VulnerableCode Package Details - pkg:deb/debian/snakeyaml@1.12-2

Search for packages

Vulnerability	Summary	Fixed by
VCID-4nu3-fknt-puej Aliases: CVE-2022-38750 GHSA-hhhw-99gj-p3c3	snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.	1.28-1+deb11u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-6354-p39b-zbhp Aliases: CVE-2022-38749 GHSA-c4r9-r8fh-9vj2	snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.	1.28-1+deb11u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-e8hu-czv4-yyc5 Aliases: CVE-2017-18640 GHSA-rvwf-54qp-4r6v	SnakeYAML Entity Expansion during load operation The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.	1.28-1+deb11u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-mm3e-4pej-byed Aliases: CVE-2022-25857 GHSA-3mc7-4q67-w48m	Uncontrolled Resource Consumption in snakeyaml The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.	1.28-1+deb11u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-qxfs-sq38-jfad Aliases: CVE-2022-38751 GHSA-98wm-3w3q-mw94	snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.	1.28-1+deb11u2 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-4nu3-fknt-puej
Aliases:
CVE-2022-38750
GHSA-hhhw-99gj-p3c3

snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stackoverflow.