Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2022-25857HistoryAug 30, 2022 - 5:15 a.m.
CVE-2022-25857
2022-08-3005:15:07
Debian Security Bug Tracker
security-tracker.debian.org
38
org.yaml:snakeyaml
vulnerability
denial of service
collections
nested depth limitation
unix
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.002
Percentile
55.6%
The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable to Denial of Service (DoS) due missing to nested depth limitation for collections.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | snakeyaml | <ย 1.31-1 | snakeyaml_1.31-1_all.deb |
| Debian | 11 | all | snakeyaml | <ย 1.28-1+deb11u1 | snakeyaml_1.28-1+deb11u1_all.deb |
| Debian | 999 | all | snakeyaml | <ย 1.31-1 | snakeyaml_1.31-1_all.deb |
| Debian | 13 | all | snakeyaml | <ย 1.31-1 | snakeyaml_1.31-1_all.deb |
Related
oraclelinux
oraclelinux
prometheus-jmx-exporter security update
2022-10-06 00:00:00
redhat
redhat
ibm
ibm
veracode
veracode
Denial Of Service (DoS)
2022-08-31 02:31:21
nvd
nvd
CVE-2022-25857
2022-08-30 05:15:07
cve
cve
CVE-2022-25857
2022-08-30 05:15:07
rocky
rocky
prometheus-jmx-exporter security update
2022-10-06 07:13:19
Satellite 6.13 Release
2023-05-05 15:39:58
ubuntucve
ubuntucve
CVE-2022-25857
2022-08-30 00:00:00
almalinux
almalinux
Moderate: prometheus-jmx-exporter security update
2022-10-06 00:00:00
cvelist
cvelist
CVE-2022-25857 Denial of Service (DoS)
2022-08-30 05:05:11
osv
osv
CVE-2022-25857
2022-08-30 05:15:07
Moderate: prometheus-jmx-exporter security update
2022-10-06 07:13:19
Moderate: prometheus-jmx-exporter security update
2022-10-06 00:00:00
nessus
nessus
Oracle Linux 8 : prometheus-jmx-exporter (ELSA-2022-6820)
2022-10-06 00:00:00
RHEL 8 : prometheus-jmx-exporter (RHSA-2022:6820)
2022-10-06 00:00:00
AlmaLinux 8 : prometheus-jmx-exporter (ALSA-2022:6820)
2022-10-08 00:00:00
redhatcve
redhatcve
CVE-2022-25857
2022-09-14 12:44:14
amazon
amazon
Important: snakeyaml
2023-03-02 22:35:00
prion
prion
Design/Logic Flaw
2022-08-30 05:15:00
rubygems
rubygems
github
github
Uncontrolled Resource Consumption in snakeyaml
2022-08-31 00:00:24
cbl_mariner
cbl_mariner
CVE-2022-25857 affecting package snakeyaml 1.25-2
2024-09-27 09:12:43
openvas
openvas
Fedora: Security Advisory for snakeyaml (FEDORA-2022-c01dd659fa)
2022-12-21 00:00:00
Fedora: Security Advisory for snakeyaml (FEDORA-2022-8a4e8aa190)
2022-12-21 00:00:00
Debian: Security Advisory (DLA-3132-1)
2022-10-05 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: snakeyaml-1.32-1.fc36
2022-12-21 01:18:24
[SECURITY] Fedora 37 Update: snakeyaml-1.32-1.fc37
2022-12-21 01:29:20
debian
debian
[SECURITY] [DLA 3132-1] snakeyaml security update
2022-10-02 22:06:40
ubuntu
ubuntu
SnakeYAML vulnerabilities
2023-03-10 00:00:00
suse
suse
Security update for snakeyaml (important)
2022-09-26 00:00:00
freebsd
freebsd
cassandra3 -- multiple vulnerabilities
2023-01-11 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
Oracle Critical Patch Update Advisory - April 2023
2023-04-18 00:00:00
CVSS3
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS
0.002
Percentile
55.6%
Related for DEBIANCVE:CVE-2022-25857