USN-6287-1

Advisory lineage Upstream: 4 Downstream: 0

Upstream

CVE-2021-4235 CVE-2022-3064 UBUNTU-CVE-2021-4235 UBUNTU-CVE-2022-3064

Published: 14 Aug 2023, 08:42

Last modified:20 May 2026, 16:03

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

14 Aug 2023, 08:42

Published

Vulnerability first disclosed

20 May 2026, 16:03

Last Modified

Vulnerability information updated

Description

golang-yaml.v2 vulnerabilities Simon Ferquel discovered that the Go yaml package incorrectly handled certain YAML documents. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause the system to crash, resulting in a denial of service. (CVE-2021-4235) It was discovered that the Go yaml package incorrectly handled certain large YAML documents. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause the system to crash, resulting in a denial of service. (CVE-2022-3064)

Affected Systems

ubuntu•golang-yaml.v2
< 0.0+git20160301.0.a83829b-1ubuntu0.1~esm1 | < 0.0+git20170407.0.cd8b52f-1ubuntu2+esm1 | < 2.2.2-1ubuntu0.1

USN-6287-1

Vulnerability Summary

Timeline

Description

Affected Systems

References (3)