Those using Snakeyaml to parse untrusted YAML files may be vulnerable to Denial of Service attacks (DOS). If the parser is running on user supplied input, an attacker may supply content that causes the parser to crash by stack overflow. This effect may support a denial of service attack.
mta/mta Red Hat / RHEL
Fixed in: pathfinder-rhel9@sha256:8cbce6bd4bc17d78e532477bbb4d8c6d02a5f0d0a823b6a9f20c072ff66fdb26_amd64 RHSA-2023:4627 Fixed in: rhel8-operator@sha256:c33386019c431eaeac3559226353b5a50cd54c03a2975bde02f6a66427fca893_amd64 RHSA-2023:4627 Fixed in: operator-bundle@sha256:3165133f54da89d0e2b897a8069db7d17a4d956b712f84eb320c083506c24469_amd64 RHSA-2023:4627 Fixed in: hub-rhel9@sha256:5cc1613cb869bab75faa5ea2798ab5f34238192b397d3c942789b4242a8a815a_amd64 RHSA-2023:4627 Fixed in: ui-rhel9@sha256:d393b1ae0968bd8710a8e58c0e74d293c58b804fb5e6cbb9434520c888a80587_amd64 RHSA-2023:4627 mta/mta Rocky
Fixed in: operator-bundle@sha256:3165133f54da89d0e2b897a8069db7d17a4d956b712f84eb320c083506c24469_amd64 RHSA-2023:4627 Fixed in: hub-rhel9@sha256:5cc1613cb869bab75faa5ea2798ab5f34238192b397d3c942789b4242a8a815a_amd64 RHSA-2023:4627 Fixed in: pathfinder-rhel9@sha256:8cbce6bd4bc17d78e532477bbb4d8c6d02a5f0d0a823b6a9f20c072ff66fdb26_amd64 RHSA-2023:4627 Fixed in: ui-rhel9@sha256:d393b1ae0968bd8710a8e58c0e74d293c58b804fb5e6cbb9434520c888a80587_amd64 RHSA-2023:4627 Fixed in: rhel8-operator@sha256:c33386019c431eaeac3559226353b5a50cd54c03a2975bde02f6a66427fca893_amd64 RHSA-2023:4627 mta/mta-windup Rocky
Fixed in: addon-rhel9@sha256:5a6e25695fbf883d6c02cd8b933a2a482e3e18ec70e86be0db576a107ff65a84_amd64 RHSA-2023:4627 mta/mta-windup Red Hat / RHEL
Fixed in: addon-rhel9@sha256:5a6e25695fbf883d6c02cd8b933a2a482e3e18ec70e86be0db576a107ff65a84_amd64 RHSA-2023:4627 mtr/mtr Red Hat / RHEL
Fixed in: operator-bundle@sha256:c6f3757a10c0f4679b414392713da6cb36760c29c375bf615cd9e1ee23f68062_s390x RHSA-2023:3373 Fixed in: rhel8-operator@sha256:45392a5ea3e1a610edf2f0ee60a721370f763e5712aefa4d1a79001f9f6f071e_s390x RHSA-2023:3373 Fixed in: operator-bundle@sha256:90e1ab28e5bab215a770dd25e4091eacb9db3851801e54a15bf9bea9257ae117_ppc64le RHSA-2023:3373 Fixed in: rhel8-operator@sha256:a7aeac410307931305125078e51c4086df0aba23215d2a2fd25ac003abe492dc_ppc64le RHSA-2023:3373 Fixed in: operator-bundle@sha256:90794f222e3d06e5312a808475d784b9c19c5830f3095c26d1d486a2c4c65744_amd64 RHSA-2023:3373 Fixed in: operator-bundle@sha256:f6b4463befecf9a8b5741cca535214f49842f45333704f6003853f7c403c3326_arm64 RHSA-2023:3373 Fixed in: rhel8-operator@sha256:c221730b6caf70982ac608448c481fd46fd5e23618ccd409a898850df3a28fe3_arm64 RHSA-2023:3373 Fixed in: rhel8-operator@sha256:f8ab58df5b777845c0e34328ae06ee73189573b040b018dbbac9c67da4c8077e_amd64 RHSA-2023:3373 mtr/mtr Rocky
