CVE-2019-6292

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions yaml-cpp (aka LibYaml-C++) version 0.6.2

Description An issue in singledocparser.cpp causes a stack exhaustion problem due to recursive stack frames in functions like HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, and HandleNode. This could allow remote attackers to cause a denial-of-service.

Recommendations For yaml-cpp (aka LibYaml-C++) version 0.6.2, consider disabling the recursive parsing functionality in singledocparser.cpp as a temporary workaround until a patch is available. Restrict access to the HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, and HandleNode functions to minimize the risk of exploitation.

Exploit

Fix

DoS

Uncontrolled Recursion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-674

Related Identifiers

ALT-PU-2020-1758

AZL-7009

CVE-2019-6292

OPENSUSE-SU-2022:1073-1

OPENSUSE-SU-2022_1073-1

SUSE-SU-2022:1072-1

SUSE-SU-2022:1073-1

SUSE-SU-2022:1073-2

SUSE-SU-2023:1740-3

Affected Products

Alt Linux

Suse

Yaml-Cpp

CVE-2019-6292

Weakness Enumeration

Related Identifiers

Affected Products

References · 27