CVE-2022-3064

Aliases:GHSA-6q6q-88xp-6f2rGO-2022-0956

Advisory lineage Upstream: 0 Downstream: 12

Downstream

DEBIAN-CVE-2022-3064 DLA-3479-1 RHSA-2023:1014 RHSA-2023:1275 RHSA-2023:6346 RHSA-2023:6938

Modified

Published: 27 Dec 2022, 21:17

Last modified:14 Apr 2025, 17:05

Vulnerability Summary

Overall Risk (default)

medium

30/100

CVSS Score

7.5 HIGH

v3.1 (cve.org)

EPSS Score

2.23% LOW

2% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

27 Dec 2022, 21:17

Published

Vulnerability first disclosed

14 Apr 2025, 17:05

Last Modified

Vulnerability information updated

Description

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.

CVSS Metrics

v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 2.23%• Percentile: 85%

Techniques & Countermeasures

CWE-400•Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.

Affected Systems

gopkg.in•yaml.v2
< 2.2.4
gopkg.in/yaml.v2•gopkg.in/yaml.v2
< 2.2.4
yaml_project•yaml
< 2.2.4