CVE-2022-38750

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2022-38750

Severity

Unknown

Description

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.

References

https://images.chainguard.dev/security/CGA-2mmr-v32w-2chv
https://github.com/advisories/GHSA-hhhw-99gj-p3c3
https://images.chainguard.dev/security/CGA-9895-9g9x-cj52
https://images.chainguard.dev/security/CGA-q3gr-9338-xxc9
https://images.chainguard.dev/security/CGA-3q4c-xhff-2xpv
https://images.chainguard.dev/security/CGA-67vf-v8g4-c73c
https://images.chainguard.dev/security/CGA-jq57-h472-h8px
https://images.chainguard.dev/security/CGA-5jp4-3j6v-xcj7
https://images.chainguard.dev/security/CGA-xgv4-vx4w-mxg9
https://security.gentoo.org/glsa/202305-28
https://security.netapp.com/advisory/ntap-20240315-0010/
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027
https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html
https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz-47027
https://security-tracker.debian.org/tracker/CVE-2022-38750

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2022-38750

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources