CVE-2022-38752

Published: Sep 5, 2022Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow.

Affected (1)

Products: Snakeyaml Project: Snakeyaml

Snakeyaml Project

1 product

Snakeyaml

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Snakeyaml Project Snakeyaml	Before 1.32

Related CWEs

CWE-121

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function).

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (8)

https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081

Source: cve-coordination@google.com

Third Party Advisory

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081

Source: cve-coordination@google.com

Permissions Required

https://security.gentoo.org/glsa/202305-28

Source: cve-coordination@google.com

https://security.netapp.com/advisory/ntap-20240315-0009/

Source: cve-coordination@google.com

https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://security.gentoo.org/glsa/202305-28

Source: af854a3a-2127-422b-91ae-364da2661108

https://security.netapp.com/advisory/ntap-20240315-0009/

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.