CVE-2026-57075
Received Received - Intake

Out-of-Bounds Read in YAML::Syck Perl Module

Vulnerability report for CVE-2026-57075, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: CPANSec

Description

YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syck_base64dec. The base64 decoder in the bundled libsyck indexes the 256-entry static table b64_xtable with a signed char, so any !!binary byte >= 0x80 sign-extends to a negative index and reads before the table. The decoder receives the raw bytes of any !!binary node, a standard YAML type not gated by $LoadBlessed or $LoadCode, so it is reached on the default Load path. Any caller that runs Load or LoadFile on an untrusted document containing a !!binary scalar with a high-bit byte triggers the read, and the value read can surface in the decoded result.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
yaml syck to 1.47 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an out-of-bounds read issue in YAML::Syck versions before 1.47 for Perl. The base64 decoder uses a signed-char lookup table index, causing any byte with a high bit set (>= 0x80) to sign-extend into a negative index. This leads to reading memory before the intended table, potentially exposing data.

Detection Guidance

This vulnerability can be detected by checking the version of YAML::Syck installed on your system. Run 'perl -MYAML::Syck -e "print $YAML::Syck::VERSION"' to see the installed version. If it is below 1.47, the system is vulnerable.

Impact Analysis

If you process untrusted YAML documents containing !!binary scalars with high-bit bytes, this flaw could allow attackers to read memory contents or trigger crashes. The decoded result might expose sensitive data from memory.

Mitigation Strategies

Immediately update YAML::Syck to version 1.47 or later using your package manager, such as 'cpan YAML::Syck' or 'cpanm YAML::Syck'. Avoid loading untrusted YAML documents containing !!binary scalars until the update is applied.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57075. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart