Safeguard
Vulnerability Analysis

CVE-2017-18640: Denial of service via SnakeYAML alias ent...

CVE-2017-18640 lets attackers crash Java services by abusing SnakeYAML's YAML alias/anchor expansion. Here's what's affected and how to fix it.

Vikram Iyer
Security Researcher
7 min read

SnakeYAML is one of the most widely used YAML parsing libraries in the Java ecosystem, pulled in transitively by frameworks like Spring, Jackson, and countless CI/CD and configuration-management tools. CVE-2017-18640 is a denial-of-service vulnerability in SnakeYAML that lets an attacker crash an application simply by handing it a small, specially crafted YAML document. The flaw stems from SnakeYAML's default parser failing to restrict the size of data structures created through YAML's alias/anchor mechanism, allowing a tiny input to explode into a massive in-memory object graph — a YAML analogue of the classic XML "billion laughs" attack.

Any service that parses untrusted or semi-trusted YAML with a vulnerable SnakeYAML version — a webhook payload, an uploaded configuration file, a Kubernetes manifest, a CI pipeline definition — is a candidate for exploitation. The result is typically an out-of-memory condition or CPU exhaustion that takes the parsing process down.

Affected Versions and Components

  • Component: org.yaml:snakeyaml (the standalone SnakeYAML library for Java)
  • Affected versions: SnakeYAML releases prior to 1.26
  • Fixed version: 1.26, which introduced safeguards against unrestricted alias expansion when parsing untrusted input
  • Root cause: SnakeYAML's Constructor did not limit the number of aliases (references to previously defined anchors) that could be resolved during parsing unless the caller explicitly used a hardened constructor path. An attacker can define a small set of anchors and then reference them recursively, causing the number of resolved objects to grow exponentially relative to the size of the input document.

Because SnakeYAML is rarely a direct, top-level dependency, most organizations are exposed to this CVE transitively. It ships inside:

  • Jackson's YAML data format module (jackson-dataformat-yaml), used by Spring Boot's YAML configuration support and many REST/serialization stacks
  • Spring Cloud Config and other Spring components that load YAML at runtime
  • Build, CI/CD, and infrastructure tooling that accepts YAML configuration (Jenkins plugins, Apache-ecosystem projects, Elasticsearch/Logstash configuration loaders, and others)
  • Any custom Java service that calls new Yaml().load(...) on external input

This transitive exposure is exactly why the CVE persisted in production dependency trees long after a fix existed — teams patched their direct dependencies without realizing an old SnakeYAML jar was still being dragged in three or four levels down.

CVSS, EPSS, and KEV Context

NVD scores CVE-2017-18640 with a CVSS v3.1 base score of 7.5 (High), reflecting a network-exploitable, low-complexity attack that requires no privileges or user interaction and results in a high availability impact with no confidentiality or integrity loss (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H). That scoring lines up with the nature of the bug: it is a pure resource-exhaustion denial of service, not a path to code execution or data compromise.

From an exploitation-likelihood standpoint, this CVE has not been associated with widespread, opportunistic mass exploitation the way memory-corruption or deserialization bugs often are — it requires an attacker to be able to deliver a YAML document to a vulnerable parser, which narrows the practical attack surface to applications that accept YAML from external or semi-trusted sources. It does not appear on CISA's Known Exploited Vulnerabilities (KEV) catalog, and its EPSS (Exploit Prediction Scoring System) probability sits well below the range associated with actively-weaponized flaws. That said, low EPSS is not the same as "safe to ignore": DoS bugs in shared parsing libraries are cheap to trigger once a vulnerable version is confirmed, and availability impact on a critical service can still be a serious incident regardless of exploit prevalence.

Timeline

  • SnakeYAML's alias-expansion resource-exhaustion behavior was identified and reported to the project as a security concern, leading to a fix in the 1.26 release.
  • A CVE identifier, CVE-2017-18640, was later reserved and eventually published to NVD to formally track the issue — the mismatch between the "2017" CVE-ID year and its later public disclosure is a well-known artifact of the CVE numbering process, where an ID is reserved in one year but the record isn't populated and published until later.
  • SnakeYAML 1.26 and subsequent releases shipped with mitigations that restrict unbounded alias resolution.
  • The story doesn't fully end there: a related follow-up issue, CVE-2022-25857, showed that the original 1.26 fix did not fully close the door on billion-laughs-style YAML bombs targeting collections. The maintainers subsequently introduced an explicit, tunable safeguard — LoaderOptions.setMaxAliasesForCollections() — starting in SnakeYAML 1.31, giving applications direct control over how many aliases a single document may expand into.

