NIXPKGS-2025-0023
published on 29 Dec 2025
by @LeSuisse Activity log
- Created automatic suggestion
- @LeSuisse accepted
- @LeSuisse published on GitHub
YAML::Syck versions before 1.36 for Perl has missing Null-Terminators which causes Out-of-Bounds Read and potential Information Disclosure
YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read The issue is seen with complex YAML files with a hash of all keys and empty values. There is no indication that the issue leads to accessing memory outside that allocated to the module.
Affected products
YAML-Syck
- <1.36
Matching in nixpkgs
pkgs.perlPackages.YAMLSyck
Fast, lightweight YAML loader and dumper
pkgs.perl538Packages.YAMLSyck
Fast, lightweight YAML loader and dumper
pkgs.perl540Packages.YAMLSyck
Fast, lightweight YAML loader and dumper