CVE-2023-47163 - Vulnerability Details - OpenCVE

ReportizFlow

Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service (DoS) condition.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Remarshal Project	Remarshal

Configuration 1 [-]

cpe:2.3:a:remarshal_project:remarshal:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/remarshal-project/remarshal/commit/fd6ac799a02f533c3fc243b49cdd6d21aa7ee494
https://github.com/remarshal-project/remarshal/releases/tag/v0.17.1
https://jvn.jp/en/jp/JVN86156389/

History

No history.

MITRE

Status: PUBLISHED

Assigner: jpcert

Published: 2023-11-13T02:26:42.658Z

Updated: 2024-08-02T21:01:22.828Z

Reserved: 2023-10-31T00:29:57.924Z

Link: CVE-2023-47163

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-11-13T03:15:09.743

Modified: 2024-11-21T08:29:52.983

Link: CVE-2023-47163

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:remarshal_project:remarshal:*:*:*:*:*:*:*:*", "matchCriteriaId": "A664F861-2169-4499-94F0-F80C46FCD477", "versionEndExcluding": "0.17.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Remarshal prior to v0.17.1 expands YAML alias nodes unlimitedly, hence Remarshal is vulnerable to Billion Laughs Attack. Processing untrusted YAML files may cause a denial-of-service (DoS) condition."}, {"lang": "es", "value": "Remarshal anterior a v0.17.1 expande los nodos de alias YAML de forma ilimitada, por lo que Remarshal es vulnerable a Billion Laughs Attack. El procesamiento de archivos YAML que no son de confianza puede provocar una condici\u00f3n de denegaci\u00f3n de servicio (DoS)."}], "id": "CVE-2023-47163", "lastModified": "2024-11-21T08:29:52.983", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-11-13T03:15:09.743", "references": [{"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/remarshal-project/remarshal/commit/fd6ac799a02f533c3fc243b49cdd6d21aa7ee494"}, {"source": "[email protected]", "tags": ["Release Notes"], "url": "https://github.com/remarshal-project/remarshal/releases/tag/v0.17.1"}, {"source": "[email protected]", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN86156389/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/remarshal-project/remarshal/commit/fd6ac799a02f533c3fc243b49cdd6d21aa7ee494"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://github.com/remarshal-project/remarshal/releases/tag/v0.17.1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://jvn.jp/en/jp/JVN86156389/"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-674"}], "source": "[email protected]", "type": "Primary"}]}