CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

18 matches found

UbuntuCve•added 2026/03/24 1:17 a.m.•0 views

CVE-2026-33320

Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the...

6.2CVSS6.3AI score0.00008EPSS

Exploits1References3

Snyk•added 2026/03/16 8:27 p.m.•2 views

Out-of-bounds Read

Overview github.com/shamaton/msgpack/v2/time is a None Affected versions of this package are vulnerable to Out-of-bounds Read. via the Unmarshal, UnmarshalAsMap, UnmarshalAsArray, and Marshal functions, which invoke Decode. An attacker can cause a panic with truncated fixext data that triggers an...

8.7CVSS6.7AI score0.00367EPSS

Exploits2References3

Snyk•added 2026/03/16 8:27 p.m.•1 views

Out-of-bounds Read

Overview github.com/shamaton/msgpack/v3/internal/decoding is a None Affected versions of this package are vulnerable to Out-of-bounds Read. via the Unmarshal, UnmarshalAsMap, UnmarshalAsArray, and Marshal functions, which invoke Decode. An attacker can cause a panic with truncated fixext data tha...

8.7CVSS6.7AI score0.00367EPSS

Exploits2References3

Positive Technologies•added 2024/09/25 12:0 a.m.•7 views

PT-2024-41085 · Yaml · Yaml

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: The issue is related to a weakness in the deserialization mechanism of the YAML library in the Go programming language, specifically affecting the Unmarshal function. This weakness can be...

7.8CVSS7.1AI score

Exploits0References3

Tenable Nessus•added 2024/04/18 12:0 a.m.•24 views

CentOS 7 : rhc-worker-script (RHSA-2024:1874)

The remote CentOS Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1874 advisory. - The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a...

7.5CVSS6.9AI score0.00533EPSS

Exploits0References2

Tenable Nessus•added 2024/03/27 12:0 a.m.•30 views

RHEL 8 / 9 : OpenShift Container Platform 4.14.18 (RHSA-2024:1461)

The remote Redhat Enterprise Linux 8 / 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:1461 advisory. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private clo...

7.5CVSS7.1AI score0.00533EPSS

Exploits0References5

RedhatCVE•added 2024/03/06 7:12 a.m.•151 views

CVE-2024-24786

A flaw was found in Golang's protobuf module, where the unmarshal function can enter an infinite loop when processing certain invalid inputs. This issue occurs during unmarshaling into a message that includes a google.protobuf.Any or when the UnmarshalOptions.DiscardUnknown option is enabled. Thi...

5.9CVSS6.2AI score0.00533EPSS

Exploits0References6

Microsoft CVE•added 2023/11/08 8:0 a.m.•3 views

An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.

...

7.5CVSS7AI score0.01524EPSS

Exploits1

OSV•added 2022/08/22 6:0 p.m.•48 views

GO-2022-0603 Panic in gopkg.in/yaml.v3

An issue in the Unmarshal function can cause a program to panic when attempting to deserialize invalid input...

7.5CVSS7.3AI score0.01524EPSS

Exploits1References2

RedhatCVE•added 2022/06/06 11:27 p.m.•45 views

CVE-2022-28948

A flaw was found in the Unmarshal function in Go-Yaml. This vulnerability results in program crashes when attempting to convert or deserialize invalid input data, potentially impacting system stability and reliability...

7.5CVSS7.3AI score0.01524EPSS

Exploits1References4

Veracode•added 2022/05/20 4:37 a.m.•36 views

Denial Of Service (DoS)

gopkg.in/yaml.v3 is vulnerable to denial of service. The vulnerability exists when the deserializing input data through the unmarshal function of yaml.go, allowing an attacker to crash the application by providing invalid YAML data...

7.5CVSS7.3AI score0.01524EPSS

Exploits1References4Affected Software2

OSV•added 2022/05/20 12:0 a.m.•27 views

GHSA-HP87-P4GW-J4GQ gopkg.in/yaml.v3 Denial of Service

An issue in the Unmarshal function in Go-Yaml v3 can cause a program to panic when attempting to deserialize invalid input...

7.5CVSS7.3AI score0.01524EPSS

Exploits1References7