91 matches found
CVE-2026-57076
YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syckhdlraddanchor. In the bundled libsyck an anchor name allocated by syckstrndup is stored both as node-anchor, freed when the node is freed, and as the key in the parser's...
CVE-2026-57075
YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syckbase64dec. The base64 decoder in the bundled libsyck indexes the 256-entry static table b64xtable with a signed char, so any !!binary byte = 0x80 sign-extends to a negative index and...
CVE-2026-57077
CVE-2026-57077 affects YAML::Syck for Perl; versions before 1.47 are vulnerable to an out-of-bounds read in newline_len caused by an unbounded newline scan. The issue arises from dereferencing the scan pointer and the following byte for a "\r\n" pair during block-scalar lexing at a document bound...
CVE-2026-57075
YAML::Syck vulnerability CVE-2026-57075 affects Perl in versions before 1.47. The base64 decoder in the bundled libsyck uses a 256-entry table (b64_xtable) indexed by a signed char; bytes with high bit set (>= 0x80) sign-extend to negative indices and read before the table, triggering an out-o...
CVE-2026-13713
CVE-2026-13713 affects YAML::Syck before 1.47 (Perl). The issue is a use-after-free/double-free caused by redefining or removing an anchor: syck_hdlr_add_anchor and syck_hdlr_remove_anchor free the node under that name, which may still reside on the parser’s value stack. When the same node is fre...
CVE-2026-13713 YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack
YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack. In the bundled libsyck, when an anchor name is redefined or removed, syckhdlraddanchor and syckhdlrremoveanchor free the node stored under that name with...
openSUSE 16 Security Update : perl-YAML-Syck (openSUSE-SU-2026:20938-1)
The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20938-1 advisory. Changes in perl-YAML-Syck: - CVE-2026-5089: prevent buffer underflow in base60 sexagesimal parsing PR 133 bsc1265155. Tenable has extracted the precedin...
OPENSUSE-SU-2026:20938-1 Security update for perl-YAML-Syck
This update for perl-YAML-Syck fixes the following issues: Changes in perl-YAML-Syck: - CVE-2026-5089: prevent buffer underflow in base60 sexagesimal parsing PR 133 bsc1265155...
Medium: perl-YAML-Syck
Issue Overview: YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 sexagesimal parsing code in perlsyck.h has a buffer underflow bug in both intbase60 and floatbase60 handlers. When processing the leftmost segment of a colon-separated value e.g., the 1 in 1:30:45, the...
Amazon Linux 2 : perl-YAML-Syck, --advisory ALAS2-2026-3327 (ALAS-2026-3327)
The version of perl-YAML-Syck installed on the remote host is prior to 1.27-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3327 advisory. YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 sexagesimal parsing code in perlsyck.h has a...
Amazon Linux 2023 : perl-YAML-Syck, perl-YAML-Syck-tests (ALAS2023-2026-1769)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1769 advisory. YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 sexagesimal parsing code in perlsyck.h has a buffer underflow bug in both intbase60 and floatbase60 handlers. When...
Security update for perl-YAML-Syck (moderate)
openSUSE Security Update: Security update for perl-YAML-Syck Announcement ID: openSUSE-SU-2026:0180-1 Rating: moderate References: 1252111 1259757 Cross-References: CVE-2025-11683 CVE-2026-4177 CVSS scores: CVE-2025-11683 SUSE: 6.5 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N Affected Products:...
perl-YAML-Syck-1.450.0-4.1 on GA media (moderate)
perl-YAML-Syck-1.450.0-4.1 on GA media Announcement ID: openSUSE-SU-2026:10846-1 Rating: moderate Cross-References: CVE-2026-5089 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...
OPENSUSE-SU-2026:10846-1 perl-YAML-Syck-1.450.0-4.1 on GA media
These are all security issues fixed in the perl-YAML-Syck-1.450.0-4.1 package on the GA media of openSUSE Tumbleweed...
Linux Distros Unpatched Vulnerability : CVE-2026-5089
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 sexagesimal parsing code in perlsyck.h has a buffer underflow bug in both intbase...
Updated perl-YAML-Syck package fixes security vulnerability
YAML::Syck versions before 1.38 for Perl have an out-of-bounds read...
SUSE CVE-2026-5089
YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 sexagesimal parsing code in perlsyck.h has a buffer underflow bug in both intbase60 and floatbase60 handlers. When processing the leftmost segment of a colon-separated value e.g., the 1 in 1:30:45, the inner while loop...
CVE-2026-5089
YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 sexagesimal parsing code in perlsyck.h has a buffer underflow bug in both intbase60 and floatbase60 handlers. When processing the leftmost segment of a colon-separated value e.g., the 1 in 1:30:45, the inner while loop...
UBUNTU-CVE-2026-5089
YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 sexagesimal parsing code in perlsyck.h has a buffer underflow bug in both intbase60 and floatbase60 handlers. When processing the leftmost segment of a colon-separated value e.g., the 1 in 1:30:45, the inner while loop...
CVE-2026-5089 YAML::Syck versions before 1.38 for Perl has an out-of-bounds read
YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 sexagesimal parsing code in perlsyck.h has a buffer underflow bug in both intbase60 and floatbase60 handlers. When processing the leftmost segment of a colon-separated value e.g., the 1 in 1:30:45, the inner while loop...