The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
{ "vanir_signatures": [ { "digest": { "function_hash": "239438786653537449590110276851816683172", "length": 271.0 }, "id": "CVE-2022-25857-006d62f5", "signature_type": "Function", "deprecated": false, "source": "https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174", "signature_version": "v1", "target": { "function": "parseOpenUnmatchedMappings", "file": "src/test/java/org/yaml/snakeyaml/issues/issue525/FuzzyStackOverflowTest.java" } }, { "digest": { "threshold": 0.9, "line_hashes": [ "172088587160552531677850223176584493064", "244938593000605674028086508444777459239", "55067668306151051987924510253719878166", "293086855424711392895827944346135092590", "262267095515591034685714514496402413651", "106797580481561201924673539202689349018", "166275076043695401277806739211054882303", "134427505723961742863583914008168525697", "45252234660434442501890255925268719264", "274028383082699315728665286878476784713", "96022911210163628385842658062401795197", "266045652731794955472104625444536237016" ] }, "id": "CVE-2022-25857-1d38c252", "signature_type": "Line", "deprecated": false, "source": "https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174", "signature_version": "v1", "target": { "file": "src/main/java/org/yaml/snakeyaml/LoaderOptions.java" } }, { "digest": { "function_hash": "119179085145283519965329829985739268890", "length": 1263.0 }, "id": "CVE-2022-25857-37063454", "signature_type": "Function", "deprecated": false, "source": "https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174", "signature_version": "v1", "target": { "function": "composeNode", "file": "src/main/java/org/yaml/snakeyaml/composer/Composer.java" } }, { "digest": { "function_hash": "159220100998292972942965679240564220706", "length": 271.0 }, "id": "CVE-2022-25857-401069a7", "signature_type": "Function", "deprecated": false, "source": "https://bitbucket.org/snakeyaml/snakeyaml@fc300780da21f4bb92c148bc90257201220cf174", "signature_version": "v1", "target": { "function": "parseOpenUnmatchedSequences_47027", "file": "src/test/java/org/yaml/snakeyaml/issues/issue526/Fuzzy47027Test.java" } }, { "digest": { "function_hash": "150754283751879570437190249844432699691", "length": 418.0 }, "id": "CVE-2022-25857-55836fbe", "signature_type": "Function", "deprecated": false, "source": "https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174", "signature_version": "v1", "target": { "function": "Composer", "file": "src/main/java/org/yaml/snakeyaml/composer/Composer.java" } }, { "digest": { "threshold": 0.9, "line_hashes": [ "172088587160552531677850223176584493064", "244938593000605674028086508444777459239", "55067668306151051987924510253719878166", "293086855424711392895827944346135092590", "262267095515591034685714514496402413651", "106797580481561201924673539202689349018", "166275076043695401277806739211054882303", "134427505723961742863583914008168525697", "45252234660434442501890255925268719264", "274028383082699315728665286878476784713", "96022911210163628385842658062401795197", "266045652731794955472104625444536237016" ] }, "id": "CVE-2022-25857-55bc7689", "signature_type": "Line", "deprecated": false, "source": "https://bitbucket.org/snakeyaml/snakeyaml@fc300780da21f4bb92c148bc90257201220cf174", "signature_version": "v1", "target": { "file": "src/main/java/org/yaml/snakeyaml/LoaderOptions.java" } }, { "digest": { "threshold": 0.9, "line_hashes": [ "295520267366921903097860262107553166353", "133158486339981884692337772864803685083", "7233223407548863567969080375606942550", "230133757062160650885927895187725864662", "283139147888842812412705013308359852256", "41798650066296959241780339232755397284", "122043736470171402617668963069565530658", "23880187810273863983041951330752493639", "256479008953604239817989928509391715540", "215868212175478126338011715985795744458", "221829036524560989449802199208510778184", "320520220160282761797254653118044916819", "219422239159905425595479221288094625410", "271866660454015122785245234625630496378" ] }, "id": "CVE-2022-25857-6cd545be", "signature_type": "Line", "deprecated": false, "source": "https://bitbucket.org/snakeyaml/snakeyaml@fc300780da21f4bb92c148bc90257201220cf174", "signature_version": "v1", "target": { "file": "src/test/java/org/yaml/snakeyaml/issues/issue527/Fuzzy47047Test.java" } }, { "digest": { "threshold": 