VDB
RHSA-2023%3A3218
RHSA-2023%3A3218
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:ef7c210cb986c50b9a3054adf6c9adc5e43a81ffca0df1aaa825e6bc655bd107_arm64 as a component of Red Hat OpenShift Container Platform 4.10 | openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:ef7c210cb986c50b9a3054adf6c9adc5e43a81ffca0df1aaa825e6bc655bd107_arm64, *, openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:ef7c210cb986c50b9a3054adf6c9adc5e43a81ffca0df1aaa825e6bc655bd107_arm64 |
| Red Hat | openshift4/ose-cloud-event-proxy-rhel8@sha256:d18f4a886768b6ff30a982371404a6c35a1f058250bead66d6a2d2e64950aa9d_arm64 as a component of Red Hat OpenShift Container Platform 4.10 | openshift4/ose-cloud-event-proxy-rhel8@sha256:d18f4a886768b6ff30a982371404a6c35a1f058250bead66d6a2d2e64950aa9d_arm64, openshift4/ose-cloud-event-proxy-rhel8@sha256:d18f4a886768b6ff30a982371404a6c35a1f058250bead66d6a2d2e64950aa9d_arm64 |
| Red Hat | openshift4/topology-aware-lifecycle-operator-precache-rhel8@sha256:47cc08af17695362c2c3f2d61d8dd3e942faeb30978338cc09e725dd3a879d8e_arm64 as a component of Red Hat OpenShift Container Platform 4.10 | openshift4/topology-aware-lifecycle-operator-precache-rhel8@sha256:47cc08af17695362c2c3f2d61d8dd3e942faeb30978338cc09e725dd3a879d8e_arm64, * |
| Red Hat | openshift4/topology-aware-lifecycle-operator-precache-rhel8@sha256:6bf1523ab70883790fb20cf437546726bf6f616197007efcd583f454ea7306f2_s390x as a component of Red Hat OpenShift Container Platform 4.10 | openshift4/topology-aware-lifecycle-operator-precache-rhel8@sha256:6bf1523ab70883790fb20cf437546726bf6f616197007efcd583f454ea7306f2_s390x, openshift4/topology-aware-lifecycle-operator-precache-rhel8@sha256:6bf1523ab70883790fb20cf437546726bf6f616197007efcd583f454ea7306f2_s390x, openshift4/topology-aware-lifecycle-operator-precache-rhel8@sha256:6bf1523ab70883790fb20cf437546726bf6f616197007efcd583f454ea7306f2_s390x |
| Red Hat | openshift4/ose-cloud-event-proxy-rhel8@sha256:941ee028574b1826df434689ab83a84301b90f0f1fb281b72b8027d01ec44039_amd64 as a component of Red Hat OpenShift Container Platform 4.10 | openshift4/ose-cloud-event-proxy-rhel8@sha256:941ee028574b1826df434689ab83a84301b90f0f1fb281b72b8027d01ec44039_amd64, *, openshift4/ose-cloud-event-proxy-rhel8@sha256:941ee028574b1826df434689ab83a84301b90f0f1fb281b72b8027d01ec44039_amd64 |
| Red Hat | openshift4/ose-ptp-operator@sha256:94d2def6669eab51e60739722a0e909e697164a0263170be4d7a8360132be565_arm64 as a component of Red Hat OpenShift Container Platform 4.10 | openshift4/ose-ptp-operator@sha256:94d2def6669eab51e60739722a0e909e697164a0263170be4d7a8360132be565_arm64, openshift4/ose-ptp-operator@sha256:94d2def6669eab51e60739722a0e909e697164a0263170be4d7a8360132be565_arm64, * |
| Red Hat | openshift4/ose-local-storage-diskmaker@sha256:dec4d42a084c1b24f811ddfa3626fe0e33167dbab7a63cd4bcbe143ce7466bd3_s390x as a component of Red Hat OpenShift Container Platform 4.10 | *, * |
| Red Hat | openshift4/metallb-rhel8-operator@sha256:630b52ee065b736d49c8fbc5b11edf5bb90f38d034ade069967d054c5d851206_arm64 as a component of Red Hat OpenShift Container Platform 4.10 | *, openshift4/metallb-rhel8-operator@sha256:630b52ee065b736d49c8fbc5b11edf5bb90f38d034ade069967d054c5d851206_arm64, openshift4/metallb-rhel8-operator@sha256:630b52ee065b736d49c8fbc5b11edf5bb90f38d034ade069967d054c5d851206_arm64 |
| Red Hat | openshift4/topology-aware-lifecycle-operator-precache-rhel8@sha256:71850536ae8aec05e915af18fae92593fb5e4ccb307ba2500978608bf624fc8d_amd64 as a component of Red Hat OpenShift Container Platform 4.10 | openshift4/topology-aware-lifecycle-operator-precache-rhel8@sha256:71850536ae8aec05e915af18fae92593fb5e4ccb307ba2500978608bf624fc8d_amd64, openshift4/topology-aware-lifecycle-operator-precache-rhel8@sha256:71850536ae8aec05e915af18fae92593fb5e4ccb307ba2500978608bf624fc8d_amd64 |
| Red Hat | openshift4/ose-local-storage-operator@sha256:75e9d31204cf203e7ab13d164831534a3f5df5ac3646299154f9705860b90395_ppc64le as a component of Red Hat OpenShift Container Platform 4.10 | openshift4/ose-local-storage-operator@sha256:75e9d31204cf203e7ab13d164831534a3f5df5ac3646299154f9705860b90395_ppc64le, openshift4/ose-local-storage-operator@sha256:75e9d31204cf203e7ab13d164831534a3f5df5ac3646299154f9705860b90395_ppc64le |
