High severity7.5NVD Advisory· Published Dec 27, 2022· Updated Jun 17, 2026
CVE-2022-3064
CVE-2022-3064
Description
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gopkg.in/yaml.v2Go | < 2.2.4 | 2.2.4 |
Affected products
42- osv-coords41 versionspkg:apk/chainguard/k3dpkg:apk/chainguard/k3d-proxypkg:apk/chainguard/k3d-toolspkg:apk/wolfi/k3dpkg:apk/wolfi/k3d-proxypkg:apk/wolfi/k3d-toolspkg:golang/gopkg.in/yaml.v2pkg:rpm/almalinux/aardvark-dnspkg:rpm/almalinux/buildahpkg:rpm/almalinux/buildah-testspkg:rpm/almalinux/cockpit-podmanpkg:rpm/almalinux/conmonpkg:rpm/almalinux/containernetworking-pluginspkg:rpm/almalinux/containers-commonpkg:rpm/almalinux/container-selinuxpkg:rpm/almalinux/critpkg:rpm/almalinux/criupkg:rpm/almalinux/criu-develpkg:rpm/almalinux/criu-libspkg:rpm/almalinux/crunpkg:rpm/almalinux/fuse-overlayfspkg:rpm/almalinux/libslirppkg:rpm/almalinux/libslirp-develpkg:rpm/almalinux/netavarkpkg:rpm/almalinux/oci-seccomp-bpf-hookpkg:rpm/almalinux/podmanpkg:rpm/almalinux/podman-catatonitpkg:rpm/almalinux/podman-dockerpkg:rpm/almalinux/podman-gvproxypkg:rpm/almalinux/podman-pluginspkg:rpm/almalinux/podman-remotepkg:rpm/almalinux/podman-testspkg:rpm/almalinux/python3-criupkg:rpm/almalinux/python3-podmanpkg:rpm/almalinux/runcpkg:rpm/almalinux/skopeopkg:rpm/almalinux/skopeo-testspkg:rpm/almalinux/slirp4netnspkg:rpm/almalinux/toolboxpkg:rpm/almalinux/toolbox-testspkg:rpm/almalinux/udica
< 5.6.0-r11+ 40 more
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 5.6.0-r11
- (no CPE)range: < 2.2.4
- (no CPE)range: < 2:1.0.1-38.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1:1.24.6-7.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1:1.24.6-7.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 46-1.module_el8.7.0+3344+5bcd850f
- (no CPE)range: < 2:2.1.4-2.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1:1.1.1-5.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 2:1-38.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 2:2.205.0-3.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 3.15-3.module_el8.6.0+3137+d33c3efb
- (no CPE)range: < 3.15-3.module_el8.6.0+2877+8e437bf5
- (no CPE)range: < 3.15-3.module_el8.6.0+2877+8e437bf5
- (no CPE)range: < 3.15-3.module_el8.6.0+2877+8e437bf5
- (no CPE)range: < 1.8.3-1.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1.9-2.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 4.4.0-1.module_el8.6.0+2877+8e437bf5
- (no CPE)range: < 4.4.0-1.module_el8.6.0+3137+d33c3efb
- (no CPE)range: < 2:1.0.1-38.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1.2.5-2.module_el8.8.0+3468+16b86c82
- (no CPE)range: < 2:4.0.2-24.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 2:4.0.2-24.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 2:4.0.2-24.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 2:4.0.2-24.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 2:4.0.2-24.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 2:4.0.2-24.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 2:4.0.2-24.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 3.15-3.module_el8.6.0+3137+d33c3efb
- (no CPE)range: < 4.0.0-2.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1:1.1.5-2.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 2:1.6.2-8.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 2:1.6.2-8.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 1.1.8-3.module_el8.9.0+3627+db8ec155
- (no CPE)range: < 0.0.99.4-6.el9_3
- (no CPE)range: < 0.0.99.4-6.el9_3
- (no CPE)range: < 0.2.6-4.module_el8.9.0+3627+db8ec155
- Range: 0
Patches
Vulnerability mechanics
References
18- github.com/go-yaml/yaml/commit/f221b8435cfb71e54062f6c6e99e9ade30b124d5nvdPatchThird Party AdvisoryWEB
- pkg.go.dev/vuln/GO-2022-0956nvdPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-6q6q-88xp-6f2rghsaADVISORY
- github.com/go-yaml/yaml/releases/tag/v2.2.4nvdRelease NotesThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2022-3064ghsaADVISORY
- lists.debian.org/debian-lts-announce/2023/07/msg00001.htmlnvdWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SPghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHGghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHCghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMTghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFEghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAIghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4SBIUECMLNC572P23DDOKJNKPJVX26SP/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ANIOPUXWIHVRA6CEWXCGOMX3YYS6KFHG/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LYZOKMMVX4SIEHPJW3SJUQGMO5YZCPHC/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PW3XC47AUW5J5M2ULJX7WCCL3B2ETLMT/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XNF4OLYZRQE75EB5TW5N42FSXHBXGWFE/nvd
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZTE4ITXXPIWZEQ4HYQCB6N6GZIMWXDAI/nvd
News mentions
0No linked articles in our index yet.