CVE-2026-4177

EUVD-2026-12523

16.03.2026, 23:16

YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter.

The heap overflow occurs when class names exceed the initial 512-byte allocation.

The base64 decoder could read past the buffer end on trailing newlines.

strtok mutated n->type_id in place, corrupting shared node data.

A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	9.1 CRITICAL	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 7%

Affected Products (NVD)

Vendor	Product	Version
toddr	yaml\	𝑥 < 1.37

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

libyaml-syck-perl

bookworm	vulnerable
bookworm (security)	1.34-2+deb12u2 fixed
bullseye	vulnerable
bullseye (security)	1.34-1+deb11u1 fixed
forky	1.36-2 fixed
sid	1.36-2 fixed
trixie	vulnerable
trixie (security)	1.34-2+deb13u2 fixed

Common Weakness Enumeration

CWE-122 - Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References

https://github.com/cpan-authors/YAML-Syck/commit/e8844a31c8cf0052914b198fc784ed4e6b8ae69e.patch

https://metacpan.org/release/TODDR/YAML-Syck-1.37_01/changes#L21

http://www.openwall.com/lists/oss-security/2026/03/16/6