CVE-2019-1010182
MEDIUMyaml-rust < 0.4.0 - Denial of Service via YamlLoader::load_from_str Recursion
Title source: llmDescription
yaml-rust 0.4.0 and earlier is affected by: Uncontrolled Recursion. The impact is: Denial of service by impossible to catch abort. The component is: YamlLoader::load_from_str function. The attack vector is: Parsing of a malicious YAML document. The fixed version is: 0.4.1 and later.
References (1)
Core 1
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/chyh1990/yaml-rust/pull/109
Scores
CVSS v3
6.5
EPSS
0.0106
EPSS Percentile
60.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-674
Status
published
Products (1)
yaml-rust_project/yaml-rust
< 0.4.0
Published
Jul 25, 2019
Tracked Since
Feb 18, 2026