The SingleDocParser::HandleNode function yaml-cpp does not limit the maximum recursion to a suitable amount. Remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. Upstream bug: https://github.com/jbeder/yaml-cpp/issues/459
Created yaml-cpp tracking bugs for this issue: Affects: epel-6 [bug 1439678] Affects: epel-7 [bug 1439676] Affects: fedora-all [bug 1439677] Created yaml-cpp03 tracking bugs for this issue: Affects: epel-7 [bug 1439679] Affects: fedora-all [bug 1439675]
It seems like MongoDB uses yaml for configuration files only, which is hardly a reasonable attack vector. Thus, I don't think that this yaml-cpp issue is a problem in a MongoDB context.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2017-5950