CVE-2026-57077
Received Received - Intake

Out-of-Bounds Read in YAML::Syck Perl Module

Vulnerability report for CVE-2026-57077, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-16

Last updated on: 2026-07-16

Assigner: CPANSec

Description

YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via an unbounded newline scan in newline_len. In the bundled libsyck newline_len and is_newline dereference the scan pointer, and the following byte for a "\r\n" pair, with no NUL-terminator or bounds check. During block-scalar lexing at a document boundary the scan runs one byte past the heap lexer buffer. This is an incomplete fix of CVE-2025-11683, on a lexer path the earlier fix did not cover. Any caller that runs Load or LoadFile on an untrusted document with a block scalar at a document boundary reaches the over-read.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-16
Last Modified
2026-07-16
Generated
2026-07-17
AI Q&A
2026-07-17
EPSS Evaluated
N/A
NVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
yaml syck to 1.47 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability is an out-of-bounds read issue in YAML::Syck versions before 1.47 for Perl. It occurs during newline scanning in block-scalar lexing at a document boundary. The newline_len and is_newline functions dereference a scan pointer without proper bounds checking, potentially reading one byte past the allocated heap buffer. This flaw allows attackers to access memory outside the intended range when processing untrusted YAML documents.

Detection Guidance

Detection requires checking the installed version of YAML::Syck. Use Perl commands like 'perl -MYAML::Syck -e "print $YAML::Syck::VERSION"' to verify if the version is below 1.47.

Impact Analysis

If you use YAML::Syck to process untrusted YAML files containing block scalars at document boundaries, this vulnerability could allow an attacker to read sensitive memory contents. This might lead to information disclosure, crashes, or potentially enable further exploitation depending on the application context.

Mitigation Strategies

Upgrade YAML::Syck to version 1.47 or later. Use package managers like cpan or cpanm to update the module: 'cpan YAML::Syck' or 'cpanm YAML::Syck'.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-57077. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart