Описание
gopkg.in/yaml.v3 Denial of Service
An issue in the Unmarshal function in Go-Yaml v3 can cause a program to panic when attempting to deserialize invalid input.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2022-28948
- https://github.com/go-yaml/yaml/issues/665
- https://github.com/go-yaml/yaml/issues/666
- https://github.com/go-yaml/yaml/commit/8f96da9f5d5eff988554c1aae1784627c4bf6754
- https://github.com/go-yaml/yaml/commit/f6f7691b1fdeb513f56608cd2c32c51f8194bf51
- https://security.netapp.com/advisory/ntap-20220923-0006
Пакеты
Наименование
gopkg.in/yaml.v3
go
Затронутые версииВерсия исправления
< 3.0.1
3.0.1
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 3 лет назад
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.
CVSS3: 7.5
redhat
больше 3 лет назад
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.
CVSS3: 7.5
nvd
больше 3 лет назад
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.
CVSS3: 7.5
debian
больше 3 лет назад
An issue in the Unmarshal function in Go-Yaml v3 causes the program to ...