CVE-2022-3064

🗓️ 27 Dec 2022 21:17:41Reported by GoType

Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory

Reporter	Title	Published	Views	Family All 169
IBM Security Bulletins	Security Bulletin: IBM Storage Fusion and IBM Storage Fusion HCI may be vulnerable to denial of service and link following via Go-Yaml, kube-apiserver, Golang Go and Beego	29 Aug 202321:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Planning Analytics Connector for SAP is affected by security vulnerabilities	2 Apr 202418:29	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs	26 Mar 202503:48	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in the Golang language affects IBM Event Streams (CVE-2022-3064)	6 Mar 202307:49	–	ibm
Tenable Nessus	Alibaba Cloud Linux 3 : 0050: container-tools:rhel8 (ALINUX3-SA-2024:0050)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : container-tools:4.0 (ALSA-2023:6938)	2 Jul 202500:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: etcd / packer (CVE-2022-3064)	10 Feb 202500:00	–	nessus
Tenable Nessus	Debian dla-3479 : golang-gopkg-yaml.v2-dev - security update	6 Jul 202300:00	–	nessus
Tenable Nessus	Fedora 37 : manifest-tool (2023-11dafed208)	14 Mar 202300:00	–	nessus
Tenable Nessus	Fedora 38 : manifest-tool (2023-5312f6200c)	10 Mar 202300:00	–	nessus

NVD

Node

yaml_project yamlRange<2.2.4go

[
  {
    "vendor": "gopkg.in/yaml.v2",
    "product": "gopkg.in/yaml.v2",
    "collectionURL": "https://pkg.go.dev",
    "packageName": "gopkg.in/yaml.v2",
    "versions": [
      {
        "version": "0",
        "lessThan": "2.2.4",
        "status": "affected",
        "versionType": "semver"
      }
    ],
    "programRoutines": [
      {
        "name": "decoder.unmarshal"
      },
      {
        "name": "yaml_parser_increase_flow_level"
      },
      {
        "name": "yaml_parser_roll_indent"
      },
      {
        "name": "Decoder.Decode"
      },
      {
        "name": "Unmarshal"
      },
      {
        "name": "UnmarshalStrict"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

Source	Link
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/
github	www.github.com/go-yaml/yaml/releases/tag/v2.2.4
pkg	www.pkg.go.dev/vuln/GO-2022-0956
lists	www.lists.debian.org/debian-lts-announce/2023/07/msg00001.html
github	www.github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/
lists	www.lists.fedoraproject.org/archives/list/[email protected]/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/

14 Apr 2025 17:15Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.17.5

EPSS0.02229

SSVC

CWE-400