Debian Golang-Yaml.V2 vulnerabilities
2 known vulnerabilities affecting debian/golang-yaml.v2.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2022-3064HIGHCVSS 7.5fixed in golang-yaml.v2 2.2.8-1 (bookworm)2022
CVE-2022-3064 [HIGH] CVE-2022-3064: golang-yaml.v2 - Parsing malicious or large YAML documents can consume excessive amounts of CPU o...
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
Scope: local
bookworm: resolved (fixed in 2.2.8-1)
bullseye: resolved (fixed in 2.2.8-1)
forky: resolved (fixed in 2.2.8-1)
sid: resolved (fixed in 2.2.8-1)
trixie: resolved (fixed in 2.2.8-1)
debian
CVE-2021-4235MEDIUMCVSS 5.5fixed in golang-yaml.v2 2.2.8-1 (bookworm)2021
CVE-2021-4235 [MEDIUM] CVE-2021-4235: golang-yaml.v2 - Due to unbounded alias chasing, a maliciously crafted YAML file can cause the sy...
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
Scope: local
bookworm: resolved (fixed in 2.2.8-1)
bullseye: resolved (fixed in 2.2.8-1)
forky: resolved (fixed in 2.2.8-1)
sid: resolved (fixed in 2.2.8-1)
trixie:
debian