CVE-2022-38751

Published Sep 5, 2022

Last updated 8 months ago

Overview

Description
Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.
Source
cve-coordination@google.com
NVD status
Modified

Risk scores

CVSS 3.1

Type
Primary
Base score
6.5
Impact score
3.6
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Severity
MEDIUM

Weaknesses

nvd@nist.gov
CWE-787
cve-coordination@google.com
CWE-121

Social media

Hype score
Not currently trending

Configurations