{"dataType":"CVE_RECORD","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2022-41854","assignerOrgId":"14ed7db2-1595-443d-9d34-6215bf890778","assignerShortName":"Google","dateUpdated":"2024-09-16T16:24:11.627Z","dateReserved":"2022-09-30T00:00:00.000Z","datePublished":"2022-11-11T13:10:10.912Z"},"containers":{"cna":{"title":"Stack Overflow in Snakeyaml","datePublic":"2022-09-11T00:00:00.000Z","providerMetadata":{"orgId":"14ed7db2-1595-443d-9d34-6215bf890778","shortName":"Google","dateUpdated":"2024-06-21T19:06:02.723Z"},"descriptions":[{"lang":"en","value":"Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack."}],"affected":[{"vendor":"SnakeYaml","product":"SnakeYaml","versions":[{"version":"unspecified","lessThan":"1.32","status":"affected","versionType":"custom"}]}],"references":[{"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355"},{"name":"FEDORA-2022-c01dd659fa","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR/"},{"name":"FEDORA-2022-8a4e8aa190","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J/"},{"name":"FEDORA-2023-27ec59a486","tags":["vendor-advisory"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE/"},{"url":"https://security.netapp.com/advisory/ntap-20240315-0009/"},{"url":"https://security.netapp.com/advisory/ntap-20240621-0006/"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":5.8,"baseSeverity":"MEDIUM"}}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-121 Stack-based Buffer Overflow","cweId":"CWE-121"}]}],"x_generator":{"engine":"Vulnogram 0.0.9"},"source":{"discovery":"INTERNAL"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T12:56:38.200Z"},"title":"CVE Program Container","references":[{"url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355","tags":["x_transferred"]},{"name":"FEDORA-2022-c01dd659fa","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MKE4XWRXTH32757H7QJU4ACS67DYDCR/"},{"name":"FEDORA-2022-8a4e8aa190","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KSPAJ5Y45A4ZDION2KN5RDWLHK4XKY2J/"},{"name":"FEDORA-2023-27ec59a486","tags":["vendor-advisory","x_transferred"],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3DDXEXXWAZGF5AVHIPGFPXIWL6TSMKJE/"},{"url":"https://security.netapp.com/advisory/ntap-20240315-0009/","tags":["x_transferred"]},{"url":"https://security.netapp.com/advisory/ntap-20240621-0006/","tags":["x_transferred"]}]}]},"dataVersion":"5.1"}