CVE-2026-4177 (GCVE-0-2026-4177)

Vulnerability from cvelistv5 – Published: 2026-03-16 22:30 – Updated: 2026-03-17 14:04
VLAI?
Title
YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter
Summary
YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter. The heap overflow occurs when class names exceed the initial 512-byte allocation. The base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data. A memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.
Severity ?
9.1 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
CWE
  • CWE-122 - Heap-based Buffer Overflow
Assigner
References
Impacted products
Vendor Product Version
TODDR YAML::Syck Affected: 0 , ≤ 1.36 (custom)
Create a notification for this product.
Credits
Todd Rinaldo
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-03-17T01:34:04.213Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/03/16/6"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-4177",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-17T14:04:29.127464Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-17T14:04:53.600Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://cpan.org/modules",
          "defaultStatus": "unaffected",
          "packageName": "YAML-Syck",
          "product": "YAML::Syck",
          "programFiles": [
            "emitter.c",
            "handler.c",
            "perl_common.h",
            "perl_syck.h"
          ],
          "programRoutines": [
            {
              "name": "YAML::Syck::yaml_syck_emitter_handler()"
            },
            {
              "name": "YAML::Syck::syck_base64dec()"
            },
            {
              "name": "YAML::Syck::yaml_syck_parser_handler()"
            },
            {
              "name": "YAML::Syck::syck_hdlr_add_anchor()"
            }
          ],
          "repo": "https://github.com/cpan-authors/YAML-Syck",
          "vendor": "TODDR",
          "versions": [
            {
              "lessThanOrEqual": "1.36",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Todd Rinaldo"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter.\n\nThe heap overflow occurs when class names exceed the initial 512-byte allocation.\n\nThe base64 decoder could read past the buffer end on trailing newlines.\n\nstrtok mutated n-\u003etype_id in place, corrupting shared node data.\n\nA memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string \u0027a\u0027 was leaked on early return."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-16T22:30:25.367Z",
        "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "shortName": "CPANSec"
      },
      "references": [
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/cpan-authors/YAML-Syck/commit/e8844a31c8cf0052914b198fc784ed4e6b8ae69e.patch"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://metacpan.org/release/TODDR/YAML-Syck-1.37_01/changes#L21"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to version 1.37 or higher."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter",
      "x_generator": {
        "engine": "cpansec-cna-tool 0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
    "assignerShortName": "CPANSec",
    "cveId": "CVE-2026-4177",
    "datePublished": "2026-03-16T22:30:25.367Z",
    "dateReserved": "2026-03-14T19:36:56.710Z",
    "dateUpdated": "2026-03-17T14:04:53.600Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-4177\",\"sourceIdentifier\":\"9b29abf9-4ab0-4765-b253-1875cd9b441e\",\"published\":\"2026-03-16T23:16:21.543\",\"lastModified\":\"2026-03-23T18:17:31.370\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter.\\n\\nThe heap overflow occurs when class names exceed the initial 512-byte allocation.\\n\\nThe base64 decoder could read past the buffer end on trailing newlines.\\n\\nstrtok mutated n-\u003etype_id in place, corrupting shared node data.\\n\\nA memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string \u0027a\u0027 was leaked on early return.\"},{\"lang\":\"es\",\"value\":\"Las versiones de YAML::Syck hasta la 1.36 para Perl tienen varias vulnerabilidades de seguridad potenciales, incluyendo un desbordamiento de b\u00fafer de mont\u00edculo de alta gravedad en el emisor YAML.\\n\\nEl desbordamiento de mont\u00edculo ocurre cuando los nombres de clase exceden la asignaci\u00f3n inicial de 512 bytes.\\n\\nEl decodificador base64 podr\u00eda leer m\u00e1s all\u00e1 del final del b\u00fafer en saltos de l\u00ednea finales.\\n\\nstrtok mut\u00f3 n-\u0026gt;type_id in situ, corrompiendo datos de nodo compartidos.\\n\\nSe produjo una fuga de memoria en syck_hdlr_add_anchor cuando un nodo ya ten\u00eda un ancla. La cadena de ancla entrante \u0027a\u0027 se filtr\u00f3 en el retorno anticipado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"9b29abf9-4ab0-4765-b253-1875cd9b441e\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:toddr:yaml\\\\:\\\\:syck:*:*:*:*:*:perl:*:*\",\"versionEndExcluding\":\"1.37\",\"matchCriteriaId\":\"618F919B-87EA-4A0F-9798-D29206FA3022\"}]}]}],\"references\":[{\"url\":\"https://github.com/cpan-authors/YAML-Syck/commit/e8844a31c8cf0052914b198fc784ed4e6b8ae69e.patch\",\"source\":\"9b29abf9-4ab0-4765-b253-1875cd9b441e\",\"tags\":[\"Patch\"]},{\"url\":\"https://metacpan.org/release/TODDR/YAML-Syck-1.37_01/changes#L21\",\"source\":\"9b29abf9-4ab0-4765-b253-1875cd9b441e\",\"tags\":[\"Release Notes\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/03/16/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/03/16/6\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-03-17T01:34:04.213Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2026-4177\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-17T14:04:29.127464Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-17T14:04:48.792Z\"}}], \"cna\": {\"title\": \"YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Todd Rinaldo\"}], \"affected\": [{\"repo\": \"https://github.com/cpan-authors/YAML-Syck\", \"vendor\": \"TODDR\", \"product\": \"YAML::Syck\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"1.36\"}], \"packageName\": \"YAML-Syck\", \"programFiles\": [\"emitter.c\", \"handler.c\", \"perl_common.h\", \"perl_syck.h\"], \"collectionURL\": \"https://cpan.org/modules\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"YAML::Syck::yaml_syck_emitter_handler()\"}, {\"name\": \"YAML::Syck::syck_base64dec()\"}, {\"name\": \"YAML::Syck::yaml_syck_parser_handler()\"}, {\"name\": \"YAML::Syck::syck_hdlr_add_anchor()\"}]}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Upgrade to version 1.37 or higher.\"}], \"references\": [{\"url\": \"https://github.com/cpan-authors/YAML-Syck/commit/e8844a31c8cf0052914b198fc784ed4e6b8ae69e.patch\", \"tags\": [\"patch\"]}, {\"url\": \"https://metacpan.org/release/TODDR/YAML-Syck-1.37_01/changes#L21\", \"tags\": [\"release-notes\"]}], \"x_generator\": {\"engine\": \"cpansec-cna-tool 0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter.\\n\\nThe heap overflow occurs when class names exceed the initial 512-byte allocation.\\n\\nThe base64 decoder could read past the buffer end on trailing newlines.\\n\\nstrtok mutated n-\u003etype_id in place, corrupting shared node data.\\n\\nA memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string \u0027a\u0027 was leaked on early return.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122 Heap-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"9b29abf9-4ab0-4765-b253-1875cd9b441e\", \"shortName\": \"CPANSec\", \"dateUpdated\": \"2026-03-16T22:30:25.367Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2026-4177\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-03-17T14:04:53.600Z\", \"dateReserved\": \"2026-03-14T19:36:56.710Z\", \"assignerOrgId\": \"9b29abf9-4ab0-4765-b253-1875cd9b441e\", \"datePublished\": \"2026-03-16T22:30:25.367Z\", \"assignerShortName\": \"CPANSec\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.