YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:HToddr Yaml\
APPToddr\
Related vulnerabilities
YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and pote...
XML::Parser dla Perl — heap buffer overflow przez off-by-one przy głębokim zagnieżdżeniu XML
XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruptio...