High severityNVD Advisory· Published May 19, 2022· Updated Aug 3, 2024
CVE-2022-28948
CVE-2022-28948
Description
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gopkg.in/yaml.v3Go | < 3.0.1 | 3.0.1 |
Affected products
67- Go-Yaml/Go-Yamldescription
- osv-coords66 versionspkg:apk/chainguard/dynamic-localpv-provisionerpkg:apk/chainguard/dynamic-localpv-provisioner-fipspkg:apk/chainguard/eks-distro-coredns-1.8pkg:apk/chainguard/kubeflowpkg:apk/chainguard/kubeflow-access-managementpkg:apk/chainguard/kubeflow-access-management-compatpkg:apk/chainguard/kubeflow-access-management-fipspkg:apk/chainguard/kubeflow-access-management-fips-compatpkg:apk/chainguard/kubeflow-admission-webhookpkg:apk/chainguard/kubeflow-admission-webhook-compatpkg:apk/chainguard/kubeflow-admission-webhook-fipspkg:apk/chainguard/kubeflow-admission-webhook-fips-compatpkg:apk/chainguard/kubeflow-fipspkg:apk/chainguard/kubeflow-notebook-controllerpkg:apk/chainguard/kubeflow-notebook-controller-compatpkg:apk/chainguard/kubeflow-notebook-controller-fipspkg:apk/chainguard/kubeflow-notebook-controller-fips-compatpkg:apk/chainguard/kubeflow-profile-controllerpkg:apk/chainguard/kubeflow-profile-controller-compatpkg:apk/chainguard/kubeflow-profile-controller-fipspkg:apk/chainguard/kubeflow-profile-controller-fips-compatpkg:apk/chainguard/kubeflow-pvcviewer-controllerpkg:apk/chainguard/kubeflow-pvcviewer-controller-compatpkg:apk/chainguard/kubeflow-pvcviewer-controller-fipspkg:apk/chainguard/kubeflow-pvcviewer-controller-fips-compatpkg:apk/chainguard/kubeflow-tensorboard-controllerpkg:apk/chainguard/kubeflow-tensorboard-controller-compatpkg:apk/chainguard/kubeflow-tensorboard-controller-fipspkg:apk/chainguard/kubeflow-tensorboard-controller-fips-compatpkg:apk/chainguard/kubernetes-csi-external-snapshotter-6.0pkg:apk/chainguard/kube-state-metrics-2.2.0pkg:apk/chainguard/nfs-subdir-external-provisionerpkg:apk/chainguard/nfs-subdir-external-provisioner-fipspkg:apk/chainguard/thanos-operatorpkg:apk/chainguard/thanos-operator-compatpkg:apk/chainguard/thanos-operator-fipspkg:apk/chainguard/thanos-operator-fips-compatpkg:apk/wolfi/dynamic-localpv-provisionerpkg:apk/wolfi/kubeflowpkg:apk/wolfi/kubeflow-access-managementpkg:apk/wolfi/kubeflow-access-management-compatpkg:apk/wolfi/kubeflow-admission-webhookpkg:apk/wolfi/kubeflow-admission-webhook-compatpkg:apk/wolfi/kubeflow-notebook-controllerpkg:apk/wolfi/kubeflow-notebook-controller-compatpkg:apk/wolfi/kubeflow-profile-controllerpkg:apk/wolfi/kubeflow-profile-controller-compatpkg:apk/wolfi/kubeflow-pvcviewer-controllerpkg:apk/wolfi/kubeflow-pvcviewer-controller-compatpkg:apk/wolfi/kubeflow-tensorboard-controllerpkg:apk/wolfi/kubeflow-tensorboard-controller-compatpkg:apk/wolfi/nfs-subdir-external-provisionerpkg:apk/wolfi/thanos-operatorpkg:apk/wolfi/thanos-operator-compatpkg:golang/gopkg.in/yaml.v3pkg:rpm/opensuse/coredns&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/coredns&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/ignition&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/traefik2&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/traefik&distro=openSUSE%20Tumbleweedpkg:rpm/suse/coredns&distro=SUSE%20Package%20Hub%2015%20SP6pkg:rpm/suse/ignition&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/ignition&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/ignition&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/ignition&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP6pkg:rpm/suse/ignition&distro=SUSE%20Linux%20Enterprise%20Module%20for%20HPC%2015%20SP7
< 3.4.1-r3+ 65 more
- (no CPE)range: < 3.4.1-r3
- (no CPE)range: < 3.5.0-r0
- (no CPE)range: < 1.8.7-r5
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 1.10.0-r2
- (no CPE)range: < 6.0.1-r7
- (no CPE)range: < 2.2.0-r2
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.3.7-r33
- (no CPE)range: < 0.3.7-r33
- (no CPE)range: < 0.3.7-r33
- (no CPE)range: < 0.3.7-r33
- (no CPE)range: < 3.4.1-r3
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0.3.7-r33
- (no CPE)range: < 0.3.7-r33
- (no CPE)range: < 3.0.1
- (no CPE)range: < 1.11.3-bp156.4.3.1
- (no CPE)range: < 1.10.0-1.1
- (no CPE)range: < 2.14.0-150400.9.12.1
- (no CPE)range: < 2.11.29-1.1
- (no CPE)range: < 3.5.1-1.1
- (no CPE)range: < 1.11.3-bp156.4.3.1
- (no CPE)range: < 2.14.0-150300.4.16.1
- (no CPE)range: < 2.14.0-150300.6.16.1
- (no CPE)range: < 2.14.0-150400.4.12.1
- (no CPE)range: < 2.14.0-150400.9.12.1
- (no CPE)range: < 2.14.0-150400.9.12.1
Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-hp87-p4gw-j4gqghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-28948ghsaADVISORY
- github.com/go-yaml/yaml/commit/8f96da9f5d5eff988554c1aae1784627c4bf6754ghsaWEB
- github.com/go-yaml/yaml/commit/f6f7691b1fdeb513f56608cd2c32c51f8194bf51ghsaWEB
- github.com/go-yaml/yaml/issues/665ghsaWEB
- github.com/go-yaml/yaml/issues/666ghsax_refsource_MISCWEB
- security.netapp.com/advisory/ntap-20220923-0006ghsaWEB
- security.netapp.com/advisory/ntap-20220923-0006/mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.