Fixed in: rhel8-operator@sha256:a7aeac410307931305125078e51c4086df0aba23215d2a2fd25ac003abe492dc_ppc64le RHSA-2023:3373 Fixed in: operator-bundle@sha256:c6f3757a10c0f4679b414392713da6cb36760c29c375bf615cd9e1ee23f68062_s390x RHSA-2023:3373 Fixed in: rhel8-operator@sha256:45392a5ea3e1a610edf2f0ee60a721370f763e5712aefa4d1a79001f9f6f071e_s390x RHSA-2023:3373 Fixed in: operator-bundle@sha256:90794f222e3d06e5312a808475d784b9c19c5830f3095c26d1d486a2c4c65744_amd64 RHSA-2023:3373 Fixed in: rhel8-operator@sha256:f8ab58df5b777845c0e34328ae06ee73189573b040b018dbbac9c67da4c8077e_amd64 RHSA-2023:3373 Fixed in: operator-bundle@sha256:f6b4463befecf9a8b5741cca535214f49842f45333704f6003853f7c403c3326_arm64 RHSA-2023:3373 Fixed in: rhel8-operator@sha256:c221730b6caf70982ac608448c481fd46fd5e23618ccd409a898850df3a28fe3_arm64 RHSA-2023:3373 Fixed in: operator-bundle@sha256:90e1ab28e5bab215a770dd25e4091eacb9db3851801e54a15bf9bea9257ae117_ppc64le RHSA-2023:3373 mtr/mtr-web Red Hat / RHEL
Fixed in: container-rhel8@sha256:01aff83b56ddcb52aa891defe2e9a68c41ef33f463fd8922c16dc0a18fcb26f3_s390x RHSA-2023:3373 Fixed in: container-rhel8@sha256:1e12bba9f5a4f819b03ad735ed7d9bef6e6fdd31cf1a7e226af202244816add3_amd64 RHSA-2023:3373 Fixed in: container-rhel8@sha256:34c77234543e286178504bbacbf543782b370adffa77e1878fcb3dd85531bacc_ppc64le RHSA-2023:3373 mtr/mtr-web Rocky
Fixed in: container-rhel8@sha256:01aff83b56ddcb52aa891defe2e9a68c41ef33f463fd8922c16dc0a18fcb26f3_s390x RHSA-2023:3373 Fixed in: container-rhel8@sha256:34c77234543e286178504bbacbf543782b370adffa77e1878fcb3dd85531bacc_ppc64le RHSA-2023:3373 Fixed in: container-rhel8@sha256:1e12bba9f5a4f819b03ad735ed7d9bef6e6fdd31cf1a7e226af202244816add3_amd64 RHSA-2023:3373 mtr/mtr-web-executor Red Hat / RHEL
Fixed in: container-rhel8@sha256:16cb9c5fde455960cf4f372d249c53794028953f2deef00b1b09b18c72527f5a_s390x RHSA-2023:3373 Fixed in: container-rhel8@sha256:aa6dccfa566506e417ffcf16288344f8c5c7f538fd92c1d53500ab47821eada7_amd64 RHSA-2023:3373 Fixed in: container-rhel8@sha256:bf6395e9f0695a261342c56b5ec33e26f841a5823cec4fb88d1fae55e983e80e_arm64 RHSA-2023:3373 Fixed in: container-rhel8@sha256:e0c34669ad4072eb8ddfb89ba88f514e315565e4d76ef8f8725326d4bc3b38dd_ppc64le RHSA-2023:3373 mtr/mtr-web-executor Rocky
Fixed in: container-rhel8@sha256:aa6dccfa566506e417ffcf16288344f8c5c7f538fd92c1d53500ab47821eada7_amd64 RHSA-2023:3373 Fixed in: container-rhel8@sha256:bf6395e9f0695a261342c56b5ec33e26f841a5823cec4fb88d1fae55e983e80e_arm64 RHSA-2023:3373 Fixed in: container-rhel8@sha256:e0c34669ad4072eb8ddfb89ba88f514e315565e4d76ef8f8725326d4bc3b38dd_ppc64le RHSA-2023:3373 Fixed in: container-rhel8@sha256:16cb9c5fde455960cf4f372d249c53794028953f2deef00b1b09b18c72527f5a_s390x RHSA-2023:3373 ocp-tools Rocky
Fixed in: 4/jenkins-rhel8@sha256:62ff9863ea5501e790cb56171625abdb7b42e0e2fee658f03264631b76bf1800_s390x RHBA-2023:3300 Fixed in: 4/jenkins-rhel8@sha256:1c4b554f7d5c3d00805e52f927b03c37d2fb9e9abe47090f6938ea34da94fbb9_arm64 RHBA-2023:3300 Fixed in: 4/jenkins-rhel8@sha256:679aa2d2879a987b59397d3e10f0839f20de3c91ffaf4f062b3351609c86ce9f_ppc64le RHBA-2023:3300 Fixed in: 4/jenkins-rhel8@sha256:270b4e3496a9f4267e28883aacfe2da2e7ac2207efb4b793261dc1d06048535c_amd64 RHBA-2023:3300 ocp-tools Red Hat / RHEL
