CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2026-4177

CVSS 9.1v3.1pub. 2026-03-16upd. 2026-06-30

YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
  • Toddr Yaml\

    APP
    Toddr
    \
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2025-11683MEDIUM6.5ten sam produkt

YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and pote...

CVE-2006-10003CRITICAL9.8PL ✓ten sam vendor

XML::Parser dla Perl — heap buffer overflow przez off-by-one przy głębokim zagnieżdżeniu XML

CVE-2006-10002HIGH7.5ten sam vendor

XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruptio...