JVN#86156389
Remarshal unlimitedly expanding YAML alias nodes
Overview
Remarshal expands YAML alias nodes unlimitedly, vulnerable to Billion-laughs Attack.
Products Affected
- Remarshal versions prior to v0.17.1
Description
Remarshal provided by Remarshal Project expands YAML alias nodes unlimitedly (CWE-674), hence Remarshal is vulnerable to Billion Laughs Attack.
Impact
Processing untrusted YAML files may cause a denial-of-service (DoS) condition.
Solution
Update the Software
Update to the latest version according to the information provided by the developer.
The developer has released the version listed below that addresses the vulnerability.
- Remarshal v0.17.1
Vendor Status
| Vendor | Link |
| Remarshal Project | v0.17.1 |
| fix(yaml): limit maximum nodes |
References
-
yaml-spec
issue#45: Current version of the YAML specification could leave implementions open to Denial of Service Attacks
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
| Attack Vector(AV) | Physical (P) | Local (L) | Adjacent (A) | Network (N) |
|---|---|---|---|---|
| Attack Complexity(AC) | High (H) | Low (L) | ||
| Privileges Required(PR) | High (H) | Low (L) | None (N) | |
| User Interaction(UI) | Required (R) | None (N) | ||
| Scope(S) | Unchanged (U) | Changed (C) | ||
| Confidentiality Impact(C) | None (N) | Low (L) | High (H) | |
| Integrity Impact(I) | None (N) | Low (L) | High (H) | |
| Availability Impact(A) | None (N) | Low (L) | High (H) |
| Access Vector(AV) | Local (L) | Adjacent Network (A) | Network (N) |
|---|---|---|---|
| Access Complexity(AC) | High (H) | Medium (M) | Low (L) |
| Authentication(Au) | Multiple (M) | Single (S) | None (N) |
| Confidentiality Impact(C) | None (N) | Partial (P) | Complete (C) |
| Integrity Impact(I) | None (N) | Partial (P) | Complete (C) |
| Availability Impact(A) | None (N) | Partial (P) | Complete (C) |
Comment
This analysis assumes that a victim user is directed to process some crafted YAML file.
Credit
Taichi Kotake of Sterra Security Co.,Ltd. / Akatsuki Games Inc. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert |
|
| JPCERT Reports |
|
| CERT Advisory |
|
| CPNI Advisory |
|
| TRnotes |
|
| CVE |
CVE-2023-47163 |
| JVN iPedia |
JVNDB-2023-000111 |