CVE-2023-47163
N/A
N/A
Summary
Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service (DoS) condition.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Remarshal-project | Remarshal | prior to v0.17.1 | affected |
Weaknesses
- Uncontrolled Recursion
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/remarshal-project/remarshal/releases/tag/v0.17.1
- https://github.com/remarshal-project/remarshal/commit/fd6ac799a02f533c3fc243b49cdd6d21aa7ee494
- https://jvn.jp/en/jp/JVN86156389/
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: yes
- Technical Impact: partial
References
- https://github.com/remarshal-project/remarshal/releases/tag/v0.17.1
- https://github.com/remarshal-project/remarshal/commit/fd6ac799a02f533c3fc243b49cdd6d21aa7ee494
- https://jvn.jp/en/jp/JVN86156389/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.