The practical lesson from this timeline is that upgrading past 1.26 addresses the originally reported CVE-2017-18640 behavior, but organizations parsing untrusted YAML should track SnakeYAML's later hardening (1.31+) as well, since the alias-expansion problem space took more than one release to fully mitigate.

Remediation Steps

  1. Identify every copy of SnakeYAML in your dependency tree, not just direct declarations. Use mvn dependency:tree / gradle dependencies (or an SBOM/SCA tool) to find org.yaml:snakeyaml pulled in via Jackson, Spring Boot starters, Elasticsearch client libraries, Jenkins plugins, or other transitive paths.
  2. Upgrade to SnakeYAML 1.26 or later wherever the library is resolved. If it arrives transitively through a parent framework (e.g., Spring Boot or jackson-dataformat-yaml), upgrade that parent dependency to a version that itself bundles a patched SnakeYAML, or use a dependency-management override to force a safe version across the build.
  3. Prefer 1.31+ and configure LoaderOptions.setMaxAliasesForCollections() explicitly for any code path that parses YAML from an untrusted or external source. This directly bounds how much a single document can expand, closing the gap left by the original 1.26 fix.
  4. Use SafeConstructor (or an equivalently restrictive Constructor) when loading untrusted YAML, and avoid the permissive default Yaml().load() call on content you don't fully control.
  5. Add resource limits at the application layer — request size caps, parsing timeouts, and memory/CPU quotas for services that process external YAML — as defense in depth against this and future parser-exhaustion bugs.
  6. Re-verify after upgrading dependency managers, since Maven/Gradle dependency mediation can silently reintroduce an old SnakeYAML version if a different transitive path pins to it.

How Safeguard Helps

CVE-2017-18640 is a textbook example of why supply chain visibility matters more than patching what's in front of you: the vulnerable component is almost never a direct dependency, and most teams discover it buried three or four hops deep in a build they didn't write. Safeguard is built to close exactly that gap.

  • Full transitive dependency visibility. Safeguard builds a complete, continuously updated software bill of materials (SBOM) for your applications, so a stale org.yaml:snakeyaml jar pulled in through Jackson, Spring Boot, or a CI plugin is surfaced automatically — no manual dependency:tree archaeology required.
  • Context-aware risk prioritization. Rather than treating every CVE alike, Safeguard correlates CVSS severity, EPSS exploitation likelihood, and CISA KEV status so your team can see that CVE-2017-18640 is a real availability risk worth fixing, without letting it drown out genuinely actively-exploited vulnerabilities elsewhere in your stack.
  • Reachability and exposure analysis. Safeguard helps determine whether your application actually parses untrusted YAML through the vulnerable code path, so remediation effort goes first to services genuinely exposed to attacker-controlled input rather than every service that merely has the jar on the classpath.
  • Continuous monitoring for follow-on issues. Because vulnerabilities like this one evolved across multiple releases (1.26, then 1.31 for the more complete fix), Safeguard tracks version-specific advisories over time so a "patched" dependency doesn't quietly drift back into vulnerable territory as new related CVEs are disclosed.
  • Policy-driven enforcement. Teams can set gates that block builds or deployments introducing known-vulnerable SnakeYAML versions, preventing regression even when the library re-enters the tree through an unrelated upgrade elsewhere in the dependency graph.

Denial-of-service bugs in shared parsing libraries rarely make headlines, but they are exactly the kind of deep, transitive risk that traditional dependency checks miss. Safeguard's SBOM-driven approach ensures vulnerabilities like CVE-2017-18640 are found, prioritized correctly, and don't silently resurface in your software supply chain.

Never miss an update

Weekly insights on software supply chain security, delivered to your inbox.