Denial of Service due to Out-of-bounds Write

Description

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DoS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-38752
https://github.com/advisories/GHSA-9w3m-gqgf-c4p9
https://bitbucket.org/snakeyaml/snakeyaml
https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081
https://security.gentoo.org/glsa/202305-28
https://security.netapp.com/advisory/ntap-20240315-0009

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-jqmf-qxq4-phw6

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources