PT-2026-60588 · Toddr · Yaml::Syck
CVE-2026-13713
·
Publicado
2026-07-16
·
Atualizado
2026-07-16
Nenhuma
Não há classificações de severidade ou métricas disponíveis. Quando houver, atualizaremos as informações correspondentes na página.
YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack.
In the bundled libsyck, when an anchor name is redefined or removed, syck hdlr add anchor and syck hdlr remove anchor free the node stored under that name with syck free node. That node can still be live on the parser's value stack, so syck hdlr add node reaches it again and frees it a second time. On a normal build the 48-byte node chunk is freed twice and the interpreter aborts. Anchors need no special flags, so this is reached on the default Load path, and a 7-byte document that redefines an anchor triggers it.
Any caller that runs Load or LoadFile on an untrusted document that redefines an anchor mid-parse crashes the interpreter, a denial of service.
Double Free
Use After Free
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Yaml::Syck