CVE-2019-1010183

MEDIUM

serde-yaml 0.6.0-0.8.3 - Denial of Service via Uncontrolled Recursion in Deserialization Functions

Title source: llm
STIX 2.1

Description

serde serde_yaml 0.6.0 to 0.8.3 is affected by: Uncontrolled Recursion. The impact is: Denial of service by aborting. The component is: from_* functions (all deserialization functions). The attack vector is: Parsing a malicious YAML file. The fixed version is: 0.8.4 and later.

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/dtolnay/serde-yaml/pull/105

Scores

CVSS v3 6.5
EPSS 0.0108
EPSS Percentile 60.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Details

CWE
CWE-674
Status published
Products (1)
serde-yaml_project/serde-yaml 0.6.0 - 0.8.3
Published Jul 25, 2019
Tracked Since Feb 18, 2026