Vulnerability Database
Blog
FAQ
Docs
GHSA-6q6q-88xp-6f2r
Suggest an improvement
Source
https://github.com/advisories/GHSA-6q6q-88xp-6f2r
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/12/GHSA-6q6q-88xp-6f2r/GHSA-6q6q-88xp-6f2r.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-6q6q-88xp-6f2r
Aliases
CVE-2022-3064
GO-2022-0956
Related
CGA-p74j-c7hx-fggj
Published
2022-12-28T00:30:22Z
Modified
2024-09-11T06:12:58.017597Z
Severity
7.5 (High)
CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS Calculator
Summary
yaml package for Go can consume excessive amounts of CPU or memory
Details
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory
References
https://nvd.nist.gov/vuln/detail/CVE-2022-3064
https://github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5
https://github.com/go-yaml/yaml
https://github.com/go-yaml/yaml/releases/tag/v2.2.4
https://lists.debian.org/debian-lts-announce/2023/07/msg00001.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI
https://pkg.go.dev/vuln/GO-2022-0956
Affected packages
Go
/
gopkg.in/yaml.v2
Package
Name
gopkg.in/yaml.v2
View open source insights on deps.dev
Purl
pkg:golang/gopkg.in/yaml.v2
Affected ranges
Type
SEMVER
Events
Introduced
0
Unknown introduced version / All previous versions are affected
Fixed
2.2.4
GHSA-6q6q-88xp-6f2r - OSV