CVE-2026-4177

Name of the Vulnerable Software and Affected Versions YAML::Syck versions through 1.36

Description YAML::Syck for Perl has multiple security issues, including a high-severity heap buffer overflow in the YAML emitter. This overflow happens when class names are longer than the initial 512-byte allocation. The base64 decoder may read beyond the buffer's end when encountering trailing newlines. The strtok function modifies n->type id directly, potentially corrupting shared node data. Additionally, a memory leak occurs in the syck hdlr add anchor function when a node already has an anchor, leaking the incoming anchor string a upon early return. The issue affects the YAML emitter component.

Recommendations Update YAML::Syck to a version later than 1.36.