Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack. https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50355
Created liblouisutdml tracking bugs for this issue: Affects: fedora-all [bug 2152478] Created log4j tracking bugs for this issue: Affects: fedora-all [bug 2152479] Created picocli tracking bugs for this issue: Affects: fedora-all [bug 2152480] Created prometheus-jmx-exporter tracking bugs for this issue: Affects: fedora-all [bug 2152481] Created snakeyaml tracking bugs for this issue: Affects: epel-all [bug 2152477] Affects: fedora-all [bug 2152476] Created texlive-base tracking bugs for this issue: Affects: fedora-all [bug 2152482]
This issue has been addressed in the following products: Red Hat build of Eclipse Vert.x 4.3.7 Via RHSA-2023:0577 https://access.redhat.com/errata/RHSA-2023:0577
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 9 Via RHSA-2023:1514 https://access.redhat.com/errata/RHSA-2023:1514
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 for RHEL 8 Via RHSA-2023:1513 https://access.redhat.com/errata/RHSA-2023:1513
This issue has been addressed in the following products: Red Hat JBoss Enterprise Application Platform 7.4 on RHEL 7 Via RHSA-2023:1512 https://access.redhat.com/errata/RHSA-2023:1512
This issue has been addressed in the following products: EAP 7.4.10 release Via RHSA-2023:1516 https://access.redhat.com/errata/RHSA-2023:1516
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-41854
This issue has been addressed in the following products: RHINT Camel-Springboot 3.20.1 Via RHSA-2023:2100 https://access.redhat.com/errata/RHSA-2023:2100
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 8 Via RHSA-2023:2706 https://access.redhat.com/errata/RHSA-2023:2706
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 9 Via RHSA-2023:2707 https://access.redhat.com/errata/RHSA-2023:2707
This issue has been addressed in the following products: Red Hat Single Sign-On 7.6 for RHEL 7 Via RHSA-2023:2705 https://access.redhat.com/errata/RHSA-2023:2705
This issue has been addressed in the following products: Red Hat Single Sign-On Via RHSA-2023:2713 https://access.redhat.com/errata/RHSA-2023:2713
This issue has been addressed in the following products: RHEL-8 based Middleware Containers Via RHSA-2023:2710 https://access.redhat.com/errata/RHSA-2023:2710
This issue has been addressed in the following products: Migration Toolkit for Runtimes 1 on RHEL 8 Via RHSA-2023:3373 https://access.redhat.com/errata/RHSA-2023:3373
This issue has been addressed in the following products: RHINT Camel-Springboot 3.18.3.P2 Via RHSA-2023:3641 https://access.redhat.com/errata/RHSA-2023:3641
This issue has been addressed in the following products: Red Hat Fuse 7.12 Via RHSA-2023:3954 https://access.redhat.com/errata/RHSA-2023:3954
This issue has been addressed in the following products: MTA-6.2-RHEL-9 MTA-6.2-RHEL-8 Via RHSA-2023:4627 https://access.redhat.com/errata/RHSA-2023:4627
This issue has been addressed in the following products: AMQ Clients 3.y for RHEL 8 AMQ Clients 3.y for RHEL 9 Via RHSA-2023:7697 https://access.redhat.com/errata/RHSA-2023:7697