CVE-2021-4235

Опубликовано: 27 дек. 2022

Источник: debian

Описание

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
golang-yaml.v2	fixed	2.2.8-1		package

Примечания

https://github.com/go-yaml/yaml/commit/bb4e33bf68bf89cad44d386192cbed201f35b241 (v2.2.3)
https://github.com/go-yaml/yaml/pull/375
https://pkg.go.dev/vuln/GO-2021-0061

Связанные уязвимости

CVE-2021-4235

CVSS3: 5.5

ubuntu

около 3 лет назад

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.

CVE-2021-4235

CVSS3: 5.5

redhat

около 3 лет назад

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.

CVE-2021-4235

CVSS3: 5.5

nvd

около 3 лет назад

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.

CVE-2021-4235

CVSS3: 5.5

msrc

около 3 лет назад

Описание отсутствует

GHSA-r88r-gmrh-7j83

CVSS3: 5.5

github

около 3 лет назад

YAML Go package vulnerable to denial of service