Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-3064

Опубликовано: 29 авг. 2022
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.

A flaw was found in go-yaml. This issue causes the consumption of excessive amounts of CPU or memory when attempting to parse a large or maliciously crafted YAML document.

Отчет

RHC package for Red Hat Enterprise Linux 9 mark as Low severity as we do ship the affected code but it's not easily exposed because YAML files are not parsed by RHC.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
cert-manager Operator for Red Hat OpenShiftcert-manager/cert-manager-operator-rhel9Not affected
cert-manager Operator for Red Hat OpenShiftcert-manager/jetstack-cert-manager-rhel9Not affected
Cryostat 2cryostat-tech-preview/cryostat-rhel8-operatorWill not fix
Custom Metric Autoscaler operator for Red Hat Openshiftcustom-metrics-autoscaler/custom-metrics-autoscaler-rhel8Not affected
Custom Metric Autoscaler operator for Red Hat Openshiftcustom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-adapter-rhel8Not affected
Custom Metric Autoscaler operator for Red Hat Openshiftcustom-metrics-autoscaler-tech-preview/custom-metrics-autoscaler-rhel8-operatorNot affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/cluster-logging-rhel8-operatorNot affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/elasticsearch-proxy-rhel8Not affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/elasticsearch-rhel8-operatorNot affected
Logging Subsystem for Red Hat OpenShiftopenshift-logging/eventrouter-rhel9Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-400
https://bugzilla.redhat.com/show_bug.cgi?id=2163037go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents

EPSS

Процентиль: 82%
0.01864
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-3064

CVSS3: 7.5
ubuntu
больше 2 лет назад

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.

nvd логотип

CVE-2022-3064

CVSS3: 7.5
nvd
больше 2 лет назад

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.

msrc логотип

CVE-2022-3064

CVSS3: 7.5
msrc
10 месяцев назад

Описание отсутствует

debian логотип

CVE-2022-3064

CVSS3: 7.5
debian
больше 2 лет назад

Parsing malicious or large YAML documents can consume excessive amount ...

github логотип

GHSA-6q6q-88xp-6f2r

CVSS3: 7.5
github
больше 2 лет назад

yaml package for Go can consume excessive amounts of CPU or memory

EPSS

Процентиль: 82%
0.01864
Низкий

7.5 High

CVSS3