affected published on 29 Dec 2025 CVE-2025-11683 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): ADJACENT_NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 1 day, 8 hours ago by @LeSuisse Activity log Created automatic suggestion 1 month, 1 week ago @LeSuisse accepted as draft 1 day, 8 hours ago @LeSuisse published on GitHub 1 day, 8 hours ago YAML::Syck versions before 1.36 for Perl has missing Null-Terminators which causes Out-of-Bounds Read and potential Information Disclosure YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read The issue is seen with complex YAML files with a hash of all keys and empty values. There is no indication that the issue leads to accessing memory outside that allocated to the module. Affected products YAML-Syck <1.36 Matching in nixpkgs pkgs.perlPackages.YAMLSyck Fast, lightweight YAML loader and dumper nixos-25.05 1.34 nixpkgs-25.05-darwin 1.34 nixos-25.05-small 1.34 nixos-unstable 1.34 nixos-unstable-small 1.34 nixpkgs-unstable 1.34 pkgs.perl538Packages.YAMLSyck Fast, lightweight YAML loader and dumper nixos-25.05 1.34 nixpkgs-25.05-darwin 1.34 nixos-25.05-small 1.34 nixos-unstable 1.34 nixos-unstable-small 1.34 nixpkgs-unstable 1.34 pkgs.perl540Packages.YAMLSyck Fast, lightweight YAML loader and dumper nixos-25.05 1.34 nixpkgs-25.05-darwin 1.34 nixos-25.05-small 1.34 nixos-unstable ??? nixos-unstable-small 1.34 nixpkgs-unstable 1.34
CVE-2025-11683 6.5 MEDIUM CVSS version: 3.1 Attack vector (AV): ADJACENT_NETWORK Attack complexity (AC): LOW Privileges required (PR): NONE User interaction (UI): NONE Scope (S): UNCHANGED Confidentiality impact (C): HIGH Integrity impact (I): NONE Availability impact (A): NONE updated 1 day, 8 hours ago by @LeSuisse Activity log Created automatic suggestion 1 month, 1 week ago @LeSuisse accepted as draft 1 day, 8 hours ago @LeSuisse published on GitHub 1 day, 8 hours ago YAML::Syck versions before 1.36 for Perl has missing Null-Terminators which causes Out-of-Bounds Read and potential Information Disclosure YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read The issue is seen with complex YAML files with a hash of all keys and empty values. There is no indication that the issue leads to accessing memory outside that allocated to the module. Affected products YAML-Syck <1.36 Matching in nixpkgs pkgs.perlPackages.YAMLSyck Fast, lightweight YAML loader and dumper nixos-25.05 1.34 nixpkgs-25.05-darwin 1.34 nixos-25.05-small 1.34 nixos-unstable 1.34 nixos-unstable-small 1.34 nixpkgs-unstable 1.34 pkgs.perl538Packages.YAMLSyck Fast, lightweight YAML loader and dumper nixos-25.05 1.34 nixpkgs-25.05-darwin 1.34 nixos-25.05-small 1.34 nixos-unstable 1.34 nixos-unstable-small 1.34 nixpkgs-unstable 1.34 pkgs.perl540Packages.YAMLSyck Fast, lightweight YAML loader and dumper nixos-25.05 1.34 nixpkgs-25.05-darwin 1.34 nixos-25.05-small 1.34 nixos-unstable ??? nixos-unstable-small 1.34 nixpkgs-unstable 1.34
pkgs.perlPackages.YAMLSyck Fast, lightweight YAML loader and dumper nixos-25.05 1.34 nixpkgs-25.05-darwin 1.34 nixos-25.05-small 1.34 nixos-unstable 1.34 nixos-unstable-small 1.34 nixpkgs-unstable 1.34
pkgs.perl538Packages.YAMLSyck Fast, lightweight YAML loader and dumper nixos-25.05 1.34 nixpkgs-25.05-darwin 1.34 nixos-25.05-small 1.34 nixos-unstable 1.34 nixos-unstable-small 1.34 nixpkgs-unstable 1.34
pkgs.perl540Packages.YAMLSyck Fast, lightweight YAML loader and dumper nixos-25.05 1.34 nixpkgs-25.05-darwin 1.34 nixos-25.05-small 1.34 nixos-unstable ??? nixos-unstable-small 1.34 nixpkgs-unstable 1.34