Search CVE reports
1 – 7 of 7 results
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
4 affected packages
libyaml, libyaml-libyaml-perl, golang-goyaml, golang-yaml.v2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libyaml | Not affected | Not affected | Not affected | Not affected |
| libyaml-libyaml-perl | Not affected | Not affected | Not affected | Not affected |
| golang-goyaml | Not in release | Not in release | Not in release | — |
| golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
4 affected packages
libyaml, libyaml-libyaml-perl, golang-goyaml, golang-yaml.v2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libyaml | Not affected | Not affected | Not affected | Not affected |
| libyaml-libyaml-perl | Not affected | Not affected | Not affected | Not affected |
| golang-goyaml | Not in release | Not in release | Not in release | — |
| golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
4 affected packages
libyaml, libyaml-libyaml-perl, golang-goyaml, golang-yaml.v2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libyaml | Not affected | Not affected | Not affected | Not affected |
| libyaml-libyaml-perl | Not affected | Not affected | Not affected | Not affected |
| golang-goyaml | Not in release | Not in release | Not in release | — |
| golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
4 affected packages
libyaml, libyaml-libyaml-perl, golang-goyaml, golang-yaml.v2
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| libyaml | Not affected | Not affected | Not affected | Not affected |
| libyaml-libyaml-perl | Not affected | Not affected | Not affected | Not affected |
| golang-goyaml | Not in release | Not in release | Not in release | — |
| golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected |
Some fixes available 3 of 33
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory.
6 affected packages
golang-github-coreos-discovery-etcd-io, golang-gopkg-yaml.v3, golang-yaml.v2, kubernetes, webhook, singularity-container
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-coreos-discovery-etcd-io | Vulnerable | Vulnerable | Vulnerable | Not in release |
| golang-gopkg-yaml.v3 | Not affected | Not affected | Not in release | Not in release |
| golang-yaml.v2 | Not affected | Not affected | Fixed | Fixed |
| kubernetes | Not affected | Not affected | Not affected | Not in release |
| webhook | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| singularity-container | Needs evaluation | Not in release | Not in release | Needs evaluation |
Some fixes available 3 of 33
Due to unbounded alias chasing, a maliciously crafted YAML file can cause the system to consume significant system resources. If parsing user input, this may be used as a denial of service vector.
6 affected packages
golang-github-coreos-discovery-etcd-io, golang-gopkg-yaml.v3, golang-yaml.v2, kubernetes, singularity-container, webhook
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| golang-github-coreos-discovery-etcd-io | Vulnerable | Vulnerable | Vulnerable | Not in release |
| golang-gopkg-yaml.v3 | Not affected | Not affected | Not in release | Not in release |
| golang-yaml.v2 | Not affected | Not affected | Fixed | Fixed |
| kubernetes | Not affected | Not affected | Not affected | Not in release |
| singularity-container | Needs evaluation | Not in release | Not in release | Needs evaluation |
| webhook | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 6 of 14
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.
4 affected packages
snapd, golang-goyaml, golang-yaml.v2, golang-gopkg-yaml.v3
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| snapd | Fixed | Fixed | Fixed | Vulnerable |
| golang-goyaml | Not in release | Not in release | Not in release | Not in release |
| golang-yaml.v2 | Not affected | Not affected | Not affected | Not affected |
| golang-gopkg-yaml.v3 | Not affected | Needs evaluation | Not in release | Not in release |