CNNVD-202510-2413 Information

CNNVD ID

CNNVD-202510-2413

Related CVE

CVE-2025-11683

• CNNVD Published: 2025-10-16

Description (Chinese)

YAML::Syck是CPAN Authors开源的一个Perl库。 YAML::Syck 1.36之前版本存在安全漏洞，该漏洞源于token.c中缺少空终止符，可能导致越界读取和信息泄露。

Description (English)

YAML: Syck is a Perl library of the Open Source of CPCAuthors. YAML: : Syck 1.36 has a security loophole, which stems from the absence of an empty terminal in token.c, which may lead to cross-border reading and information leakage.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

CPAN Authors

Published

2025-10-16

Last Modified

2026-02-24

References

https://metacpan.org/dist/YAML-Syck/changes https://github.com/cpan-authors/YAML-Syck/pull/65 https://vigilance.fr/vulnerability/YAML-Syck-out-of-bounds-memory-reading-via-Missing-Null-Terminators-48516

Patch

https://metacpan.org/dist/YAML-Syck/changes