CVE-2025-11683

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions YAML::Syck versions before 1.36

Description YAML::Syck, a Perl module, contains a flaw due to missing null terminators in the token.c file. This can lead to an out-of-bounds read, potentially resulting in information disclosure. The issue is observed when processing complex YAML files containing a hash of all keys and empty values. The read is limited to adjacent variables and does not appear to allow access to memory outside the module's allocated space.

Recommendations Update YAML::Syck to version 1.36 or later.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2025-11683

OPENSUSE-SU-2026:10746-1

OPENSUSE-SU-2026:20771-1

USN-7844-1

Affected Products

Debian

Linuxmint

Ubuntu

Yaml::Syck

CVE-2025-11683

Weakness Enumeration

Related Identifiers

Affected Products

References · 20