Back to CVE List

CVE-2026-4177

CRITICAL SEVERITY

CVSS Score & Metrics

Base Score
9.1 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Vulnerability Description

YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter.

The heap overflow occurs when class names exceed the initial 512-byte allocation.

The base64 decoder could read past the buffer end on trailing newlines.

strtok mutated n->type_id in place, corrupting shared node data.

A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-122
Source
NVD
Vendor
toddr
Product
yaml\

External References

Discussion (0)

Add Comment

No comments yet. Be the first!