Incus CVE-2026-41648
MEDIUMSeverity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionGitHub Advisory
Summary
User provided image and backup tarballs would be unpacked and YAML files parsed without any size restrictions. This was making it easy for an authenticated user to provide a crafted image or backup tarball that when parsed by Incus would lead to a very large YAML document being loaded into memory, potentially causing the entire server to run out of memory.
Details
It was found that getImageMetadata and backup.GetInfo call yaml.NewDecoder(tr).Decode() directly on the tar reader without limiting how many bytes the YAML decoder can consume. The tar entry hdr.Size is not checked before decoding.
A tar archive can be crafted in which metadata.yaml or backup/index.yaml declares a large size in the tar header, causing the YAML decoder to read and allocate proportional memory on the server. The gopkg.in/yaml.v2 library mitigates YAML alias and anchor bombs, such as “billion laughs,” through its built-in excessive-aliasing check. However, large flat YAML documents with many keys or long string values can still produce linear but amplified memory consumption of approximately 5x to 6x the input size.
A 200 MB tar entry for metadata.yaml may cause approximately 1.2 GB of heap allocations during decode, which may be sufficient to trigger an out-of-memory condition on a constrained daemon or significantly degrade service. Because the decode occurs in the daemon process, excessive garbage-collection pressure can affect concurrent operations. Appropriate API permissions are required to upload an image or backup archive.
Mitigating factors include the fact that the amplification is linear rather than exponential, at approximately 5x to 6x, and that upload bandwidth is the practical bottleneck for delivering large payloads.
Affected Files:
- https://github.com/lxc/incus/blob/v6.22.0/cmd/incusd/images.go#L1456
- https://github.com/lxc/incus/blob/v6.22.0/internal/server/backup/backup_info.go#L87
- https://github.com/lxc/incus/blob/v6.22.0/internal/server/backup/backup_info.go#L115
Image metadata parsing reads YAML directly from the tar stream: Affected Code:
if hdr.Name == "metadata.yaml" || hdr.Name == "./metadata.yaml" {
err = yaml.NewDecoder(tr).Decode(&result)Backup info parsing does the same:
Affected Code:
if hdr.Name == backupIndexPath {
err = yaml.NewDecoder(tr).Decode(&result)
if result.Config == nil && hdr.Name == "backup/container/backup.yaml" {
err = yaml.NewDecoder(tr).Decode(&result.Config)This was confirmed as follows:
Command:
go test ./test/fuzz -run='TestUnboundedYAMLMetadataDecode' -count=1 -vOutput:
=== RUN TestUnboundedYAMLMetadataDecode
image_metadata_poc_test.go:80: metadata.yaml size: 10.2 MB
image_metadata_poc_test.go:113: metadata.yaml hdr.Size = 10688940 bytes (10.2 MB) -- no size
check exists in getImageMetadata before yaml.NewDecoder(tr).Decode()
image_metadata_poc_test.go:124: decoded 50000 properties from 10.2 MB metadata.yaml
image_metadata_poc_test.go:125: yaml.NewDecoder(tr).Decode() accepted 10.2 MB metadata.yaml
with 50000 properties -- no hdr.Size check or io.LimitReader in images.go:1457 or
backup_info.go:88
--- FAIL: TestUnboundedYAMLMetadataDecode (0.11s)
FAILIt is recommended to add a size check on hdr.Size before YAML decoding and to wrap the tar reader in io.LimitReader.
Proposed Fix:
const maxMetadataSize = 1 << 20 // 1 MB
if hdr.Size > maxMetadataSize {
return nil, fmt.Errorf("metadata entry too large: %d bytes", hdr.Size)
}
err = yaml.NewDecoder(io.LimitReader(tr, maxMetadataSize)).Decode(&result)A patch is available at https://github.com/lxc/incus/releases/tag/v7.0.0.
Credit
This issue was discovered and reported by the team at 7asecurity (https://7asecurity.com/)
AnalysisAI
Incus versions up to 6.23.0 allow authenticated users to trigger denial of service by uploading crafted image or backup tarballs containing oversized YAML metadata files that consume excessive server memory during parsing. When metadata.yaml or backup/index.yaml entries declare large sizes in the tar header, the YAML decoder reads and allocates 5-6x the input size without limits, potentially exhausting memory on constrained daemons; a 200 MB YAML entry may trigger 1.2 GB of heap allocations. Vendor-released patch available in v7.0.0.
Technical ContextAI
Incus, a container management system, processes user-uploaded image and backup tar archives by extracting and parsing YAML metadata files (metadata.yaml and backup/index.yaml) using Go's gopkg.in/yaml.v2 decoder. The vulnerability stems from CWE-770 (Allocation of Resources Without Limits or Throttling): the code calls yaml.NewDecoder(tr).Decode() directly on the tar reader without checking the tar entry header size (hdr.Size) or wrapping the reader in io.LimitReader. While yaml.v2 includes built-in mitigation for YAML bomb attacks (billion laughs via excessive aliasing), large flat YAML documents with numerous keys or long string values still produce linear memory amplification of approximately 5-6x. The affected code paths are in cmd/incusd/images.go (getImageMetadata function at line 1456) and internal/server/backup/backup_info.go (GetInfo function at lines 87 and 115). CPE affected: pkg:go/github.com_lxc_incus_v6_cmd_incusd vulnerable through version 6.23.0.
RemediationAI
Upgrade Incus to v7.0.0 or later, which includes a patch implementing size checks on tar entry headers before YAML decoding and wrapping the tar reader in io.LimitReader with a 1 MB maximum. The vendor-released patch is available at https://github.com/lxc/incus/releases/tag/v7.0.0. For organizations unable to patch immediately, the following compensating controls are available: (1) Restrict API access to trusted users only-revoke image and backup upload permissions from untrusted accounts, reducing the threat model to insider threats (side effect: may block legitimate administrative operations if access controls are overly restrictive); (2) Monitor daemon process memory consumption and restart the daemon on sustained high memory usage to recover from denial of service (side effect: temporary service interruption and data loss if backups are in-flight); (3) Deploy Incus on hosts with sufficient memory overhead and swap to absorb the 1-6x memory amplification without crashing (side effect: performance degradation during attacks as garbage collection pressure increases, affecting concurrent container operations); (4) Limit tar entry sizes at the application boundary using middleware to reject uploads exceeding a reasonable metadata size threshold such as 10 MB (side effect: may block legitimate large metadata in edge cases, requires careful tuning). Patching remains the primary and strongly recommended remediation.
Same technique Denial Of Service
View allVendor StatusVendor
SUSE
Severity: LowShare
External POC / Exploit Code
Leaving vuln.today
GHSA-67wx-r9xr-x75x