yaml-cpp icon indicating copy to clipboard operation
yaml-cpp copied to clipboard
verified publisher icon jbeder

Catastrophic backtracking in regex engine causes infinite hang with some inputs

Open RajathJayashankar opened this issue 5 months ago • 0 comments

  • Some inputs ex: {: [: causes YAML::Load() to hang indefinitely
  • The hang occurs in the regex engine during token scanning
  • Stack trace shows deep recursion in MatchOpOr and MatchOpSeq
  • This is a denial of service vulnerability for any application that processes untrusted YAML

to reproduce:

#include "yaml-cpp/yaml.h"
#include <sstream>

int main() {
    std::string input = "{:";
    std::stringstream ss(input);
    YAML::Node node = YAML::Load(ss);  // Hangs here indefinitely
    return 0;
}

RajathJayashankar avatar Jul 23 '25 18:07 RajathJayashankar