Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-sqsn-ygsg-yfdu
Vulnerability ID VCID-sqsn-ygsg-yfdu
Aliases CVE-2022-41854
GHSA-w37g-rhq8-7m4j
Summary Snakeyaml vulnerable to Stack overflow leading to denial of service Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-121 Stack-based Buffer Overflow
CWE-787 Out-of-bounds Write
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
cvssv3 6.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41854.json
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-41854
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-41854
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-41854
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-41854
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-41854
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-41854
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-41854
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-41854
epss 0.00077 https://api.first.org/data/v1/epss?cve=CVE-2022-41854
epss 0.00103 https://api.first.org/data/v1/epss?cve=CVE-2022-41854
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2022-41854
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2022-41854
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2022-41854
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2022-41854
epss 0.00116 https://api.first.org/data/v1/epss?cve=CVE-2022-41854
epss 0.00123 https://api.first.org/data/v1/epss?cve=CVE-2022-41854
epss 0.00123 https://api.first.org/data/v1/epss?cve=CVE-2022-41854
cvssv3.1 6.5 https://bitbucket.org/snakeyaml/snakeyaml
generic_textual MODERATE https://bitbucket.org/snakeyaml/snakeyaml
cvssv3.1 6.5 https://bitbucket.org/snakeyaml/snakeyaml/commits/e230a1758842beec93d28eddfde568c21774780a
generic_textual MODERATE https://bitbucket.org/snakeyaml/snakeyaml/commits/e230a1758842beec93d28eddfde568c21774780a
cvssv3.1 6.5 https://bitbucket.org/snakeyaml/snakeyaml/issues/531
generic_textual MODERATE https://bitbucket.org/snakeyaml/snakeyaml/issues/531
cvssv3.1 6.5 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355
generic_textual MODERATE https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355
cvssv3.1 5.3 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-w37g-rhq8-7m4j
cvssv3.1 6.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE
cvssv3.1 6.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR
cvssv3.1 6.5 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J
cvssv3.1 6.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE
cvssv3.1 6.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR
cvssv3.1 6.5 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J
generic_textual MODERATE https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J
cvssv3.1 6.5 https://nvd.nist.gov/vuln/detail/CVE-2022-41854
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2022-41854
cvssv3.1 6.5 https://security.netapp.com/advisory/ntap-20240315-0009
generic_textual MODERATE https://security.netapp.com/advisory/ntap-20240315-0009
cvssv3.1 6.5 https://security.netapp.com/advisory/ntap-20240621-0006
generic_textual MODERATE https://security.netapp.com/advisory/ntap-20240621-0006
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41854.json
https://api.first.org/data/v1/epss?cve=CVE-2022-41854
https://bitbucket.org/snakeyaml/snakeyaml
https://bitbucket.org/snakeyaml/snakeyaml/commits/e230a1758842beec93d28eddfde568c21774780a
https://bitbucket.org/snakeyaml/snakeyaml/issues/531
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41854
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J
https://nvd.nist.gov/vuln/detail/CVE-2022-41854
https://security.netapp.com/advisory/ntap-20240315-0009
https://security.netapp.com/advisory/ntap-20240621-0006
2151988 https://bugzilla.redhat.com/show_bug.cgi?id=2151988
GHSA-w37g-rhq8-7m4j https://github.com/advisories/GHSA-w37g-rhq8-7m4j
RHSA-2023:0577 https://access.redhat.com/errata/RHSA-2023:0577
RHSA-2023:2100 https://access.redhat.com/errata/RHSA-2023:2100
RHSA-2023:2705 https://access.redhat.com/errata/RHSA-2023:2705
RHSA-2023:2706 https://access.redhat.com/errata/RHSA-2023:2706
RHSA-2023:2707 https://access.redhat.com/errata/RHSA-2023:2707
RHSA-2023:2710 https://access.redhat.com/errata/RHSA-2023:2710
RHSA-2023:2713 https://access.redhat.com/errata/RHSA-2023:2713
RHSA-2023:3373 https://access.redhat.com/errata/RHSA-2023:3373
RHSA-2023:3641 https://access.redhat.com/errata/RHSA-2023:3641
RHSA-2023:4627 https://access.redhat.com/errata/RHSA-2023:4627
RHSA-2023:4983 https://access.redhat.com/errata/RHSA-2023:4983
RHSA-2023:7697 https://access.redhat.com/errata/RHSA-2023:7697
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41854.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://bitbucket.org/snakeyaml/snakeyaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://bitbucket.org/snakeyaml/snakeyaml/commits/e230a1758842beec93d28eddfde568c21774780a
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://bitbucket.org/snakeyaml/snakeyaml/issues/531
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2022-41854
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20240315-0009
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H Found at https://security.netapp.com/advisory/ntap-20240621-0006
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.23124
EPSS Score 0.00077
Published At April 2, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:07:12.621409+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/11/GHSA-w37g-rhq8-7m4j/GHSA-w37g-rhq8-7m4j.json 38.0.0