CVE-2018-20574

CVE-2018-20574 affects yaml-cpp (LibYaml-C++) 0.6.2, where the function SingleDocParser::HandleFlowMap can be abused by a crafted YAML file to trigger denial of service (stack consumption and application crash). Public documents corroborate this by listing CVE-2018-20574 in SUSE/openSUSE advisori...

CVE-2018-20573

CVE-2018-20573 affects yaml-cpp (LibYaml-C++) 0.6.2. The vulnerability, in Scanner::EnsureTokensInQueue, allows remote attackers to cause denial of service via a crafted YAML file, consuming stack resources and crashing the application. Connected advisories indicate patches/revisions exist (e.g.,...

CVE-2019-6285

CVE-2019-6285 affects yaml-cpp (LibYaml-C++) 0.6.2. The vulnerability exists in SingleDocParser::HandleFlowSequence and can cause denial of service via crafted YAML input (stack consumption and application crash). Multiple advisories from SUSE-Linux and Nessus corroborate this issue within yaml-c...

CVE-2019-6292

The CVE-2019-6292 issue is a stack exhaustion vulnerability in yaml-cpp (LibYaml-C++) 0.6.2. It occurs in YAML::SingleDocParser due to recursive stack frames in HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, and HandleNode, enabling a remote attacker to trigger a denial-of-servi...

CVE-2017-5950

yaml-cpp (LibYaml-C++) vulnerability CVE-2017-5950 stems from SingleDocParser::HandleNode and affects 0.5.x series (e.g., 0.5.3). A crafted YAML file can cause stack consumption and application crash (DoS). Remediation per connected advisories: rebuild/upgrade to yaml-cpp 0.6.0 or newer (Fedora 2...

CVE-2017-11692

yaml-cpp vulnerability (CVE-2017-11692) affects version 0.5.3 and earlier. The issue is in Token& Scanner::peek in scanner.cpp, where processing a crafted string like '!2' can trigger a remote denial of service via an assertion failure and application exit. Multiple connected advisories corrobora...