Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-57077— YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via an unbounded newline scan in newline_len

AI Predicted 7.5 Difficulty: Easy EPSS 0.15% · P4

Possible ATT&CK Techniques 1AI

T1203 · Exploitation for Client Execution

Affected Version Matrix 1

VendorProductVersion RangeStatus
TODDRYAML::Syck< 1.47affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-57077

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via an unbounded newline scan in newline_len
Source: NVD (National Vulnerability Database)
Vulnerability Description
YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via an unbounded newline scan in newline_len. In the bundled libsyck newline_len and is_newline dereference the scan pointer, and the following byte for a "\r\n" pair, with no NUL-terminator or bounds check. During block-scalar lexing at a document boundary the scan runs one byte past the heap lexer buffer. This is an incomplete fix of CVE-2025-11683, on a lexer path the earlier fix did not cover. Any caller that runs Load or LoadFile on an untrusted document with a block scalar at a document boundary reaches the over-read.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨界内存读
Source: NVD (National Vulnerability Database)
Vulnerability Title
toddr YAML::Syck 缓冲区错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
toddr YAML::Syck是toddr个人开发者的Perl语言模块,用于解析和生成YAML格式数据。 toddr YAML::Syck 1.47之前版本存在缓冲区错误漏洞,该漏洞源于在newline_len函数中未对换行符扫描进行边界检查,导致越界读取。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
TODDRYAML::Syck 0 ~ 1.47 -

II. Public POCs for CVE-2026-57077

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-57077

登录查看更多情报信息。

Patches & Fixes for CVE-2026-57077 (1)

Other References for CVE-2026-57077 (1)

Same Patch Batch · TODDR · 2026-07-16 · 4 CVEs total

CVE-2026-13713YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anc
CVE-2026-57075YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char loo
CVE-2026-57076YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name re

IV. Related Vulnerabilities

V. Comments for CVE-2026-57077

No comments yet


Leave a comment