Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
References
Configurations
History
15 Mar 2024, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
07 Nov 2023, 03:53
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
06 Jul 2023, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
11 Feb 2023, 17:42
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* |
|
First Time |
Fedoraproject
Fedoraproject fedora |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J/ - Mailing List, Third Party Advisory |
21 Dec 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Nov 2022, 20:29
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-787 | |
First Time |
Snakeyaml Project
Snakeyaml Project snakeyaml |
|
CPE | cpe:2.3:a:snakeyaml_project:snakeyaml:*:*:*:*:*:*:*:* | |
References | (CONFIRM) https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355 - Exploit, Issue Tracking, Third Party Advisory | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.5 |
11 Nov 2022, 13:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-11-11 13:15
Updated : 2024-03-15 11:15
NVD link : CVE-2022-41854
Mitre link : CVE-2022-41854
CVE.ORG link : CVE-2022-41854
JSON object : View
Products Affected
snakeyaml_project
- snakeyaml
fedoraproject
- fedora