{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-38750", "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778", "assignerShortName": "Google", "dateUpdated": "2024-08-03T11:02:14.509Z", "dateReserved": "2022-08-25T00:00:00", "datePublished": "2022-09-05T00:00:00"}, "containers": {"cna": {"title": "DoS in SnakeYAML", "providerMetadata": {"orgId": "14ed7db2-1595-443d-9d34-6215bf890778", "shortName": "Google", "dateUpdated": "2024-03-15T11:06:04.718916"}, "descriptions": [{"lang": "en", "value": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow."}], "affected": [{"vendor": "snakeyaml", "product": "SnakeYAML", "versions": [{"version": "unspecified", "lessThan": "1.31", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027"}, {"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz-47027"}, {"name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3132-1] snakeyaml security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html"}, {"name": "GLSA-202305-28", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202305-28"}, {"url": "https://security.netapp.com/advisory/ntap-20240315-0010/"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-121 Stack-based Buffer Overflow", "cweId": "CWE-121"}]}], "x_generator": {"engine": "Vulnogram 0.0.9"}, "source": {"discovery": "INTERNAL"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T11:02:14.509Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027", "tags": ["x_transferred"]}, {"url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz-47027", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20221002 [SECURITY] [DLA 3132-1] snakeyaml security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html"}, {"name": "GLSA-202305-28", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202305-28"}, {"url": "https://security.netapp.com/advisory/ntap-20240315-0010/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:snakeyaml_project:snakeyaml:*:*:*:*:*:*:*:*", "matchCriteriaId": "4911A85B-287B-4900-8ACE-5BA60949D7BE", "versionEndExcluding": "1.31", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow."}, {"lang": "es", "value": "El uso de snakeYAML para analizar archivos YAML no confiables puede ser vulnerable a ataques de Denegaci\u00f3n de Servicio (DOS). Si el analizador es ejecutado en la entrada suministrada por el usuario, un atacante puede suministrar el contenido que hace que el analizador sea bloqueado por stackoverflow"}], "id": "CVE-2022-38750", "lastModified": "2024-03-15T11:15:08.003", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "cve-coordination@google.com", "type": "Secondary"}]}, "published": "2022-09-05T10:15:09.733", "references": [{"source": "cve-coordination@google.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz-47027"}, {"source": "cve-coordination@google.com", "tags": ["Exploit", "Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027"}, {"source": "cve-coordination@google.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html"}, {"source": "cve-coordination@google.com", "url": "https://security.gentoo.org/glsa/202305-28"}, {"source": "cve-coordination@google.com", "url": "https://security.netapp.com/advisory/ntap-20240315-0010/"}], "sourceIdentifier": "cve-coordination@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-121"}], "source": "cve-coordination@google.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2022:8876", "cpe": "cpe:/a:redhat:amq_broker:7", "package": "snakeyaml", "product_name": "Red Hat AMQ Broker 7", "release_date": "2022-12-07T00:00:00Z"}, {"advisory": "RHSA-2022:6757", "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "package": "snakeyaml", "product_name": "Red Hat build of Eclipse Vert.x 4.3.3", "release_date": "2022-10-05T00:00:00Z"}, {"advisory": "RHSA-2022:8524", "cpe": "cpe:/a:redhat:jboss_data_grid:8", "package": "snakeyaml", "product_name": "Red Hat Data Grid 8.4.0", "release_date": "2022-11-17T00:00:00Z"}, {"advisory": "RHSA-2023:2097", "cpe": "cpe:/a:redhat:satellite:6.13::el8", "package": "candlepin-0:4.2.13-1.el8sat", "product_name": "Red Hat Satellite 6.13 for RHEL 8", "release_date": "2023-05-03T00:00:00Z"}, {"advisory": "RHSA-2023:1049", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6", "package": "snakeyaml", "product_name": "Red Hat Single Sign-On 7", "release_date": "2023-03-01T00:00:00Z"}, {"advisory": "RHSA-2023:1043", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el7", "package": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el7sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 7", "release_date": "2023-03-01T00:00:00Z"}, {"advisory": "RHSA-2023:1044", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el8", "package": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el8sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 8", "release_date": "2023-03-01T00:00:00Z"}, {"advisory": "RHSA-2023:1045", "cpe": "cpe:/a:redhat:red_hat_single_sign_on:7.6::el9", "package": "rh-sso7-keycloak-0:18.0.6-1.redhat_00001.1.el9sso", "product_name": "Red Hat Single Sign-On 7.6 for RHEL 9", "release_date": "2023-03-01T00:00:00Z"}, {"advisory": "RHSA-2023:1047", "cpe": "cpe:/a:redhat:rhosemc:1.0::el8", "package": "rh-sso-7/sso76-openshift-rhel8:7.6-20", "product_name": "RHEL-8 based Middleware Containers", "release_date": "2023-03-01T00:00:00Z"}, {"advisory": "RHSA-2023:3641", "cpe": "cpe:/a:redhat:camel_spring_boot:3.18", "package": "snakeyaml", "product_name": "RHINT Camel-Springboot 3.18.3.P2", "release_date": "2023-06-15T00:00:00Z"}, {"advisory": "RHSA-2023:2100", "cpe": "cpe:/a:redhat:camel_spring_boot:3.20.1", "package": "snakeyaml", "product_name": "RHINT Camel-Springboot 