blob: f6065106f426468fac0429128f5d3493b54b2cd0 [file] [log] [blame]
module: gopkg.in/yaml.v2
additional_packages:
- module: github.com/go-yaml/yaml
symbols:
- yaml_parser_fetch_more_tokens
derived_symbols:
- Decoder.Decode
- Unmarshal
- UnmarshalStrict
versions:
- fixed: v2.2.8
description: |
Due to unbounded aliasing, a crafted YAML file can cause consumption
of significant system resources. If parsing user supplied input, this
may be used as a denial of service vector.
cves:
- CVE-2019-11254
symbols:
- yaml_parser_fetch_more_tokens
derived_symbols:
- Decoder.Decode
- Unmarshal
- UnmarshalStrict
links:
pr: https://github.com/go-yaml/yaml/pull/555
commit: https://github.com/go-yaml/yaml/commit/53403b58ad1b561927d19068c655246f2db79d48
context:
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18496