| Red Hat | openshift4/topology-aware-lifecycle-operator-precache-rhel8@sha256:47cc08af17695362c2c3f2d61d8dd3e942faeb30978338cc09e725dd3a879d8e_arm64 as a component of Red Hat OpenShift Container Platform 4.10 | *, *, openshift4/topology-aware-lifecycle-operator-precache-rhel8@sha256:47cc08af17695362c2c3f2d61d8dd3e942faeb30978338cc09e725dd3a879d8e_arm64 |
| Red Hat | openshift4/ose-cluster-capacity@sha256:c633c14cab529265aa3801d0beb31be443ce4c06d8f4380115c6e295784b450a_s390x as a component of Red Hat OpenShift Container Platform 4.10 | openshift4/ose-cluster-capacity@sha256:c633c14cab529265aa3801d0beb31be443ce4c06d8f4380115c6e295784b450a_s390x, openshift4/ose-cluster-capacity@sha256:c633c14cab529265aa3801d0beb31be443ce4c06d8f4380115c6e295784b450a_s390x |
| Red Hat | openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:2cb51eeafcce38d249ba316f6c158e8483396da7fee13deed028d7dd9d6de461_arm64 as a component of Red Hat OpenShift Container Platform 4.10 | *, * |
| Red Hat | openshift4/ose-ptp@sha256:84962f27c54581945f360b87cfcfa7853775b235e7f426074411ccfb2bfa15ce_arm64 as a component of Red Hat OpenShift Container Platform 4.10 | *, *, * |
| Red Hat | openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:ef7c210cb986c50b9a3054adf6c9adc5e43a81ffca0df1aaa825e6bc655bd107_arm64 as a component of Red Hat OpenShift Container Platform 4.10 | openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:ef7c210cb986c50b9a3054adf6c9adc5e43a81ffca0df1aaa825e6bc655bd107_arm64, * |
| Red Hat | openshift4/ose-local-storage-operator@sha256:204ffab98df7c44c7b164fea299b658821a668eb1fc0106e175b6622fcf44fbc_amd64 as a component of Red Hat OpenShift Container Platform 4.10 | openshift4/ose-local-storage-operator@sha256:204ffab98df7c44c7b164fea299b658821a668eb1fc0106e175b6622fcf44fbc_amd64, openshift4/ose-local-storage-operator@sha256:204ffab98df7c44c7b164fea299b658821a668eb1fc0106e175b6622fcf44fbc_amd64 |
| Red Hat | openshift4/ose-egress-dns-proxy@sha256:54c43d6d4bc74f639a39c38cc47d611667d10f895cec5453f11e0b29c3074a00_s390x as a component of Red Hat OpenShift Container Platform 4.10 | openshift4/ose-egress-dns-proxy@sha256:54c43d6d4bc74f639a39c38cc47d611667d10f895cec5453f11e0b29c3074a00_s390x, * |
| Red Hat | openshift4/ptp-must-gather-rhel8@sha256:99d6da77cf0eebc93c4458e06153f658f0281072571ad55f71742e8c42d3afb8_ppc64le as a component of Red Hat OpenShift Container Platform 4.10 | openshift4/ptp-must-gather-rhel8@sha256:99d6da77cf0eebc93c4458e06153f658f0281072571ad55f71742e8c42d3afb8_ppc64le, openshift4/ptp-must-gather-rhel8@sha256:99d6da77cf0eebc93c4458e06153f658f0281072571ad55f71742e8c42d3afb8_ppc64le |
| Red Hat | openshift4/ose-cluster-capacity@sha256:c633c14cab529265aa3801d0beb31be443ce4c06d8f4380115c6e295784b450a_s390x as a component of Red Hat OpenShift Container Platform 4.10 | *, openshift4/ose-cluster-capacity@sha256:c633c14cab529265aa3801d0beb31be443ce4c06d8f4380115c6e295784b450a_s390x, openshift4/ose-cluster-capacity@sha256:c633c14cab529265aa3801d0beb31be443ce4c06d8f4380115c6e295784b450a_s390x |
| Red Hat | openshift4/metallb-rhel8@sha256:58532be360acd1dd4b01587664a255762a00e9d0eadafcad4ccab5f2e8daa026_s390x as a component of Red Hat OpenShift Container Platform 4.10 | openshift4/metallb-rhel8@sha256:58532be360acd1dd4b01587664a255762a00e9d0eadafcad4ccab5f2e8daa026_s390x, openshift4/metallb-rhel8@sha256:58532be360acd1dd4b01587664a255762a00e9d0eadafcad4ccab5f2e8daa026_s390x |
…and 358 more
Timeline
- May 24, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 15, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:3218 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2163037 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_3218.json advisory
- https://access.redhat.com/security/cve/CVE-2022-3064 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-3064 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-3064 advisory
- https://github.com/advisories/GHSA-6q6q-88xp-6f2r advisory
- https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5 advisory
- https://github.com/go-yaml/yaml/releases/tag/v2.2.4 advisory
- https://pkg.go.dev/vuln/GO-2022-0956 advisory