Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack-overflow. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081 https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081
Created liblouisutdml tracking bugs for this issue: Affects: fedora-all [bug 2130444] Created picocli tracking bugs for this issue: Affects: fedora-all [bug 2130445] Created snakeyaml tracking bugs for this issue: Affects: epel-all [bug 2130443] Affects: fedora-all [bug 2130446] Created texlive-base tracking bugs for this issue: Affects: fedora-all [bug 2130447]
This issue has been addressed in the following products: Red Hat build of Eclipse Vert.x 4.3.3 Via RHSA-2022:6757 https://access.redhat.com/errata/RHSA-2022:6757
This issue has been addressed in the following products: Red Hat Data Grid 8.4.0 Via RHSA-2022:8524 https://access.redhat.com/errata/RHSA-2022:8524
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-38752
This issue has been addressed in the following products: Red Hat AMQ Streams 2.3.0 Via RHSA-2023:0189 https://access.redhat.com/errata/RHSA-2023:0189
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Via RHSA-2023:1514 https://access.redhat.com/errata/RHSA-2023:1514
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Via RHSA-2023:1513 https://access.redhat.com/errata/RHSA-2023:1513
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Via RHSA-2023:1512 https://access.redhat.com/errata/RHSA-2023:1512
This issue has been addressed in the following products: EAP 7.4.10 release Via RHSA-2023:1516 https://access.redhat.com/errata/RHSA-2023:1516
This issue has been addressed in the following products: Red Hat Satellite 6.13 for RHEL 8 Via RHSA-2023:2097 https://access.redhat.com/errata/RHSA-2023:2097
This issue has been addressed in the following products: RHINT Camel-Springboot 3.20.1 Via RHSA-2023:2100 https://access.redhat.com/errata/RHSA-2023:2100
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 8 Via RHSA-2023:2706 https://access.redhat.com/errata/RHSA-2023:2706
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 9 Via RHSA-2023:2707 https://access.redhat.com/errata/RHSA-2023:2707
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 7 Via RHSA-2023:2705 https://access.redhat.com/errata/RHSA-2023:2705
This issue has been addressed in the following products: Red Hat Single Sign-On Via RHSA-2023:2713 https://access.redhat.com/errata/RHSA-2023:2713
This issue has been addressed in the following products: RHEL-8 based Middleware Containers Via RHSA-2023:2710 https://access.redhat.com/errata/RHSA-2023:2710
This issue has been addressed in the following products: RHINT Camel-Springboot 3.18.3.P2 Via RHSA-2023:3641 https://access.redhat.com/errata/RHSA-2023:3641