100 matches found
CVE-2026-57076
A flaw was found in YAML::Syck. An attacker could exploit a heap use-after-free vulnerability by providing a specially crafted YAML document that reuses an anchor name as an anchors-table key. This flaw causes the software to read freed heap memory, which may lead to information disclosure or...
CVE-2026-57077
A flaw was found in YAML::Syck. An out-of-bounds read vulnerability exists due to an unbounded newline scan during block-scalar lexing. A remote attacker could exploit this by providing a specially crafted YAML document, leading to potential information disclosure. This issue is an incomplete fix...
CVE-2026-57075
A flaw was found in YAML::Syck. An out-of-bounds read vulnerability exists in the base64 decoder, specifically in the syckbase64dec function. This occurs because the decoder uses a signed character to index a lookup table, allowing specially crafted !!binary YAML nodes with high-bit bytes to caus...
UBUNTU-CVE-2026-57075
YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syckbase64dec. The base64 decoder in the bundled libsyck indexes the 256-entry static table b64xtable with a signed char, so any !!binary byte = 0x80 sign-extends to a negative index and...
DEBIAN-CVE-2026-57076
YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syckhdlraddanchor. In the bundled libsyck an anchor name allocated by syckstrndup is stored both as node-anchor, freed when the node is freed, and as the key in the parser's...
CVE-2026-57075
YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syckbase64dec. The base64 decoder in the bundled libsyck indexes the 256-entry static table b64xtable with a signed char, so any !!binary byte = 0x80 sign-extends to a negative index and...
CVE-2026-57076
YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syckhdlraddanchor. In the bundled libsyck an anchor name allocated by syckstrndup is stored both as node-anchor, freed when the node is freed, and as the key in the parser's...
CVE-2026-57077
YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via an unbounded newline scan in newlinelen. In the bundled libsyck newlinelen and isnewline dereference the scan pointer, and the following byte for a "\r\n" pair, with no NUL-terminator or bounds check. During block-scalar...
CVE-2026-57077 YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via an unbounded newline scan in newline_len
YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via an unbounded newline scan in newlinelen. In the bundled libsyck newlinelen and isnewline dereference the scan pointer, and the following byte for a "\r\n" pair, with no NUL-terminator or bounds check. During block-scalar...
CVE-2026-57077
Affected software: YAML::Syck (Perl) before version 1.47. Vulnerability: out-of-bounds read via an unbounded newline scan in newline_len during block-scalar lexing at a document boundary, dereferencing scan pointers and the following byte of a "\r\n" pair without a NUL-terminator or bounds check....
CVE-2026-57076 YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syck_hdlr_add_anchor
YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syckhdlraddanchor. In the bundled libsyck an anchor name allocated by syckstrndup is stored both as node-anchor, freed when the node is freed, and as the key in the parser's...
CVE-2026-57075 YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syck_base64dec
YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syckbase64dec. The base64 decoder in the bundled libsyck indexes the 256-entry static table b64xtable with a signed char, so any !!binary byte = 0x80 sign-extends to a negative index and...
CVE-2026-57075
CVE-2026-57075 affects YAML::Syck before 1.47 for Perl. The base64 decoder syck_base64dec indexes a 256-entry table with a signed char, so any !!binary byte >= 0x80 sign-extends to a negative index and causes an out-of-bounds read from the table, leading to information exposure if a crafted YA...
CVE-2026-13713 YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack
YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack. In the bundled libsyck, when an anchor name is redefined or removed, syckhdlraddanchor and syckhdlrremoveanchor free the node stored under that name with...
CVE-2026-13713
CVE-2026-13713 affects YAML::Syck versions before 1.47 (Perl). A use-after-free and double-free occurs when an anchor is redefined while still on the parser value stack, due to how syck_hdlr_add_anchor and syck_hdlr_remove_anchor free the node. The freed node may still be live on the value stack,...
openSUSE 16 Security Update : perl-YAML-Syck (openSUSE-SU-2026:20938-1)
The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20938-1 advisory. Changes in perl-YAML-Syck: - CVE-2026-5089: prevent buffer underflow in base60 sexagesimal parsing PR 133 bsc1265155. Tenable has extracted the precedin...
OPENSUSE-SU-2026:20938-1 Security update for perl-YAML-Syck
This update for perl-YAML-Syck fixes the following issues: Changes in perl-YAML-Syck: - CVE-2026-5089: prevent buffer underflow in base60 sexagesimal parsing PR 133 bsc1265155...
Medium: perl-YAML-Syck
Issue Overview: YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 sexagesimal parsing code in perlsyck.h has a buffer underflow bug in both intbase60 and floatbase60 handlers. When processing the leftmost segment of a colon-separated value e.g., the 1 in 1:30:45, the...
Amazon Linux 2023 : perl-YAML-Syck, perl-YAML-Syck-tests (ALAS2023-2026-1769)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1769 advisory. YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 sexagesimal parsing code in perlsyck.h has a buffer underflow bug in both intbase60 and floatbase60 handlers. When...
Amazon Linux 2 : perl-YAML-Syck, --advisory ALAS2-2026-3327 (ALAS-2026-3327)
The version of perl-YAML-Syck installed on the remote host is prior to 1.27-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3327 advisory. YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 sexagesimal parsing code in perlsyck.h has a...