Miggo Logo
Miggo Vulnerability Database
CVE-2022-38751

CVE-2022-38751: snakeYAML before 1.31 vulnerable to Denial of Service due to Out-of-bounds Write

6.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2022-38751
GHSA ID
GHSA-98wm-3w3q-mw94
EPSS Score
0.39431%
CWE
CWE-121
Published
9/6/2022
Updated
3/15/2024
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.yaml:snakeyamlmaven< 1.311.31

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability manifests in regex processing during YAML parsing. Key evidence comes from:

  1. The test case Fuzzy47039Test.java showing stack overflow in regex processing
  2. CWE-121/787 mapping to uncontrolled recursion in parsing logic
  3. Patch focus on adding length checks before regex operations

ScannerImpl.scanTag() is primary suspect as it handles tag parsing (like '!!str') where malicious tags would be processed. Resolver.resolve() is secondary vector as type detection uses regex patterns. Both would appear in stack traces during exploitation when processing malicious YAML content.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

Usin* sn*k*Y*ML to p*rs* untrust** Y*ML *il*s m*y ** vuln*r**l* to **ni*l o* S*rvi** *tt**ks (*OS). I* t** p*rs*r is runnin* on us*r suppli** input, *n *tt**k*r m*y supply *ont*nt t**t **us*s t** p*rs*r to *r*s* *y st**kov*r*low.

Reasoning

T** vuln*r**ility m*ni**sts in r***x pro**ssin* *urin* Y*ML p*rsin*. K*y *vi**n** *om*s *rom: *. T** t*st **s* *uzzy*****T*st.j*v* s*owin* st**k ov*r*low in r***x pro**ssin* *. *W*-***/*** m*ppin* to un*ontroll** r**ursion in p*rsin* lo*i* *. P*t** *