CVE-2019-6285 in yaml-cpp
Summary
by MITRE
The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 11/04/2025
The vulnerability identified as CVE-2019-6285 resides within the yaml-cpp library, specifically within the SingleDocParser::HandleFlowSequence function in version 0.6.2. This library serves as a critical component for parsing yaml formatted data in numerous applications across various platforms and programming languages. The flaw manifests as a denial of service condition that can be exploited remotely through the careful crafting of yaml input files. The vulnerability represents a classic stack-based buffer overflow scenario where recursive parsing operations consume excessive stack memory, leading to application instability and potential crashes.
The technical mechanism behind this vulnerability operates through recursive parsing behavior within the yaml-cpp parser. When processing a specially crafted yaml document containing deeply nested flow sequences, the SingleDocParser::HandleFlowSequence function enters a recursive parsing loop that consumes stack space at an exponential rate. This recursive behavior is exacerbated by the parser's lack of proper stack depth limiting mechanisms, allowing attackers to craft yaml files that trigger unlimited recursion. The flaw is categorized under CWE-674 as "Uncontrolled Recursion" and aligns with ATT&CK technique T1499.301 for "Network Denial of Service" through resource exhaustion attacks. The parser's inability to detect and terminate excessive recursion leads to stack overflow conditions that manifest as application crashes or complete denial of service.
The operational impact of this vulnerability extends beyond simple application instability, as yaml-cpp is widely used in critical infrastructure applications including configuration management systems, automated deployment tools, and security monitoring platforms. When exploited, the vulnerability can render systems unavailable to legitimate users by consuming all available stack memory and causing process termination. Attackers can leverage this vulnerability in scenarios involving configuration file processing, automated testing environments, or any system that accepts yaml input from untrusted sources. The vulnerability is particularly concerning in continuous integration/continuous deployment pipelines where yaml configuration files are processed automatically, as it can be exploited to disrupt entire development workflows. Organizations using yaml-cpp in production environments face significant risk of service disruption, especially in systems that process yaml files from external sources without proper input validation.
Mitigation strategies for CVE-2019-6285 should focus on immediate library updates to versions that address the recursive parsing vulnerability. The yaml-cpp maintainers released fixed versions that implement proper recursion depth limits and stack consumption monitoring within the parser. Organizations should also implement input validation measures that restrict yaml file complexity and nesting levels, particularly for files received from external sources. Additional defensive measures include deploying application-level sandboxing techniques, implementing resource quotas for parsing operations, and establishing monitoring systems to detect unusual memory consumption patterns. Network-level controls such as rate limiting and content filtering can help prevent exploitation attempts, while regular security assessments should verify that no other similar vulnerabilities exist in the parsing stack. The vulnerability highlights the importance of proper input validation and recursion handling in parsing libraries, particularly those handling untrusted data formats, and underscores the need for comprehensive security testing of parsing components in critical infrastructure applications.