{"id":"CVE-2022-28948","details":"An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.","aliases":["GHSA-hp87-p4gw-j4gq","GO-2022-0603"],"modified":"2026-03-13T05:45:11.427772Z","published":"2022-05-19T20:15:10.567Z","related":["CGA-c83p-wfx4-qxwj","SUSE-SU-2025:02998-1","SUSE-SU-2025:02999-1","SUSE-SU-2025:03000-1","SUSE-SU-2025:03001-1","openSUSE-SU-2024:0319-1","openSUSE-SU-2024:12490-1","openSUSE-SU-2025:15510-1","openSUSE-SU-2025:15529-1"],"references":[{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220923-0006/"},{"type":"FIX","url":"https://github.com/go-yaml/yaml/issues/666"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/go-yaml/yaml","events":[{"introduced":"0"},{"last_affected":"00bbc0947ae889b9e480044dbc3bc3e3216a6a89"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.0.0"}]}}],"versions":["v2.0.0","v2.1.0","v2.1.1","v2.2.0","v2.2.1","v3.0.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-28948.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}