The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. References: https://github.com/jbeder/yaml-cpp/issues/660
Created yaml-cpp tracking bugs for this issue: Affects: epel-all [bug 1668107] Affects: fedora-all [bug 1668106]
*** Bug 1686723 has been marked as a duplicate of this bug. ***
This is very likely a dupe of CVE-2018-20573.
Statement: This issue affects the versions of rh-mongodb32-yaml-cpp, rh-mongodb34-yaml-cpp, and rh-mongodb36-yaml-cpp as shipped with Red Hat Software Collections. However, this is only used to parse configuration files. Red Hat Satellite 6.5 ship yaml-cpp however has been rated as a security impact of Low, product version Satellite 6.6 onward is not affected. Satellite 6.5 is in Maintenance Support phase of the product life cycle and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Satellite 6 Life Cycle: https://access.redhat.com/support/policy/updates/satellite.