Search CVE reports
1 – 7 of 7 results
CVE-2024-35326
Medium prioritylibyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issue is the function yaml_emitter_emit of the file /src/libyaml/src/emitter.c. The manipulation leads to a double-free.
4 affected packages
golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-goyaml | Not in release | Not in release | Not in release | — | Not affected |
| golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| libyaml | Not affected | Not affected | Not affected | Not affected | Not affected |
| libyaml-libyaml-perl | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-35325
Medium priorityA vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free.
4 affected packages
golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-goyaml | Not in release | Not in release | Not in release | — | Not affected |
| golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| libyaml | Not affected | Not affected | Not affected | Not affected | Not affected |
| libyaml-libyaml-perl | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-35328
Medium prioritylibyaml v0.2.5 is vulnerable to DDOS. Affected by this issue is the function yaml_parser_parse of the file /src/libyaml/src/parser.c.
4 affected packages
golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-goyaml | Not in release | Not in release | Not in release | — | Not affected |
| golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| libyaml | Not affected | Not affected | Not affected | Not affected | Not affected |
| libyaml-libyaml-perl | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2024-35329
Medium priority** DISPUTED ** libyaml 0.2.5 is vulnerable to a heap-based Buffer Overflow in yaml_document_add_sequence in api.c. NOTE: the supplier disputes this because the finding represents a user error. The problem is that the application,...
4 affected packages
golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-goyaml | Not in release | Not in release | Not in release | — | Not affected |
| golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| libyaml | Not affected | Not affected | Not affected | Not affected | Not affected |
| libyaml-libyaml-perl | Not affected | Not affected | Not affected | Not affected | Not affected |
CVE-2022-3064
Medium prioritySome fixes available 3 of 30
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
6 affected packages
golang-github-coreos-discovery-etcd-io, golang-gopkg-yaml.v3, golang-yaml.v2, kubernetes, singularity-container, webhook
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-github-coreos-discovery-etcd-io | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
| golang-gopkg-yaml.v3 | Not affected | Not affected | Not in release | Not in release | Ignored |
| golang-yaml.v2 | Not affected | Not affected | Fixed | Fixed | Fixed |
| kubernetes | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
| singularity-container | Needs evaluation | Not in release | Not in release | Needs evaluation | Ignored |
| webhook | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
CVE-2021-4235
Medium prioritySome fixes available 3 of 30
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
6 affected packages
golang-github-coreos-discovery-etcd-io, golang-gopkg-yaml.v3, golang-yaml.v2, kubernetes, singularity-container, webhook
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-github-coreos-discovery-etcd-io | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
| golang-gopkg-yaml.v3 | Not affected | Not affected | Not in release | Not in release | Ignored |
| golang-yaml.v2 | Not affected | Not affected | Fixed | Fixed | Fixed |
| kubernetes | Needs evaluation | Needs evaluation | Needs evaluation | Not in release | Ignored |
| singularity-container | Needs evaluation | Not in release | Not in release | Needs evaluation | Ignored |
| webhook | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Ignored |
CVE-2022-28948
Medium prioritySome fixes available 4 of 12
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.
4 affected packages
golang-gopkg-yaml.v3, golang-goyaml, golang-yaml.v2, snapd
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
|---|---|---|---|---|---|
| golang-gopkg-yaml.v3 | Not affected | Needs evaluation | Not in release | Not in release | Not in release |
| golang-goyaml | Not in release | Not in release | Not in release | Not in release | Not affected |
| golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected | Not affected |
| snapd | Fixed | Fixed | Fixed | Vulnerable | Needs evaluation |