Security Advisories

CGA-pc67-qgg2-hpmq

Published

Last updated

https://images.chainguard.dev/security/CGA-pc67-qgg2-hpmq

Package

management-api-for-apache-cassandra-5.0

Latest Update

Fixed

Fixed Version

0.1.89-r0

Aliases

CVE-2022-38749
GHSA-c4r9-r8fh-9vj2

Severity

6.5

Medium

CVSS V3

Summary

snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write

Description

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

References

https://nvd.nist.gov/vuln/detail/CVE-2022-38749
https://github.com/advisories/GHSA-c4r9-r8fh-9vj2
https://arxiv.org/pdf/2306.05534.pdf
https://bitbucket.org/snakeyaml/snakeyaml
https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47024
https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html
https://security.gentoo.org/glsa/202305-28
https://security.netapp.com/advisory/ntap-20240315-0010

Updates

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CGA-pc67-qgg2-hpmq

Severity

Summary

Description

References

Updates

Product

Why Chainguard

Customers

Company

Resources