GHSA-4FCP-JXH7-23X8 Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service

Summary dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the library's own UnmarshalYAML implementation, which manually resolves alias nodes by recursively following yaml.Node.Alias pointers without any...

go-yaml: Denial of Service in go-yaml

A flaw was found in go-yaml. This issue occurs due to unbounded alias chasing, where a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector...

Denial Of Service (DoS)

github.com/go-yaml/yaml is vulnerable to denial of service.The vulnerability exists in multiple functions of decode.go due to unbounded alias chasing which allows an attacker to cause an application crash via malicious input...

GHSA-R88R-GMRH-7J83 YAML Go package vulnerable to denial of service

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector...

AZL-45237 CVE-2021-4235 affecting package podman for versions less than 5.6.1-2

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector...

CVE-2021-4235

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector...

AZL-43447 CVE-2021-4235 affecting package delve 1.5.0-20

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector...

AZL-43918 CVE-2021-4235 affecting package buildah 1.18.0-29

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector...

AZL-45360 CVE-2021-4235 affecting package buildah for versions less than 1.41.4-2

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector...

CVE-2021-4235 Denial of service in gopkg.in/yaml.v2

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector...

CVE-2021-4235 Denial of service in gopkg.in/yaml.v2

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector...

GO-2021-0061 Denial of service in gopkg.in/yaml.v2

Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector...

PT-2021-23588 · Linux Mint +1 · Linuxmint +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue is related to unbounded alias chasing in YAML files. A maliciously crafted YAML file can cause the system to consume significant system...