2 matches found
CVE-2026-57076
YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syckhdlraddanchor. In the bundled libsyck an anchor name allocated by syckstrndup is stored both as node-anchor, freed when the node is freed, and as the key in the parser's...
CVE-2026-57076
CVE-2026-57076 affects YAML::Syck for Perl up to 1.46 (bundled libsyck). Root cause: an anchor name stored as node->anchor and as the key in the anchors table can be freed when the node is freed; a subsequent anchor redefinition compares against the freed key, causing reads of freed heap memor...