Login Sign Up

CVE-2023-47163

7.5 HIGH
Denial of Service

📋 TL;DR

CVE-2023-47163 is a vulnerability in Remarshal that allows unlimited expansion of YAML alias nodes, making it susceptible to Billion Laughs attacks. This can cause denial-of-service by consuming excessive memory and CPU when processing malicious YAML files. Anyone using Remarshal to process untrusted YAML content is affected.

💻 Affected Systems

Products:
  • Remarshal
Versions: All versions prior to v0.17.1
Operating Systems: All platforms running Remarshal
Default Config Vulnerable: ⚠️ Yes
Notes: Any configuration that processes YAML files is vulnerable. The vulnerability is in the YAML parsing functionality itself.

📦 What is this software?

Remarshal by Remarshal Project

View all CVEs affecting Remarshal →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system resource exhaustion leading to service unavailability, potentially affecting dependent applications and requiring system restart.

🟠

Likely Case

Denial-of-service condition where Remarshal processes crash or become unresponsive when processing malicious YAML files.

🟢

If Mitigated

No impact if only trusted YAML files are processed or if the vulnerability is patched.

🌐 Internet-Facing: HIGH if Remarshal processes user-uploaded YAML files from untrusted sources.
🏢 Internal Only: MEDIUM if processing YAML files from internal sources, but could still be exploited via supply chain attacks.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Billion Laughs attacks are well-known and easy to craft. The vulnerability is in the core YAML parsing logic.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v0.17.1

Vendor Advisory: https://github.com/remarshal-project/remarshal/releases/tag/v0.17.1

Restart Required: No

Instructions:

1. Check current Remarshal version. 2. Update to v0.17.1 or later using package manager or direct installation. 3. Verify the update was successful.

🔧 Temporary Workarounds

Input validation and sanitization

all

Implement strict validation of YAML files before processing with Remarshal

Resource limiting

linux

Run Remarshal with resource limits (memory, CPU) to contain potential DoS

ulimit -v 1000000
systemd-run --scope -p MemoryLimit=1G remarshal

🧯 If You Can't Patch

  • Avoid processing untrusted YAML files with vulnerable versions of Remarshal
  • Implement network segmentation and monitoring for systems running vulnerable versions

🔍 How to Verify

Check if Vulnerable:

Check Remarshal version: if version is less than 0.17.1, it is vulnerable

Check Version:

remarshal --version

Verify Fix Applied:

Verify Remarshal version is 0.17.1 or higher and test with known malicious YAML files

📡 Detection & Monitoring

Log Indicators:

  • High memory usage spikes
  • Process crashes or timeouts
  • Repeated YAML parsing failures

Network Indicators:

  • Unusually large YAML file uploads
  • Multiple failed parsing attempts

SIEM Query:

source="remarshal.log" AND ("memory" OR "crash" OR "timeout")

📊 Metadata

CVE ID: CVE-2023-47163
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-674
Published: November 13, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-47163, you might also want to check these:

CVE-2023-51803 9.8

This vulnerability in Heimdall allows attackers to upload malicious icons containing PHP code, poten...

Same vulnerability type (CWE-674)
CVE-2024-37973 8.8

CVE-2024-37973 is a Secure Boot security feature bypass vulnerability that allows attackers to circu...

Same vulnerability type (CWE-674)
CVE-2024-20311 8.6

An unauthenticated remote attacker can send specially crafted LISP packets to vulnerable Cisco devic...

Same vulnerability type (CWE-674)