Search CVE reports
1 – 10 of 16 results
YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via an unbounded newline scan in newline_len. In the bundled libsyck newline_len and is_newline dereference the scan pointer, and the following byte for a "\r\n"...
1 affected package
libyaml-syck-perl
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libyaml-syck-perl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syck_hdlr_add_anchor. In the bundled libsyck an anchor name allocated by syck_strndup is stored both as...
1 affected package
libyaml-syck-perl
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libyaml-syck-perl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syck_base64dec. The base64 decoder in the bundled libsyck indexes the 256-entry static table b64_xtable with a signed...
1 affected package
libyaml-syck-perl
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libyaml-syck-perl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack. In the bundled libsyck, when an anchor name is redefined or...
1 affected package
libyaml-syck-perl
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libyaml-syck-perl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 (sexagesimal) parsing code in perl_syck.h has a buffer underflow bug in both int#base60 and float#base60 handlers. When processing the leftmost...
1 affected package
libyaml-syck-perl
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libyaml-syck-perl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial...
1 affected package
libyaml-syck-perl
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libyaml-syck-perl | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Some fixes available 7 of 8
YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows adjacent...
1 affected package
libyaml-syck-perl
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libyaml-syck-perl | Vulnerable | Fixed | Fixed | Fixed | Fixed |
Some fixes available 2 of 6
YAML-LibYAML prior to 0.903.0 for Perl uses 2-args open, allowing existing files to be modified
1 affected package
libyaml-libyaml-perl
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| libyaml-libyaml-perl | Not affected | Fixed | Fixed | Needs evaluation | Needs evaluation |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
4 affected packages
golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-goyaml | — | Not in release | Not in release | Not in release | — |
| golang-yaml.v2 | — | Not affected | Not affected | Not affected | Not affected |
| libyaml | — | Not affected | Not affected | Not affected | Not affected |
| libyaml-libyaml-perl | — | Not affected | Not affected | Not affected | Not affected |
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
4 affected packages
golang-goyaml, golang-yaml.v2, libyaml, libyaml-libyaml-perl
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| golang-goyaml | — | Not in release | Not in release | Not in release | — |
| golang-yaml.v2 | — | Not affected | Not affected | Not affected | Not affected |
| libyaml | — | Not affected | Not affected | Not affected | Not affected |
| libyaml-libyaml-perl | — | Not affected | Not affected | Not affected | Not affected |