CVE-2026-4177
CRITICAL9.1EPSS 0.02%libyaml-syck-perl - security update
發布日:2026/3/16修改日:2026/4/28
描述
YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.
受影響套件(2)
- Debian/libyaml-syck-perlfrom 0, < 1.34-1+deb11u1
- Debian/libyaml-syck-perlfrom 0, < 1.34-2+deb12u2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |