Vulnerability Details : CVE-2022-3064
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
Products affected by CVE-2022-3064
- cpe:2.3:a:yaml_project:yaml:*:*:*:*:*:go:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-3064
0.72%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-3064
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2022-3064
-
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-3064
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
[SECURITY] Fedora 38 Update: moby-engine-24.0.5-1.fc38 - package-announce - Fedora Mailing-Lists
-
https://pkg.go.dev/vuln/GO-2022-0956
GO-2022-0956 - Go PackagesPatch;Vendor Advisory
-
https://github.com/go-yaml/yaml/releases/tag/v2.2.4
Release v2.2.4: Improve heuristics preventing CPU/memory abuse (#515) · go-yaml/yaml · GitHubRelease Notes;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
[SECURITY] Fedora 39 Update: moby-engine-24.0.5-1.fc39 - package-announce - Fedora Mailing-Lists
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
[SECURITY] Fedora 37 Update: moby-engine-24.0.5-1.fc37 - package-announce - Fedora Mailing-Lists
-
https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5
Improve heuristics preventing CPU/memory abuse (#515) · go-yaml/yaml@f221b84 · GitHubPatch;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2023/07/msg00001.html
[SECURITY] [DLA 3479-1] golang-yaml.v2 security update
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/
[SECURITY] Fedora 38 Update: exercism-3.2.0-1.fc38 - package-announce - Fedora Mailing-Lists
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/
[SECURITY] Fedora 37 Update: exercism-3.2.0-1.fc37 - package-announce - Fedora Mailing-Lists
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/
[SECURITY] Fedora 39 Update: exercism-3.2.0-1.fc39 - package-announce - Fedora Mailing-Lists
Jump to