CVE-2022-38752
Denial of Service vulnerability in snakeyaml (Maven)
What is CVE-2022-38752 About?
This vulnerability allows for Denial of Service attacks when using SnakeYAML to parse untrusted YAML files. Attackers can provide specially crafted input that causes the parser to crash via stack overflow, making the service unavailable. While the input required can be complex, the impact can be significant in systems processing external YAML.
Affected Software
Technical Details
The vulnerability occurs when SnakeYAML is used to parse untrusted YAML files. An attacker can craft a malicious YAML document designed to induce a stack overflow condition within the parser. This is typically achieved by specifying deeply nested structures or recursive references in the YAML data. When the parser attempts to process these malformed structures, it consumes excessive stack memory, eventually leading to a stack overflow and causing the application or service utilizing SnakeYAML to crash, resulting in a Denial of Service. The attack vector is the user-supplied YAML input.
What is the Impact of CVE-2022-38752?
Successful exploitation may allow attackers to disrupt service availability, causing applications or systems to crash and cease functioning.
What is the Exploitability of CVE-2022-38752?
Exploitation of this vulnerability requires the ability to provide untrusted YAML input to an application using SnakeYAML. The complexity of crafting the malicious YAML file can range from moderate to high, depending on the parser's specific configurations and the vulnerability's exact nature. There are no explicit authentication or privilege requirements to trigger the denial of service, only the ability to submit YAML data that the target system will process. This can be either a remote or local attack, depending on how user-supplied YAML is handled. The primary condition is that the application must be configured to parse external YAML input using SnakeYAML. Risk factors increase significantly in applications that publicly expose endpoints accepting arbitrary YAML payloads.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| No known exploits | ||
What are the Available Fixes for CVE-2022-38752?
About the Fix from Resolved Security
Available Upgrade Options
- org.yaml:snakeyaml
- <1.32 → Upgrade to 1.32
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://security.gentoo.org/glsa/202305-28
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081
- https://security.netapp.com/advisory/ntap-20240315-0009/
- https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081
- https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081
- https://nvd.nist.gov/vuln/detail/CVE-2022-38752
- https://osv.dev/vulnerability/GHSA-9w3m-gqgf-c4p9
- https://bitbucket.org/snakeyaml/snakeyaml
- https://security.netapp.com/advisory/ntap-20240315-0009
- https://security.gentoo.org/glsa/202305-28
What are Similar Vulnerabilities to CVE-2022-38752?
Similar Vulnerabilities: CVE-2023-45588 , CVE-2023-32001 , CVE-2023-29471 , CVE-2023-27329 , CVE-2023-36665
