Buffer overflow in Toddr Yaml::syck

CVE-2025-11683

YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to b…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (6.5th percentile) — read the EPSS interpretation.

Affected products

Toddr Yaml::syck — versions 0

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

github.com/cpan-authors/YAML-Syck/pull/65 (patch)
metacpan.org/dist/YAML-Syck/changes (release-notes)