Описание
YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read The issue is seen with complex YAML files with a hash of all keys and empty values. There is no indication that the issue leads to accessing memory outside that allocated to the module.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needed | |
| esm-apps/bionic | released | 1.29-1ubuntu0.18.04.1~esm1 |
| esm-apps/focal | released | 1.31-1ubuntu0.1~esm1 |
| esm-apps/jammy | released | 1.34-1ubuntu0.1~esm1 |
| esm-apps/noble | released | 1.34-2ubuntu0.24.04.1~esm1 |
| esm-apps/xenial | released | 1.29-1ubuntu0.16.04.1~esm1 |
| jammy | needed | |
| noble | needed | |
| plucky | released | 1.34-2ubuntu0.25.04.1 |
| questing | released | 1.34-3ubuntu0.1 |
Показывать по
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read The issue is seen with complex YAML files with a hash of all keys and empty values. There is no indication that the issue leads to accessing memory outside that allocated to the module.
YAML::Syck versions before 1.36 for Perl has missing null-terminators ...
YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read The issue is seen with complex YAML files with a hash of all keys and empty values. There is no indication that the issue leads to accessing memory outside that allocated to the module.
EPSS
6.5 Medium
CVSS3