CVE-2017-5950 in yaml-cpp
Summary
by MITRE
The SingleDocParser::HandleNode function in yaml-cpp (aka LibYaml-C++) 0.5.3 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 11/04/2025
The vulnerability identified as CVE-2017-5950 resides within the yaml-cpp library, specifically in the SingleDocParser::HandleNode function of version 0.5.3. This issue represents a classic stack-based buffer overflow condition that can be exploited through maliciously crafted YAML input files. The vulnerability stems from inadequate input validation and improper handling of nested structures within the YAML parsing logic, creating a scenario where recursive parsing operations can consume excessive stack memory resources. The affected library is widely used across numerous applications and systems for parsing yaml formatted data, making this vulnerability particularly dangerous as it can be leveraged to disrupt service availability across multiple attack vectors.
The technical flaw manifests when the SingleDocParser::HandleNode function processes malformed YAML content containing deeply nested structures or recursive references. During parsing operations, the function recursively traverses the YAML document structure, with each recursive call consuming stack space proportional to the nesting depth. When an attacker crafts a YAML file with excessive nesting levels or circular references, the recursive parsing mechanism can quickly exhaust the available stack memory, leading to stack overflow conditions. This behavior aligns with CWE-129, which describes improper handling of insufficient stack space, and specifically relates to CWE-772, concerning missing resource exhaustion handling. The vulnerability operates at the parsing layer, making it particularly insidious as it can be triggered by any application that utilizes yaml-cpp for processing user-provided or untrusted YAML content.
The operational impact of this vulnerability extends beyond simple denial of service, as it can lead to complete application crashes and system instability. When the stack overflow occurs, applications consuming the vulnerable library will terminate abruptly, potentially leaving systems in an inconsistent state or requiring manual intervention for recovery. The vulnerability affects any system that relies on yaml-cpp for YAML processing, including configuration management tools, web applications, and automated deployment systems that parse yaml files. This creates a widespread attack surface since yaml-cpp is integrated into numerous open source projects and commercial software products. The vulnerability can be exploited through various attack vectors including web uploads, configuration file processing, and automated system integration workflows, making it particularly dangerous in environments where yaml files are processed without proper input sanitization. The attack requires no special privileges and can be executed remotely, making it a significant threat to system availability and service integrity.
Mitigation strategies for CVE-2017-5950 should focus on immediate library upgrades to versions that address the recursive parsing vulnerability. The most effective approach involves updating yaml-cpp to version 0.5.4 or later, where the parsing logic has been modified to implement proper recursion depth limits and stack space monitoring. Organizations should also implement input validation measures, including setting maximum nesting limits for YAML structures and implementing timeout mechanisms for parsing operations. Additionally, security controls should be implemented at the application level to sanitize and validate all YAML input before processing, particularly when dealing with untrusted sources. The remediation process should include thorough testing to ensure that the updated library functions correctly without introducing regressions in existing functionality. System administrators should also monitor for any applications that may be using vulnerable versions of yaml-cpp through dependency analysis tools and implement patch management procedures to ensure all systems remain protected against this and similar stack-based vulnerabilities. This vulnerability demonstrates the critical importance of proper resource management in parsing libraries and aligns with ATT&CK technique T1499.004, which covers network denial of service attacks through resource exhaustion.