Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2021-4235HistoryDec 27, 2022 - 10:15 p.m.
CVE-2021-4235
2022-12-2722:15:11
Debian Security Bug Tracker
security-tracker.debian.org
10
cve-2021-4235
yaml file
denial of service
unix
system resources
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
23.3%
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | golang-yaml.v2 | < 2.2.8-1 | golang-yaml.v2_2.2.8-1_all.deb |
| Debian | 11 | all | golang-yaml.v2 | < 2.2.8-1 | golang-yaml.v2_2.2.8-1_all.deb |
| Debian | 999 | all | golang-yaml.v2 | < 2.2.8-1 | golang-yaml.v2_2.2.8-1_all.deb |
| Debian | 13 | all | golang-yaml.v2 | < 2.2.8-1 | golang-yaml.v2_2.2.8-1_all.deb |
Related
veracode
veracode
Denial Of Service (DoS)
2022-12-30 10:49:32
ubuntucve
ubuntucve
CVE-2021-4235
2022-12-27 00:00:00
wolfi
wolfi
CVE-2021-4235 vulnerabilities
2024-07-09 09:08:46
gitlab
gitlab
YAML Go package vulnerable to denial of service
2022-12-28 00:00:00
Uncontrolled Resource Consumption
2022-12-27 00:00:00
cgr
cgr
CVE-2021-4235 vulnerabilities
2024-05-19 03:07:16
cbl_mariner
cbl_mariner
CVE-2021-4235 affecting package etcd 3.5.1-6
2022-12-27 17:58:52
osv
osv
Denial of service in gopkg.in/yaml.v2
2021-04-14 20:04:52
YAML Go package vulnerable to denial of service
2022-12-28 00:30:23
CVE-2021-4235
2022-12-27 22:15:11
cve
cve
CVE-2021-4235
2022-12-27 22:15:11
github
github
YAML Go package vulnerable to denial of service
2022-12-28 00:30:23
cvelist
cvelist
CVE-2021-4235 Denial of service in gopkg.in/yaml.v2
2022-12-27 21:13:42
redhat
redhat
nvd
nvd
CVE-2021-4235
2022-12-27 22:15:11
prion
prion
Denial of service
2022-12-27 22:15:00
redhatcve
redhatcve
CVE-2021-4235
2022-12-28 11:35:02
openvas
openvas
Debian: Security Advisory (DLA-3479-1)
2023-07-06 00:00:00
Ubuntu: Security Advisory (USN-6287-1)
2023-08-14 00:00:00
nessus
nessus
Debian DLA-3479-1 : golang-yaml.v2 - LTS security update
2023-07-06 00:00:00
RHCOS 4 : OpenShift Container Platform 4.12.0 (RHSA-2022:7398)
2024-01-24 00:00:00
ubuntu
ubuntu
Go yaml vulnerabilities
2023-08-14 00:00:00
debian
debian
[SECURITY] [DLA 3479-1] golang-yaml.v2 security update
2023-07-05 20:29:31
ibm
ibm
Security Bulletin: IBM Planning Analytics Connector for SAP is affected by security vulnerabilities
2024-04-02 18:29:22
Security Bulletin: IBM Storage Fusion and IBM Storage Fusion HCI may be vulnerable to denial of service and link following via Go-Yaml, kube-apiserver, Golang Go and Beego
2023-08-29 21:46:23
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
2023-07-03 18:48:48
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
23.3%
Related for DEBIANCVE:CVE-2021-4235