First published: Mon Sep 05 2022(Updated: )
A flaw was found in the snakeyaml package due to a stack-overflow in parsing YAML files. By persuading a victim to open a specially-crafted file, a remote attacker could cause the application to crash.
Credit: cve-coordination@google.com cve-coordination@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/candlepin | <0:4.2.13-1.el8 | 0:4.2.13-1.el8 |
redhat/rh-sso7-keycloak | <0:18.0.6-1.redhat_00001.1.el7 | 0:18.0.6-1.redhat_00001.1.el7 |
redhat/rh-sso7-keycloak | <0:18.0.6-1.redhat_00001.1.el8 | 0:18.0.6-1.redhat_00001.1.el8 |
redhat/rh-sso7-keycloak | <0:18.0.6-1.redhat_00001.1.el9 | 0:18.0.6-1.redhat_00001.1.el9 |
maven/org.yaml:snakeyaml | <1.31 | 1.31 |
IBM Cloud Pak for Business Automation | <=V22.0.2 - V22.0.2-IF001 | |
IBM Cloud Pak for Business Automation | <=V21.0.3 - V21.0.3-IF017 | |
IBM Cloud Pak for Business Automation | <=V22.0.1 - V22.0.1-IF006 and later fixes V21.0.2 - V21.0.2-IF012 and later fixesV21.0.1 - V21.0.1-IF007 and later fixesV20.0.1 - V20.0.3 and later fixesV19.0.1 - V19.0.3 and later fixesV18.0.0 - V18.0.2 and later fixes | |
Snakeyaml | <1.31 | |
Debian Linux | =10.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)
CVE-2022-38751 is a vulnerability found in the snakeyaml package that can be exploited for Denial of Service attacks.
The severity of CVE-2022-38751 is medium, with a CVSS score of 6.5.
The candlepin package with version 0:4.2.13-1.el8 is affected by CVE-2022-38751.
The rh-sso7-keycloak package with versions 0:18.0.6-1.redhat_00001.1.el7, 0:18.0.6-1.redhat_00001.1.el8, and 0:18.0.6-1.redhat_00001.1.el9 are affected by CVE-2022-38751.
Yes, a fix is available for CVE-2022-38751. Please refer to the Red Hat security advisory RHSA-2022:8876 for more information.