3.20.1", "release_date": "2023-05-03T00:00:00Z"}], "bugzilla": {"description": "snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject", "id": "2129707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2129707"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-787", "details": ["Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.", "A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash."], "name": "CVE-2022-38750", "package_state": [{"cpe": "cpe:/a:redhat:a_mq_clients:2", "fix_state": "Not affected", "package_name": "snakeyaml", "product_name": "A-MQ Clients 2"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/elasticsearch6-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:ocp_tools", "fix_state": "Affected", "package_name": "jenkins-2-plugins", "product_name": "OpenShift Developer Tools and Services"}, {"cpe": "cpe:/a:redhat:amq_online:1", "fix_state": "Will not fix", "package_name": "snakeyaml", "product_name": "Red Hat A-MQ Online"}, {"cpe": "cpe:/a:redhat:service_registry:2", "fix_state": "Not affected", "package_name": "snakeyaml", "product_name": "Red Hat build of Apicurio Registry"}, {"cpe": "cpe:/a:redhat:quarkus:2", "fix_state": "Not affected", "package_name": "snakeyaml", "product_name": "Red Hat build of Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Out of support scope", "package_name": "snakeyaml", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "snakeyaml", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Affected", "package_name": "snakeyaml", "product_name": "Red Hat Integration Camel K"}, {"cpe": "cpe:/a:redhat:camel_quarkus:2", "fix_state": "Affected", "package_name": "snakeyaml", "product_name": "Red Hat Integration Camel Quarkus"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "snakeyaml", "product_name": "Red Hat Integration Change Data Capture"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Out of support scope", "package_name": "snakeyaml", "product_name": "Red Hat Integration Service Registry"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Out of support scope", "package_name": "snakeyaml", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_data_virtualization:6", "fix_state": "Out of support scope", "package_name": "snakeyaml", "product_name": "Red Hat JBoss Data Virtualization 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "eap6-snakeyaml", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "jbossas-modules-eap", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "jboss-on", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "keycloak-adapter-eap6", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "keycloak-adapter-sso7_2-eap6", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "keycloak-adapter-sso7_3-eap6", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "keycloak-adapter-sso7_4-eap6", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "keycloak-adapter-sso7_5-eap6", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Out of support scope", "package_name": "snakeyaml", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:7", "fix_state": "Not affected", "package_name": "snakeyaml", "product_name": "Red Hat JBoss Enterprise Application Platform 7"}, {"cpe": "cpe:/a:redhat:jbosseapxp", "fix_state": "Not affected", "package_name": "snakeyaml", "product_name": "Red Hat JBoss Enterprise Application Platform Expansion Pack"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "snakeyaml", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Will not fix", "package_name": "snakeyaml", "product_name": "Red Hat JBoss Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Out of support scope", "package_name": "snakeyaml", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3", "fix_state": "Out of support scope", "package_name": "jboss-on", "product_name": "Red Hat JBoss Operations Network 3"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3", "fix_state": "Will not fix", "package_name": "org.jboss.on-jboss-on-parent", "product_name": "Red Hat JBoss Operations Network 3"}, {"cpe": "cpe:/a:redhat:jboss_operations_network:3", "fix_state": "Out of support scope", "package_name": "snakeyaml", "product_name": "Red Hat JBoss Operations Network 3"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "openshift3/metrics-cassandra", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "openshift3/metrics-hawkular-metrics", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "openshift3/ose-metrics-cassandra", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Out of support scope", "package_name": "openshift3/ose-metrics-hawkular-metrics", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Affected", "package_name": "devspaces/idea-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3::el8", "fix_state": "Affected", "package_name": "devspaces/udi-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Out of support scope", "package_name": "snakeyaml", "product_name": "Red Hat Process Automation 7"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "puppetserver", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-maven36-byte-buddy", "product_name": "Red Hat Software Collections"}, {"cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0", "fix_state": "Will not fix", "package_name": "snakeyaml", "product_name": "Red Hat support for Spring Boot"}, {"cpe": "cpe:/a:redhat:amq_streams:1", "fix_state": "Affected", "package_name": "snakeyaml", "product_name": "streams for Apache Kafka"}], "public_date": "2022-09-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-38750\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-38750"], "statement": "Red Hat Build of Quarkus is not affected by this issue as it already includes the fixed version.\nSatellite component Candlepin does not directly use snakeyaml, so it is not affected. Regardless, an update with the latest, unaffected snakeyaml version will be provided at next release.", "threat_severity": "Moderate", "upstream_fix": "snakeyaml 1.31"}