CVE-2022-3064

Name
CVE-2022-3064
Description
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/go-yaml/yaml/releases/tag/v2.2.4
MISC https://pkg.go.dev/vuln/GO-2022-0956
MISC https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5
MISC https://lists.debian.org/debian-lts-announce/2023/07/msg00001.html
MISC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
MISC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/
MISC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
MISC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/
MISC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
MISC https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:yaml_project:yaml:*:*:*:*:*:go:*:* yaml >= None < 2.2.4

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
yaml edge-main 0.2.5-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
yaml 3.18-main 0.2.5-r1 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
yaml 3.17-main 0.2.5-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
yaml 3.16-main 0.2.5-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
yaml 3.15-main 0.2.5-r0 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable
yaml 3.19-main 0.2.5-r2 Natanael Copa <ncopa@alpinelinux.org> possibly vulnerable