Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-3064

Published: 27/12/2022 Updated: 15/09/2023
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Yaml Project

Vulnerability Summary

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

yaml project yaml

Vendor Advisories

Red Hat: Important: OpenShift Container Platform 4.10.53 bug fix and security update
Synopsis Important: OpenShift Container Platform 41053 bug fix and security update Type/Severity Security Advisory: Important Topic Red Hat OpenShift Container Platform release 41053 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift ...
Red Hat: Moderate: OpenShift Container Platform 4.11.40 security update
Synopsis Moderate: OpenShift Container Platform 41140 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 41140 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact ...
Red Hat: Important: Red Hat OpenShift GitOps security update
Synopsis Important: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift GitOps 15Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...
Red Hat: Important: Red Hat OpenStack Platform (etcd) security update
Synopsis Important: Red Hat OpenStack Platform (etcd) security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for etcd is now available for Red Hat OpenStack PlatformRed Hat Product Security has rated t ...
Red Hat: Moderate: OpenShift Container Platform 4.12.16 security update
Synopsis Moderate: OpenShift Container Platform 41216 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 41216 is now available with updates to packages and images that fix several bugsThis release includes a security update for Red Hat OpenShift Container Platform 412Red Hat Pr ...
Red Hat: Moderate: OpenShift Container Platform 4.9.56 security update
Synopsis Moderate: OpenShift Container Platform 4956 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4956 is now available with updates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Platf ...
Red Hat: Important: Red Hat OpenShift GitOps security update
Synopsis Important: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift GitOps 17Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...
Red Hat: Important: Red Hat OpenShift GitOps security update
Synopsis Important: Red Hat OpenShift GitOps security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat OpenShift GitOps 16Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed sever ...
Red Hat: Moderate: OpenShift Container Platform 4.10.52 security update
Synopsis Moderate: OpenShift Container Platform 41052 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 41052 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact ...
Red Hat: Moderate: toolbox security and bug fix update
Synopsis Moderate: toolbox security and bug fix update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for toolbox is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as ...
Red Hat: Moderate: OpenShift Container Platform 4.10.60 security update
Synopsis Moderate: OpenShift Container Platform 41060 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 41060 is now available with updates to packages and images that fix several bugsThis release includes a security update for Red Hat OpenShift Container Platform 410Red Hat Pr ...
Red Hat: Important: Red Hat OpenStack Platform 17.0 (etcd) security update
Synopsis Important: Red Hat OpenStack Platform 170 (etcd) security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for etcd is now available for Red Hat OpenStack Platform 170(Wallaby)Red Hat Product S ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory ...

References

CWE-400https://github.com/go-yaml/yaml/releases/tag/v2.2.4https://pkg.go.dev/vuln/GO-2022-0956https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5https://lists.debian.org/debian-lts-announce/2023/07/msg00001.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/https://nvd.nist.govhttps://access.redhat.com/errata/RHSA-2023:0899https://access.redhat.com/security/cve/cve-2022-3064
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925CVE-2023-41826LFICVE-2022-22364CVE-2024-2887command injectionremote code executionCVE-2024-34446CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook