Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Primary rating from Vendor (9b29abf9-4ab0-4765-b253-1875cd9b441e).
CVSS VectorVendor: 9b29abf9-4ab0-4765-b253-1875cd9b441e
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Lifecycle Timeline
3DescriptionCVE.org
YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter.
The heap overflow occurs when class names exceed the initial 512-byte allocation.
The base64 decoder could read past the buffer end on trailing newlines.
strtok mutated n->type_id in place, corrupting shared node data.
A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.
AnalysisAI
A critical heap buffer overflow vulnerability exists in YAML::Syck through version 1.36 for Perl, allowing remote attackers to potentially execute arbitrary code or cause denial of service without authentication. The vulnerability stems from multiple memory corruption issues including heap overflow when processing YAML class names exceeding 512 bytes, buffer overread in base64 decoding, and memory leaks. With a CVSS score of 9.1 and network-based attack vector requiring no user interaction, this presents a severe risk to applications parsing untrusted YAML input.
Technical ContextAI
YAML::Syck is a Perl module providing a fast YAML 1.0 loader and dumper based on the libyaml library. The vulnerability manifests as a heap buffer overflow (CWE-122) in the YAML emitter component when processing class names that exceed the initially allocated 512-byte buffer. Additional memory safety issues include the base64 decoder reading past buffer boundaries on trailing newlines, strtok mutations corrupting shared node data structures, and memory leaks in anchor handling. These flaws affect the core parsing and emission logic used when processing YAML documents, making any Perl application using YAML::Syck vulnerable when handling untrusted input.
RemediationAI
Upgrade YAML::Syck to version 1.37_01 or later immediately, which includes the patch available at https://github.com/cpan-authors/YAML-Syck/commit/e8844a31c8cf0052914b198fc784ed4e6b8ae69e.patch. If immediate patching is not possible, implement strict input validation on all YAML data before processing, limit the size of YAML documents accepted, and consider running YAML processing in isolated environments with restricted permissions. Applications should also audit their use of YAML::Syck to identify all instances where untrusted input might be processed.
Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5. Rated high severity (CVSS 7.5), this vulnerability
An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid inpu
Parsing malicious or large YAML documents can consume excessive amounts of CPU or memory. Rated high severity (CVSS 7.5)
Buffer underflow in YAML::Syck for Perl versions before 1.38 allows remote unauthenticated attackers to trigger out-of-b
Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and p
Same weakness CWE-122 – Heap-based Buffer Overflow
View allSame technique Heap Overflow
View allVendor StatusVendor
SUSE
Severity: Critical| Product | Status |
|---|---|
| SUSE Liberty Linux 8 | Fixed |
| openSUSE Tumbleweed | Fixed |
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-12523