Symfony's YAML Parser Vulnerable to Exponential Memory Allocation via Recursive Collection-Alias Expansion ("Billion Laughs")

Description Symfony\Component\Yaml\Parser resolves YAML aliases anchor during parsing. Aliases that reference collections arrays, stdClass, TaggedValue-wrapped collections can themselves point to other collections containing aliases, creating exponential expansion at resolution time. A small inpu...

CVE-2026-33320

Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the...

CVE-2026-33320 Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service

Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the...

CVE-2026-33320 Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service

Dasel is a command-line tool and library for querying, modifying, and transforming data structures. Starting in version 3.0.0 and prior to version 3.3.1, Dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the...

GO-2026-4768 Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service in github.com/tomwright/dasel

Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service in github.com/tomwright/dasel...

Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service

Summary dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the library's own UnmarshalYAML implementation, which manually resolves alias nodes by recursively following yaml.Node.Alias pointers without any...

GHSA-4FCP-JXH7-23X8 Dasel has unbounded YAML alias expansion in dasel leads to CPU/memory denial of service

Summary dasel's YAML reader allows an attacker who can supply YAML for processing to trigger extreme CPU and memory consumption. The issue is in the library's own UnmarshalYAML implementation, which manually resolves alias nodes by recursively following yaml.Node.Alias pointers without any...

PT-2026-26480

Name of the Vulnerable Software and Affected Versions Dasel versions 3.0.0 through 3.3.1 Description Dasel’s YAML reader is susceptible to excessive CPU and memory consumption when processing YAML data supplied by an attacker. This occurs because the library’s UnmarshalYAML implementation...

CVE-2026-27807

MarkUs (web app for assignment submission/grading) is affected by CVE-2026-27807 due to YAML files parsed with aliases enabled, enabling a billion‑laughs style DoS. The issue affects configurations uploaded prior to v2.9.4, where YAML parsing could be abused to exhaust resources. The CVSS vector ...

EUVD-2003-1352

Malware in sbrugna...

PT-2023-30338 · Remarshal · Remarshal

Name of the Vulnerable Software and Affected Versions: Remarshal versions prior to 0.17.1 Description: The issue allows for the expansion of YAML alias nodes unlimitedly, making Remarshal susceptible to a Billion Laughs Attack. This can lead to a denial-of-service DoS condition when processing...

SUSE CVE-2007-2683

Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion...

snakeyaml: Billion laughs attack via alias feature

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564...

snakeyaml: Billion laughs attack via alias feature

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564...

DEBIAN-CVE-2017-18640

The Alias feature in SnakeYAML before 1.26 allows entity expansion during a load operation, a related issue to CVE-2003-1564...

Fedora 7 : mutt-1.5.14-4.fc7 (2007-0002)

This update fixes two security issues : The APOP protocol allows remote attackers to guess the first 3 characters of a password via man-in-the-middle MITM attacks that use crafted message IDs and MD5 collisions. CVE-2007-1558 Buffer overflow in Mutt 1.4.2 might allow local users to execute...

Buffer overflow in mutt's gecos structure handling

Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion...

DEBIAN-CVE-2007-2683

Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion...

CVE-2007-2683

Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion...

CVE-2007-2683

Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion...