VDB

CISA-2022-38752

CISA-2022-38752 PUBLISHED CVSS 6.5 MEDIUM

Reported by Google · Published September 5, 2022

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
snakeyamlSnakeYAMLunspecified
snakeyamlSnakeYAMLunspecified, unspecified
snakeyaml_projectsnakeyaml0, 0

Timeline

  • Sep 5, 2022 CVE Published
  • Aug 3, 2024 CVE Updated
  • Apr 26, 2026 Security Advisory

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›