EUVD-2026-12523CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Lifecycle Timeline
3Description
YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.
Analysis
A critical heap buffer overflow vulnerability exists in YAML::Syck through version 1.36 for Perl, allowing remote attackers to potentially execute arbitrary code or cause denial of service without authentication. The vulnerability stems from multiple memory corruption issues including heap overflow when processing YAML class names exceeding 512 bytes, buffer overread in base64 decoding, and memory leaks. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all affected systems and apply vendor patches immediately. If patching is delayed, consider network segmentation to limit exposure.
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today