VDB
RHBA-2023%3A3300
RHBA-2023%3A3300
PUBLISHED
CVSS 6.5 MEDIUM
Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | ocp-tools-4/jenkins-rhel8@sha256:679aa2d2879a987b59397d3e10f0839f20de3c91ffaf4f062b3351609c86ce9f_ppc64le as a component of OpenShift Developer Tools and Services for OCP 4.12 | ocp-tools-4/jenkins-rhel8@sha256:679aa2d2879a987b59397d3e10f0839f20de3c91ffaf4f062b3351609c86ce9f_ppc64le |
| Red Hat | ocp-tools-4/jenkins-rhel8@sha256:1c4b554f7d5c3d00805e52f927b03c37d2fb9e9abe47090f6938ea34da94fbb9_arm64 as a component of OpenShift Developer Tools and Services for OCP 4.12 | ocp-tools-4/jenkins-rhel8@sha256:1c4b554f7d5c3d00805e52f927b03c37d2fb9e9abe47090f6938ea34da94fbb9_arm64 |
| Red Hat | ocp-tools-4/jenkins-agent-base-rhel8@sha256:0313544d81f202e1945024ed9dd6e7c91d1506c00fc8e642f6d168bb7f59e27a_s390x as a component of OpenShift Developer Tools and Services for OCP 4.12 | ocp-tools-4/jenkins-agent-base-rhel8@sha256:0313544d81f202e1945024ed9dd6e7c91d1506c00fc8e642f6d168bb7f59e27a_s390x |
| Red Hat | ocp-tools-4/jenkins-rhel8@sha256:62ff9863ea5501e790cb56171625abdb7b42e0e2fee658f03264631b76bf1800_s390x as a component of OpenShift Developer Tools and Services for OCP 4.12 | * |
| Red Hat | ocp-tools-4/jenkins-agent-base-rhel8@sha256:0423ad7d75b79137b9ebc4460ee43d590344247a74940164585fce22979e1e23_amd64 as a component of OpenShift Developer Tools and Services for OCP 4.12 | ocp-tools-4/jenkins-agent-base-rhel8@sha256:0423ad7d75b79137b9ebc4460ee43d590344247a74940164585fce22979e1e23_amd64 |
| Red Hat | ocp-tools-4/jenkins-rhel8@sha256:270b4e3496a9f4267e28883aacfe2da2e7ac2207efb4b793261dc1d06048535c_amd64 as a component of OpenShift Developer Tools and Services for OCP 4.12 | ocp-tools-4/jenkins-rhel8@sha256:270b4e3496a9f4267e28883aacfe2da2e7ac2207efb4b793261dc1d06048535c_amd64 |
| Red Hat | ocp-tools-4/jenkins-agent-base-rhel8@sha256:ca7fb421a4e99ab1868e1ba7d1efca81598c940f8dbddc9ead615851325897bb_arm64 as a component of OpenShift Developer Tools and Services for OCP 4.12 | * |
| Red Hat | ocp-tools-4/jenkins-agent-base-rhel8@sha256:936ef200431e0c833d351365113ff42e384b1080aebe84d5d913f52fb67da344_ppc64le as a component of OpenShift Developer Tools and Services for OCP 4.12 | * |
Timeline
- May 24, 2023 CVE Published
- Mar 26, 2026 CVE Updated
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHBA-2023:3300 advisory
- https://docs.openshift.com/container-platform/4.12/cicd/jenkins/important-changes-to-openshift-jenkins-images.html advisory
- https://issues.redhat.com/browse/OCPBUGS-10976 advisory
- https://issues.redhat.com/browse/OCPBUGS-11348 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhba-2023_3300.json advisory
- https://access.redhat.com/security/cve/CVE-2022-41854 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2151988 issue
- https://www.cve.org/CVERecord?id=CVE-2022-41854 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-41854 advisory
- https://bitbucket.org/snakeyaml/snakeyaml/issues/543/stackoverflow-oss-fuzz-50355 advisory
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355 advisory