0.9, "line_hashes": [ "113309236038636199022034014164903210763", "117650737629038587401034815143885855657", "251395117034294805577650575814286121727", "31382794272325247416596436160298690284", "120313633220667940119300971776894023856", "18791454666959153746439986829321225973", "23133785366221354339344789731256816774", "308320194360792723784349973988075582673", "197298619941169286268618572650010535159", "123508114098712961393538985744815395640", "334420441819329747007469335202187098326", "278023792048644293141998556222317280644", "226769719792417216413433721846357562332", "18040415509453347464566912558303007170", "205159407289274700690682192100102417445", "203054892612159409124637067683399724713", "202403986334047268773923614378023377595", "109423075652176615728506169652203114253", "137977929796918055236787570754635447013", "149604430419866188410307242632652270885", "134393612355731715071947211491211408216", "278653997279953243690910110710372215802" ] }, "id": "CVE-2022-25857-6e99703c", "signature_type": "Line", "deprecated": false, "source": "https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174", "signature_version": "v1", "target": { "file": "src/main/java/org/yaml/snakeyaml/composer/Composer.java" } }, { "digest": { "threshold": 0.9, "line_hashes": [ "172422529463927747712476192038850485653", "338616610426455163763251699937190993012", "338975693600697196677966839634556157448", "127989477276457695363469788528311163209", "153130406837173450273842770579218396440", "338155960010132724203478133203602332379", "80696907185986919961918654747379130711", "251664571347056276760943985823515001333", "173300840356525095190350598494687059928", "77974730922832259238855279701534471099", "271279709492268357084879872228739038649", "14171092725079072824989294136153038818", "200451921049994512242343738780317721068", "60482442921764873067607014151901295216", "328261480946231287663220941240465800724" ] }, "id": "CVE-2022-25857-7edbbfac", "signature_type": "Line", "deprecated": false, "source": "https://bitbucket.org/snakeyaml/snakeyaml@fc300780da21f4bb92c148bc90257201220cf174", "signature_version": "v1", "target": { "file": "src/test/java/org/yaml/snakeyaml/issues/issue377/ReferencesTest.java" } }, { "digest": { "function_hash": "150754283751879570437190249844432699691", "length": 418.0 }, "id": "CVE-2022-25857-7fbad477", "signature_type": "Function", "deprecated": false, "source": "https://bitbucket.org/snakeyaml/snakeyaml@fc300780da21f4bb92c148bc90257201220cf174", "signature_version": "v1", "target": { "function": "Composer", "file": "src/main/java/org/yaml/snakeyaml/composer/Composer.java" } }, { "digest": { "function_hash": "273730009474068722593356532993812943962", "length": 530.0 }, "id": "CVE-2022-25857-8295bbb7", "signature_type": "Function", "deprecated": false, "source": "https://bitbucket.org/snakeyaml/snakeyaml@fc300780da21f4bb92c148bc90257201220cf174", "signature_version": "v1", "target": { "function": "referencesWithRestrictedAliases", "file": "src/test/java/org/yaml/snakeyaml/issues/issue377/ReferencesTest.java" } }, { "digest": { "function_hash": "273730009474068722593356532993812943962", "length": 530.0 }, "id": "CVE-2022-25857-92052e04", "signature_type": "Function", "deprecated": false, "source": "https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174", "signature_version": "v1", "target": { "function": "referencesWithRestrictedAliases", "file": "src/test/java/org/yaml/snakeyaml/issues/issue377/ReferencesTest.java" } }, { "digest": { "function_hash": "239438786653537449590110276851816683172", "length": 271.0 }, "id": "CVE-2022-25857-935dba53", "signature_type": "Function", "deprecated": false, "source": "https://bitbucket.org/snakeyaml/snakeyaml@fc300780da21f4bb92c148bc90257201220cf174", "signature_version": "v1", "target": { "function": "parseOpenUnmatchedMappings", "file": "src/test/java/org/yaml/snakeyaml/issues/issue525/FuzzyStackOverflowTest.java" } }, { "digest": { "threshold": 