rpm package
opensuse/perl-YAML-Syck&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/perl-YAML-Syck&distro=openSUSE%20Tumbleweed
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-5089 | Hig | 7.3 | < 1.450.0-4.1 | 1.450.0-4.1 | May 12, 2026 | YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 (sexagesimal) parsing code in perl_syck.h has a buffer underflow bug in both int#base60 and float#base60 handlers. When processing the leftmost segment of a colon-separated value (e.g., the 1 in 1:30 | |
| CVE-2026-4177 | — | < 1.440.0-1.1 | 1.440.0-1.1 | Mar 16, 2026 | YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the | ||
| CVE-2025-11683 | — | < 1.450.0-1.1 | 1.450.0-1.1 | Oct 16, 2025 | YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read The issue is seen with complex YA |
- affected < 1.450.0-4.1fixed 1.450.0-4.1
YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 (sexagesimal) parsing code in perl_syck.h has a buffer underflow bug in both int#base60 and float#base60 handlers. When processing the leftmost segment of a colon-separated value (e.g., the 1 in 1:30
- CVE-2026-4177Mar 16, 2026affected < 1.440.0-1.1fixed 1.440.0-1.1
YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the
- CVE-2025-11683Oct 16, 2025affected < 1.450.0-1.1fixed 1.450.0-1.1
YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read The issue is seen with complex YA