CVE-2022-38752

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2022-38752

Severity

Unknown

Description

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.

References

https://images.chainguard.dev/security/CGA-h55v-gg7j-gc5v
https://github.com/advisories/GHSA-9w3m-gqgf-c4p9
https://images.chainguard.dev/security/CGA-x7qp-ppg2-23x2
https://images.chainguard.dev/security/CGA-7jxj-mv7q-86xp
https://images.chainguard.dev/security/CGA-hjh8-64jq-mx4x
https://images.chainguard.dev/security/CGA-6j77-ggx4-h5xr
https://images.chainguard.dev/security/CGA-jqmf-qxq4-phw6
https://images.chainguard.dev/security/CGA-378v-mc4f-cq42
https://images.chainguard.dev/security/CGA-85g9-6hwh-32gx
https://images.chainguard.dev/security/CGA-ph82-mcm9-7236
https://security.gentoo.org/glsa/202305-28
https://security.netapp.com/advisory/ntap-20240315-0009/
https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081
https://security-tracker.debian.org/tracker/CVE-2022-38752

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

Safe Source for Open Source™

Media Kit Contact Us

Private Policy

CVE-2022-38752

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources