Activity log
- Created suggestion
YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter
YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.
References
Affected products
YAML-Syck
- =<1.36
Matching in nixpkgs
pkgs.perlPackages.YAMLSyck
Fast, lightweight YAML loader and dumper
pkgs.perl5Packages.YAMLSyck
Fast, lightweight YAML loader and dumper
pkgs.perl538Packages.YAMLSyck
None
pkgs.perl540Packages.YAMLSyck
None