Lucene search
+L

100 matches found

RedhatCVE
RedhatCVE
added 16 hours ago3 views

CVE-2026-57076

A flaw was found in YAML::Syck. An attacker could exploit a heap use-after-free vulnerability by providing a specially crafted YAML document that reuses an anchor name as an anchors-table key. This flaw causes the software to read freed heap memory, which may lead to information disclosure or...

7.8CVSS6AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 16 hours ago3 views

CVE-2026-57077

A flaw was found in YAML::Syck. An out-of-bounds read vulnerability exists due to an unbounded newline scan during block-scalar lexing. A remote attacker could exploit this by providing a specially crafted YAML document, leading to potential information disclosure. This issue is an incomplete fix...

7.7CVSS6.1AI score
Exploits0References6
RedhatCVE
RedhatCVE
added 16 hours ago4 views

CVE-2026-57075

A flaw was found in YAML::Syck. An out-of-bounds read vulnerability exists in the base64 decoder, specifically in the syckbase64dec function. This occurs because the decoder uses a signed character to index a lookup table, allowing specially crafted !!binary YAML nodes with high-bit bytes to caus...

9.1CVSS6AI score
Exploits0References5
OSV
OSV
added 19 hours ago2 views

UBUNTU-CVE-2026-57075

YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syckbase64dec. The base64 decoder in the bundled libsyck indexes the 256-entry static table b64xtable with a signed char, so any !!binary byte = 0x80 sign-extends to a negative index and...

9.1CVSS5.3AI score
Exploits0References6
OSV
OSV
added yesterday2 views

DEBIAN-CVE-2026-57076

YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syckhdlraddanchor. In the bundled libsyck an anchor name allocated by syckstrndup is stored both as node-anchor, freed when the node is freed, and as the key in the parser's...

7.8CVSS5.4AI score
Exploits0References1
NVD
NVD
added yesterday5 views

CVE-2026-57075

YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syckbase64dec. The base64 decoder in the bundled libsyck indexes the 256-entry static table b64xtable with a signed char, so any !!binary byte = 0x80 sign-extends to a negative index and...

9.1CVSS
Exploits0References3
NVD
NVD
added yesterday5 views

CVE-2026-57076

YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syckhdlraddanchor. In the bundled libsyck an anchor name allocated by syckstrndup is stored both as node-anchor, freed when the node is freed, and as the key in the parser's...

7.8CVSS
Exploits0References3
NVD
NVD
added yesterday5 views

CVE-2026-57077

YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via an unbounded newline scan in newlinelen. In the bundled libsyck newlinelen and isnewline dereference the scan pointer, and the following byte for a "\r\n" pair, with no NUL-terminator or bounds check. During block-scalar...

7.7CVSS
Exploits0References3
Cvelist
Cvelist
added yesterday24 views

CVE-2026-57077 YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via an unbounded newline scan in newline_len

YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via an unbounded newline scan in newlinelen. In the bundled libsyck newlinelen and isnewline dereference the scan pointer, and the following byte for a "\r\n" pair, with no NUL-terminator or bounds check. During block-scalar...

Exploits0References3
CVE
CVE
added yesterday5 views

CVE-2026-57077

Affected software: YAML::Syck (Perl) before version 1.47. Vulnerability: out-of-bounds read via an unbounded newline scan in newline_len during block-scalar lexing at a document boundary, dereferencing scan pointers and the following byte of a "\r\n" pair without a NUL-terminator or bounds check....

7.7CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added yesterday24 views

CVE-2026-57076 YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syck_hdlr_add_anchor

YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syckhdlraddanchor. In the bundled libsyck an anchor name allocated by syckstrndup is stored both as node-anchor, freed when the node is freed, and as the key in the parser's...

Exploits0References2
Cvelist
Cvelist
added yesterday25 views

CVE-2026-57075 YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syck_base64dec

YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syckbase64dec. The base64 decoder in the bundled libsyck indexes the 256-entry static table b64xtable with a signed char, so any !!binary byte = 0x80 sign-extends to a negative index and...

Exploits0References2
CVE
CVE
added yesterday5 views

CVE-2026-57075

CVE-2026-57075 affects YAML::Syck before 1.47 for Perl. The base64 decoder syck_base64dec indexes a 256-entry table with a signed char, so any !!binary byte >= 0x80 sign-extends to a negative index and causes an out-of-bounds read from the table, leading to information exposure if a crafted YA...

9.1CVSS6.1AI score
Exploits0References3
Cvelist
Cvelist
added yesterday28 views

CVE-2026-13713 YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack

YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack. In the bundled libsyck, when an anchor name is redefined or removed, syckhdlraddanchor and syckhdlrremoveanchor free the node stored under that name with...

Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-13713

CVE-2026-13713 affects YAML::Syck versions before 1.47 (Perl). A use-after-free and double-free occurs when an anchor is redefined while still on the parser value stack, due to how syck_hdlr_add_anchor and syck_hdlr_remove_anchor free the node. The freed node may still be live on the value stack,...

6.2CVSS6.1AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/14 12:0 a.m.8 views

openSUSE 16 Security Update : perl-YAML-Syck (openSUSE-SU-2026:20938-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20938-1 advisory. Changes in perl-YAML-Syck: - CVE-2026-5089: prevent buffer underflow in base60 sexagesimal parsing PR 133 bsc1265155. Tenable has extracted the precedin...

7.3CVSS5.5AI score0.00333EPSS
Exploits0References3
OSV
OSV
added 2026/06/10 11:47 a.m.6 views

OPENSUSE-SU-2026:20938-1 Security update for perl-YAML-Syck

This update for perl-YAML-Syck fixes the following issues: Changes in perl-YAML-Syck: - CVE-2026-5089: prevent buffer underflow in base60 sexagesimal parsing PR 133 bsc1265155...

7.3CVSS5.5AI score0.00333EPSS
Exploits0References2
Amazon
Amazon
added 2026/06/08 12:0 a.m.12 views

Medium: perl-YAML-Syck

Issue Overview: YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 sexagesimal parsing code in perlsyck.h has a buffer underflow bug in both intbase60 and floatbase60 handlers. When processing the leftmost segment of a colon-separated value e.g., the 1 in 1:30:45, the...

7.3CVSS5.7AI score0.00333EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.12 views

Amazon Linux 2023 : perl-YAML-Syck, perl-YAML-Syck-tests (ALAS2023-2026-1769)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1769 advisory. YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 sexagesimal parsing code in perlsyck.h has a buffer underflow bug in both intbase60 and floatbase60 handlers. When...

7.3CVSS5.8AI score0.00333EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2026/06/08 12:0 a.m.10 views

Amazon Linux 2 : perl-YAML-Syck, --advisory ALAS2-2026-3327 (ALAS-2026-3327)

The version of perl-YAML-Syck installed on the remote host is prior to 1.27-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3327 advisory. YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 sexagesimal parsing code in perlsyck.h has a...

7.3CVSS5.9AI score0.00333EPSS
Exploits0References4
Rows per page
Query Builder