Fixed in: 4/jenkins-rhel8@sha256:1c4b554f7d5c3d00805e52f927b03c37d2fb9e9abe47090f6938ea34da94fbb9_arm64 RHBA-2023:3300 Fixed in: 4/jenkins-rhel8@sha256:270b4e3496a9f4267e28883aacfe2da2e7ac2207efb4b793261dc1d06048535c_amd64 RHBA-2023:3300 Fixed in: 4/jenkins-rhel8@sha256:679aa2d2879a987b59397d3e10f0839f20de3c91ffaf4f062b3351609c86ce9f_ppc64le RHBA-2023:3300 Fixed in: 4/jenkins-rhel8@sha256:62ff9863ea5501e790cb56171625abdb7b42e0e2fee658f03264631b76bf1800_s390x RHBA-2023:3300 ocp-tools-4/jenkins-agent Red Hat / RHEL
Fixed in: base-rhel8@sha256:936ef200431e0c833d351365113ff42e384b1080aebe84d5d913f52fb67da344_ppc64le RHBA-2023:3300 Fixed in: base-rhel8@sha256:0423ad7d75b79137b9ebc4460ee43d590344247a74940164585fce22979e1e23_amd64 RHBA-2023:3300 Fixed in: base-rhel8@sha256:0313544d81f202e1945024ed9dd6e7c91d1506c00fc8e642f6d168bb7f59e27a_s390x RHBA-2023:3300 Fixed in: base-rhel8@sha256:ca7fb421a4e99ab1868e1ba7d1efca81598c940f8dbddc9ead615851325897bb_arm64 RHBA-2023:3300 ocp-tools-4/jenkins-agent Rocky
Fixed in: base-rhel8@sha256:0313544d81f202e1945024ed9dd6e7c91d1506c00fc8e642f6d168bb7f59e27a_s390x RHBA-2023:3300 Fixed in: base-rhel8@sha256:0423ad7d75b79137b9ebc4460ee43d590344247a74940164585fce22979e1e23_amd64 RHBA-2023:3300 Fixed in: base-rhel8@sha256:936ef200431e0c833d351365113ff42e384b1080aebe84d5d913f52fb67da344_ppc64le RHBA-2023:3300 Fixed in: base-rhel8@sha256:ca7fb421a4e99ab1868e1ba7d1efca81598c940f8dbddc9ead615851325897bb_arm64 RHBA-2023:3300 rh-sso-7/sso76 Red Hat / RHEL
Fixed in: openshift-rhel8@sha256:9079e1080d36270fbd3529a221a014859042ebcc627243f015cbbdd3bdc04275_amd64 RHSA-2023:2710 Fixed in: openshift-rhel8@sha256:e7d2be6b039deff86bf9fa7c0285583f3769d4f39be9471ba9906fe8e2fb00e5_s390x RHSA-2023:2710 Fixed in: openshift-rhel8@sha256:c3e0e8203d2a7dd9e3bc729b3fd28b15558b7e6d25c3fb538687be54f0ec5568_ppc64le RHSA-2023:2710 rh-sso-7/sso76 Rocky
Fixed in: openshift-rhel8@sha256:c3e0e8203d2a7dd9e3bc729b3fd28b15558b7e6d25c3fb538687be54f0ec5568_ppc64le RHSA-2023:2710 Fixed in: openshift-rhel8@sha256:9079e1080d36270fbd3529a221a014859042ebcc627243f015cbbdd3bdc04275_amd64 RHSA-2023:2710 Fixed in: openshift-rhel8@sha256:e7d2be6b039deff86bf9fa7c0285583f3769d4f39be9471ba9906fe8e2fb00e5_s390x RHSA-2023:2710 rh-sso7-keycloak Red Hat / RHEL
rh-sso7-keycloak-server Rocky
rh-sso7-keycloak-server Red Hat / RHEL
Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
Exploitability
Attack Vector Network
Attack Complexity High
Privileges Required Low
User Interaction Required
Scope Changed
Impact
Confidentiality None
Integrity None
Availability High
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:H
1.48% probability of exploitation in 30 days
71st percentile
Elevated risk: more likely to be exploited than 71% of all known CVEs.
Other CWE-121 (Stack-based Buffer Overflow) vulnerabilities, ordered by exploit likelihood. View all
Embed a live status badge for CVE-2022-41854 Markdown
[](https://tridentstack.com/cve/CVE-2022-41854)HTML
<a href="https://tridentstack.com/cve/CVE-2022-41854"><img src="https://tridentstack.com/cve/badge/CVE-2022-41854.svg" alt="CVE-2022-41854"></a>Find and fix vulnerabilities across your fleet TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start free This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.