0.9, "line_hashes": [ "130308785247966546998184798824807958145", "133158486339981884692337772864803685083", "158766646830945535607433977802154381384", "54354672551834407857797221661430969627", "65473092027985939177263147424890057346", "52093663781003956201098469256227222614", "141538158309789540636248193090825557521", "246619200327284577593510640618025705748", "215868212175478126338011715985795744458", "221829036524560989449802199208510778184", "320520220160282761797254653118044916819", "219422239159905425595479221288094625410", "271866660454015122785245234625630496378" ] }, "id": "CVE-2022-25857-970d69dd", "signature_type": "Line", "deprecated": false, "source": "https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174", "signature_version": "v1", "target": { "file": "src/test/java/org/yaml/snakeyaml/issues/issue525/FuzzyStackOverflowTest.java" } }, { "digest": { "threshold": 0.9, "line_hashes": [ "130308785247966546998184798824807958145", "133158486339981884692337772864803685083", "158766646830945535607433977802154381384", "54354672551834407857797221661430969627", "65473092027985939177263147424890057346", "52093663781003956201098469256227222614", "141538158309789540636248193090825557521", "246619200327284577593510640618025705748", "215868212175478126338011715985795744458", "221829036524560989449802199208510778184", "320520220160282761797254653118044916819", "219422239159905425595479221288094625410", "271866660454015122785245234625630496378" ] }, "id": "CVE-2022-25857-9e3e3543", "signature_type": "Line", "deprecated": false, "source": "https://bitbucket.org/snakeyaml/snakeyaml@fc300780da21f4bb92c148bc90257201220cf174", "signature_version": "v1", "target": { "file": "src/test/java/org/yaml/snakeyaml/issues/issue525/FuzzyStackOverflowTest.java" } }, { "digest": { "threshold": 0.9, "line_hashes": [ "67419669458441990514606090607083692175", "133158486339981884692337772864803685083", "158766646830945535607433977802154381384", "54354672551834407857797221661430969627", "215868212175478126338011715985795744458", "221829036524560989449802199208510778184", "320520220160282761797254653118044916819", "219422239159905425595479221288094625410", "271866660454015122785245234625630496378" ] }, "id": "CVE-2022-25857-a4e03b37", "signature_type": "Line", "deprecated": false, "source": "https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174", "signature_version": "v1", "target": { "file": "src/test/java/org/yaml/snakeyaml/issues/issue526/Fuzzy47027Test.java" } }, { "digest": { "threshold": 0.9, "line_hashes": [ "295520267366921903097860262107553166353", "133158486339981884692337772864803685083", "7233223407548863567969080375606942550", "230133757062160650885927895187725864662", "283139147888842812412705013308359852256", "41798650066296959241780339232755397284", "122043736470171402617668963069565530658", "23880187810273863983041951330752493639", "256479008953604239817989928509391715540", "215868212175478126338011715985795744458", "221829036524560989449802199208510778184", "320520220160282761797254653118044916819", "219422239159905425595479221288094625410", "271866660454015122785245234625630496378" ] }, "id": "CVE-2022-25857-beb57d30", "signature_type": "Line", "deprecated": false, "source": "https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174", "signature_version": "v1", "target": { "file": "src/test/java/org/yaml/snakeyaml/issues/issue527/Fuzzy47047Test.java" } }, { "digest": { "function_hash": "51011270156894930279913645410634470792", "length": 271.0 }, "id": "CVE-2022-25857-bf391452", "signature_type": "Function", "deprecated": false, "source": "https://bitbucket.org/snakeyaml/snakeyaml@fc300780da21f4bb92c148bc90257201220cf174", "signature_version": "v1", "target": { "function": "parseOpenUnmatchedSequences_47047", "file": "src/test/java/org/yaml/snakeyaml/issues/issue527/Fuzzy47047Test.java" } }, { "digest": { "function_hash": "51011270156894930279913645410634470792", "length": 271.0 }, "id": "CVE-2022-25857-caf144d1", "signature_type": "Function", "deprecated": false, "source": "https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174", "signature_version": "v1", "target": { "function": "parseOpenUnmatchedSequences_47047", "file": "src/test/java/org/yaml/snakeyaml/issues/issue527/Fuzzy47047Test.java" } }, { "digest": { "threshold": 0.9, "line_hashes": [ "113309236038636199022034014164903210763", "117650737629038587401034815143885855657", "251395117034294805577650575814286121727", "31382794272325247416596436160298690284", "120313633220667940119300971776894023856", "18791454666959153746439986829321225973", "23133785366221354339344789731256816774", "308320194360792723784349973988075582673", "197298619941169286268618572650010535159", "123508114098712961393538985744815395640", "334420441819329747007469335202187098326", "278023792048644293141998556222317280644", "226769719792417216413433721846357562332", "18040415509453347464566912558303007170", "205159407289274700690682192100102417445", "203054892612159409124637067683399724713", "202403986334047268773923614378023377595", "109423075652176615728506169652203114253", "137977929796918055236787570754635447013", "149604430419866188410307242632652270885", "134393612355731715071947211491211408216", "278653997279953243690910110710372215802" ] }, "id": "CVE-2022-25857-cb088712", "signature_type": "Line", "deprecated": false, "source": "https://bitbucket.org/snakeyaml/snakeyaml@fc300780da21f4bb92c148bc90257201220cf174", "signature_version": "v1", "target": { "file": "src/main/java/org/yaml/snakeyaml/composer/Composer.java" } }, { "digest": { "threshold": 0.9, "line_hashes": [ "67419669458441990514606090607083692175", "133158486339981884692337772864803685083", "158766646830945535607433977802154381384", "54354672551834407857797221661430969627", "215868212175478126338011715985795744458", "221829036524560989449802199208510778184", "320520220160282761797254653118044916819", "219422239159905425595479221288094625410", "271866660454015122785245234625630496378" ] }, "id": "CVE-2022-25857-cf2836b3", "signature_type": "Line", "deprecated": false, "source": "https://bitbucket.org/snakeyaml/snakeyaml@fc300780da21f4bb92c148bc90257201220cf174", "signature_version": "v1", "target": { "file": "src/test/java/org/yaml/snakeyaml/issues/issue526/Fuzzy47027Test.java" } }, { "digest": { "threshold": 0.9, "line_hashes": [ "172422529463927747712476192038850485653", "338616610426455163763251699937190993012", "338975693600697196677966839634556157448", "127989477276457695363469788528311163209", "153130406837173450273842770579218396440", "338155960010132724203478133203602332379", "80696907185986919961918654747379130711", "251664571347056276760943985823515001333", "173300840356525095190350598494687059928", "77974730922832259238855279701534471099", "271279709492268357084879872228739038649", "14171092725079072824989294136153038818", "200451921049994512242343738780317721068", "60482442921764873067607014151901295216", "328261480946231287663220941240465800724" ] }, "id": "CVE-2022-25857-d6d2d1bf", "signature_type": "Line", "deprecated": false, "source": "https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174", "signature_version": "v1", "target": { "file": "src/test/java/org/yaml/snakeyaml/issues/issue377/ReferencesTest.java" } }, { "digest": { "function_hash": "159220100998292972942965679240564220706", "length": 271.0 }, "id": "CVE-2022-25857-ea48db95", "signature_type": "Function", "deprecated": false, "source": "https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174", "signature_version": "v1", "target": { "function": "parseOpenUnmatchedSequences_47027", "file": "src/test/java/org/yaml/snakeyaml/issues/issue526/Fuzzy47027Test.java" } }, { "digest": { "function_hash": "119179085145283519965329829985739268890", "length": 1263.0 }, "id": "CVE-2022-25857-f3dea828", "signature_type": "Function", "deprecated": false, "source": "https://bitbucket.org/snakeyaml/snakeyaml@fc300780da21f4bb92c148bc90257201220cf174", "signature_version": "v1", "target": { "function": "composeNode", "file": "src/main/java/org/yaml/snakeyaml/composer/Composer.java" } } ] }