Bugzilla – Bug 1199772
VUL-0: CVE-2022-28948: rook: An issue during unmarshaling in Go-Yaml v3 can lead to DoS via invalid input
Last modified: 2022-08-12 14:03:46 UTC
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash
when attempting to deserialize invalid input.
rook embeds go-yaml.v3 in the following codestreams:
On SUSE:SLE-15-SP1:Update:Products:SES6:Update and openSUSE:Backports:SLE-15-SP3 only yaml.v2 is embedded, which does not seem to be affected.