CVE-2022-38751
Denial of Service vulnerability in snakeyaml (Maven)
What is CVE-2022-38751 About?
This vulnerability allows for a Denial of Service (DoS) attack in applications using SnakeYAML to parse untrusted YAML files. Attackers can supply specially crafted YAML content that causes a stack overflow, leading to application crashes. Exploitation is relatively easy if user input is directly processed by the parser.
Affected Software
Technical Details
The vulnerability in SnakeYAML occurs when parsing untrusted YAML files that contain deeply nested or recursive structures. An attacker can craft a YAML document with excessive nesting, which, when processed by the SnakeYAML parser, will lead to an extremely deep call stack during deserialization. This excessive recursion exhausts the process's stack memory, resulting in a stack overflow error and consequently, a Denial of Service (DoS) condition where the application crashes. The attack vector involves providing malicious YAML input to an application that uses SnakeYAML to process user-supplied data without proper input validation or depth limitations.
What is the Impact of CVE-2022-38751?
Successful exploitation may allow attackers to crash the application, leading to a denial of service for legitimate users.
What is the Exploitability of CVE-2022-38751?
Exploitation is relatively straightforward with low complexity, primarily requiring the ability to supply untrusted YAML files or input an application using SnakeYAML. No specific authentication is required if the YAML processing endpoint is publicly accessible. Privilege requirements are minimal, as any user capable of submitting input to the YAML parser can trigger the vulnerability. It typically involves remote access via a web interface or API that accepts YAML. The likelihood of exploitation is high if the application processes arbitrary user-supplied YAML without sufficient depth validation, as the malicious input is easily crafted.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2022-38751?
About the Fix from Resolved Security
Available Upgrade Options
- org.yaml:snakeyaml
- <1.31 → Upgrade to 1.31
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://nvd.nist.gov/vuln/detail/CVE-2022-38751
- https://security.netapp.com/advisory/ntap-20240315-0010
- https://security.gentoo.org/glsa/202305-28
- https://bitbucket.org/snakeyaml/snakeyaml/src/master/src/test/java/org/yaml/snakeyaml/issues/issue530/Fuzzy47039Test.java
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47039
- https://osv.dev/vulnerability/GHSA-98wm-3w3q-mw94
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47039
- https://bitbucket.org/snakeyaml/snakeyaml/issues/530/stackoverflow-oss-fuzz-47039
- https://security.netapp.com/advisory/ntap-20240315-0010/
- https://lists.debian.org/debian-lts-announce/2022/10/msg00001.html
What are Similar Vulnerabilities to CVE-2022-38751?
Similar Vulnerabilities: CVE-2018-1000873 , CVE-2017-18640 , CVE-2017-15095 , CVE-2020-13959 , CVE-2019-14070
