An issue was discovered in singledocparser.cpp in yaml-cpp (aka LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, and there is a stack consumption problem caused by recursive stack frames: HandleCompactMap, HandleMap, HandleFlowSequence, HandleSequence, HandleNode. Remote attackers could leverage this vulnerability to cause a denial-of-service via a cpp file. References https://github.com/jbeder/yaml-cpp/issues/657
This is very likely a dupe of CVE-2018-20573.
Created yaml-cpp tracking bugs for this issue: Affects: epel-all [bug 1694684] Affects: fedora-all [bug 1694683]
Statement: This issue affects the versions of rh-mongodb32-yaml-cpp, rh-mongodb34-yaml-cpp, and rh-mongodb36-yaml-cpp as shipped with Red Hat Software Collections. However, this is only used to parse configuration files. Red Hat Satellite 6.5 ship yaml-cpp however has been rated as a security impact of Low, product version Satellite 6.6 onward is not affected. Satellite 6.5 is in Maintenance Support phase of the product life cycle and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 6 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.