SB2022092714 - Multiple vulnerabilities in Snakeyaml
Published: September 27, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Stack-based buffer overflow (CVE-ID: CVE-2022-38750)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when handling YAML files. A remote attacker can pass a specially crafted YAML file to the application, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.2) Stack-based buffer overflow (CVE-ID: CVE-2022-38749)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when handling YAML files. A remote attacker can pass a specially crafted YAML file to the application, trigger a stack-based buffer overflow and perform a denial of service (DoS) attack.3) Resource exhaustion (CVE-ID: CVE-2022-25857)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when handling YAML files. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
4) Out-of-bounds write (CVE-ID: CVE-2022-38751)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when processing untrusted YAML input. A remote attacker can pass a specially crafted YAML file to the application, trigger out-of-bounds write and perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.
References
- https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz-47027
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027
- https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror-for-many-open
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47024
- https://bitbucket.org/snakeyaml/snakeyaml/commits/fc300780da21f4bb92c148bc90257201220cf174
- https://github.com/snakeyaml/snakeyaml/commit/fc300780da21f4bb92c148bc90257201220cf174
- https://bitbucket.org/snakeyaml/snakeyaml/issues/525
- https://bitbucket.org/snakeyaml/snakeyaml/issues/530/stackoverflow-oss-fuzz-47039
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47039