Listen to this Post
How CVE-2026-33743 Works
Incus parses YAML files from user‑provided image and backup tarballs without any size restrictions. The functions `getImageMetadata` and `backup.GetInfo` call `yaml.NewDecoder(tr).Decode()` directly on the tar reader, and the tar header’s `hdr.Size` is never checked. An authenticated attacker can craft a tarball whose `metadata.yaml` or `backup/index.yaml` declares a very large size. Although the YAML library prevents “billion‑laughs” style aliasing, a large flat YAML document still consumes 5–6× the input size in heap memory. For example, a 200 MB file can cause ~1.2 GB of allocations, potentially triggering out‑of‑memory on the daemon. Repeated exploitation keeps the control plane offline, causing a denial of service of the management API. The issue is fixed by adding a size check (if hdr.Size > maxMetadataSize) and wrapping the reader with io.LimitReader. The patch is included in Incus 7.0.0 and later.
DailyCVE Form (3 words max per line)
Platform: Incus Daemon
Version: ≤ 6.22.x
Vulnerability: Unbounded YAML Decode
Severity: Medium (CVSS 6.5)
Date: 2026‑03‑26
Prediction: Patch by 2026‑04‑30
What Undercode Say
Analytics / Bash‑based detection and memory profiling:
Check for suspiciously large metadata.yaml inside tarballs
tar -tvf malicious_backup.tar.gz | grep -E '(metadata.yaml|index.yaml)'
Use a fuzzing test to reproduce the unbounded decode
go test ./test/fuzz -run='TestUnboundedYAMLMetadataDecode' -count=1 -v
Monitor daemon memory consumption while handling backups
while true; do ps -o vsz,rss -C incusd | awk '{sum+=$2} END {print sum/1024 " MB"}'; sleep 2; done
Simulate extreme case (requires appropriate API permissions)
dd if=/dev/zero bs=1M count=200 | gzip > large_metadata.yaml.gz
tar cf payload.tar large_metadata.yaml
incus image import payload.tar --alias poc
Exploit
- Create a tarball containing a `metadata.yaml` of 200 MB (or more) filled with repetitive key‑value pairs.
- Import the tarball as an image (
incus image import exploit.tar --alias poc). - The daemon parses the huge YAML, allocating ~1.2 GB of heap memory.
- On systems with limited RAM, the daemon crashes or becomes unresponsive, disabling the control plane.
- Repeated imports keep the daemon offline, causing a persistent denial of service.
Protection from this CVE
- Upgrade to Incus 7.0.0 or later (the fix is included).
- Enforce strict size limits on uploaded images/backups by wrapping the YAML decoder with
io.LimitReader. - Apply the proposed patch:
const maxMetadataSize = 1 << 20 // 1 MB if hdr.Size > maxMetadataSize { return nil, fmt.Errorf("metadata entry too large: %d bytes", hdr.Size) } err = yaml.NewDecoder(io.LimitReader(tr, maxMetadataSize)).Decode(&result) - Restrict API access to trusted users only; deny upload privileges to untrusted parties.
Impact
- Denial of service of the Incus control plane – management API becomes unavailable.
- No effect on running workloads – containers and VMs continue to operate.
- Resource exhaustion – linear memory consumption (5–6× the input size) leads to out‑of‑memory conditions on constrained daemons.
- Garbage‑collection pressure – can degrade concurrent operations even if the daemon does not crash outright.
- Network bandwidth as natural bottleneck – large payloads require time to upload, limiting the speed of repeated attacks.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode
