Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via an unbounded newline scan in newline_len
Vulnerability Description
YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via an unbounded newline scan in newline_len. In the bundled libsyck newline_len and is_newline dereference the scan pointer, and the following byte for a "\r\n" pair, with no NUL-terminator or bounds check. During block-scalar lexing at a document boundary the scan runs one byte past the heap lexer buffer. This is an incomplete fix of CVE-2025-11683, on a lexer path the earlier fix did not cover. Any caller that runs Load or LoadFile on an untrusted document with a block scalar at a document boundary reaches the over-read.
CVSS Information
N/A
Vulnerability Type
跨界内存读
Vulnerability Title
toddr YAML::Syck 缓冲区错误漏洞
Vulnerability Description
toddr YAML::Syck是toddr个人开发者的Perl语言模块,用于解析和生成YAML格式数据。 toddr YAML::Syck 1.47之前版本存在缓冲区错误漏洞,该漏洞源于在newline_len函数中未对换行符扫描进行边界检查,导致越界读取。
CVSS Information
N/A
Vulnerability Type
N/A