Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-28948

Опубликовано: 19 мая 2022
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.

A flaw was found in the Unmarshal function in Go-Yaml. This vulnerability results in program crashes when attempting to convert (or deserialize) invalid input data, potentially impacting system stability and reliability.

Отчет

Red Hat has designated the CVE rating as 'moderate' as exploitation of Red Hat products is contingent upon the attacker being authenticated when sending the malicious XML payload.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
cert-manager Operator for Red Hat OpenShiftcert-manager/cert-manager-operator-rhel9Not affected
cert-manager Operator for Red Hat OpenShiftcert-manager/jetstack-cert-manager-rhel9Not affected
Cost Management Metrics Operatorcostmanagement/costmanagement-metrics-rhel8-operatorNot affected
Custom Metric Autoscaler operator for Red Hat Openshiftcustom-metrics-autoscaler/custom-metrics-autoscaler-rhel8Not affected
Custom Metric Autoscaler operator for Red Hat Openshiftcustom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operatorNot affected
Migration Toolkit for Applications 6mta/mta-admin-addon-rhel8Not affected
Migration Toolkit for Applications 6mta/mta-hub-rhel8Not affected
Migration Toolkit for Applications 6mta/mta-windup-addon-rhel9Not affected
Migration Toolkit for Containersrhmtc/openshift-migration-controller-rhel8Not affected
Migration Toolkit for Containersrhmtc/openshift-migration-velero-plugin-for-aws-rhel8Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-502
https://bugzilla.redhat.com/show_bug.cgi?id=2088748golang-gopkg-yaml: crash when attempting to deserialize invalid input

EPSS

Процентиль: 81%
0.01524
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-28948

CVSS3: 7.5
ubuntu
больше 3 лет назад

An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.

nvd логотип

CVE-2022-28948

CVSS3: 7.5
nvd
больше 3 лет назад

An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.

msrc логотип

CVE-2022-28948

CVSS3: 7.5
msrc
больше 2 лет назад

Описание отсутствует

debian логотип

CVE-2022-28948

CVSS3: 7.5
debian
больше 3 лет назад

An issue in the Unmarshal function in Go-Yaml v3 causes the program to ...

suse-cvrf логотип

SUSE-SU-2025:03001-1

suse-cvrf
5 месяцев назад

Security update for ignition

EPSS

Процентиль: 81%
0.01524
Низкий

7.5 High

CVSS3

Уязвимость CVE-2022-28948