CVE-2018-20574 in yaml-cpp
Summary
by MITRE
The SingleDocParser::HandleFlowMap function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 11/04/2025
The vulnerability identified as CVE-2018-20574 resides within the yaml-cpp library version 0.6.2, specifically within the SingleDocParser::HandleFlowMap function. This flaw represents a critical security issue that enables remote attackers to execute a denial of service attack by crafting malicious YAML files that consume excessive stack memory. The vulnerability stems from inadequate input validation and improper handling of nested data structures within the YAML parsing process, creating a scenario where recursive parsing operations can rapidly exhaust available stack space.
The technical implementation of this vulnerability involves the improper management of recursive parsing operations within flow maps, which are compact representations of key-value pairs in YAML format. When the SingleDocParser::HandleFlowMap function processes a specially crafted YAML file containing deeply nested or self-referential structures, it fails to implement adequate stack depth limits or recursion guards. This allows attackers to construct YAML documents that trigger excessive stack consumption through repeated function calls, ultimately leading to stack overflow conditions that cause application crashes and system instability. The flaw aligns with CWE-674, which addresses improper control of recursion, and represents a classic example of uncontrolled recursion leading to resource exhaustion.
From an operational perspective, this vulnerability poses significant risks to applications that rely on yaml-cpp for processing user-supplied YAML content, including configuration management systems, continuous integration pipelines, and web applications that accept YAML input. The impact extends beyond simple service disruption as the vulnerability can be exploited in automated attack scenarios, potentially leading to sustained denial of service conditions that affect availability and reliability. Attackers can craft payloads that require minimal resources to execute while causing maximum disruption, making this vulnerability particularly dangerous in production environments where YAML parsing is a common operation. The vulnerability also intersects with ATT&CK technique T1499.004, which covers network denial of service attacks, and represents a form of resource exhaustion attack that targets application stack memory.
Mitigation strategies for CVE-2018-20574 should prioritize immediate remediation through version updates to yaml-cpp 0.6.3 or later, which includes proper stack depth limiting and recursion prevention mechanisms. Organizations should implement input validation measures that restrict the complexity and nesting levels of YAML documents processed by applications, particularly those accepting external input. Additionally, deployment of application-level protections such as stack limiting mechanisms, memory monitoring, and resource allocation controls can provide defense-in-depth measures. System administrators should also consider implementing network-level protections and monitoring for unusual parsing patterns that might indicate exploitation attempts. The vulnerability highlights the importance of proper input validation and resource management in parsing libraries, serving as a reminder that seemingly benign data processing functions can become attack vectors when proper safeguards are not implemented.