{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4177", "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "state": "PUBLISHED", "assignerShortName": "CPANSec", "dateReserved": "2026-03-14T19:36:56.710Z", "datePublished": "2026-03-16T22:30:25.367Z", "dateUpdated": "2026-03-17T14:04:53.600Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://cpan.org/modules", "defaultStatus": "unaffected", "packageName": "YAML-Syck", "product": "YAML::Syck", "programFiles": ["emitter.c", "handler.c", "perl_common.h", "perl_syck.h"], "programRoutines": [{"name": "YAML::Syck::yaml_syck_emitter_handler()"}, {"name": "YAML::Syck::syck_base64dec()"}, {"name": "YAML::Syck::yaml_syck_parser_handler()"}, {"name": "YAML::Syck::syck_hdlr_add_anchor()"}], "repo": "https://github.com/cpan-authors/YAML-Syck", "vendor": "TODDR", "versions": [{"lessThanOrEqual": "1.36", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Todd Rinaldo"}], "descriptions": [{"lang": "en", "value": "YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter.\n\nThe heap overflow occurs when class names exceed the initial 512-byte allocation.\n\nThe base64 decoder could read past the buffer end on trailing newlines.\n\nstrtok mutated n->type_id in place, corrupting shared node data.\n\nA memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "shortName": "CPANSec", "dateUpdated": "2026-03-16T22:30:25.367Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/cpan-authors/YAML-Syck/commit/e8844a31c8cf0052914b198fc784ed4e6b8ae69e.patch"}, {"tags": ["release-notes"], "url": "https://metacpan.org/release/TODDR/YAML-Syck-1.37_01/changes#L21"}], "solutions": [{"lang": "en", "value": "Upgrade to version 1.37 or higher."}], "source": {"discovery": "UNKNOWN"}, "title": "YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter", "x_generator": {"engine": "cpansec-cna-tool 0.1"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/03/16/6"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-17T01:34:04.213Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-17T14:04:29.127464Z", "id": "CVE-2026-4177", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T14:04:53.600Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/03/16/6"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-17T01:34:04.213Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-4177", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-17T14:04:29.127464Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T14:04:48.792Z"}}], "cna": {"title": "YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Todd Rinaldo"}], "affected": [{"repo": "https://github.com/cpan-authors/YAML-Syck", "vendor": "TODDR", "product": "YAML::Syck", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "1.36"}], "packageName": "YAML-Syck", "programFiles": ["emitter.c", "handler.c", "perl_common.h", "perl_syck.h"], "collectionURL": "https://cpan.org/modules", "defaultStatus": "unaffected", "programRoutines": [{"name": "YAML::Syck::yaml_syck_emitter_handler()"}, {"name": "YAML::Syck::syck_base64dec()"}, {"name": "YAML::Syck::yaml_syck_parser_handler()"}, {"name": "YAML::Syck::syck_hdlr_add_anchor()"}]}], "solutions": [{"lang": "en", "value": "Upgrade to version 1.37 or higher."}], "references": [{"url": "https://github.com/cpan-authors/YAML-Syck/commit/e8844a31c8cf0052914b198fc784ed4e6b8ae69e.patch", "tags": ["patch"]}, {"url": "https://metacpan.org/release/TODDR/YAML-Syck-1.37_01/changes#L21", "tags": ["release-notes"]}], "x_generator": {"engine": "cpansec-cna-tool 0.1"}, "descriptions": [{"lang": "en", "value": "YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter.\n\nThe heap overflow occurs when class names exceed the initial 512-byte allocation.\n\nThe base64 decoder could read past the buffer end on trailing newlines.\n\nstrtok mutated n->type_id in place, corrupting shared node data.\n\nA memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "shortName": "CPANSec", "dateUpdated": "2026-03-16T22:30:25.367Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4177", "state": "PUBLISHED", "dateUpdated": "2026-03-17T14:04:53.600Z", "dateReserved": "2026-03-14T19:36:56.710Z", "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "datePublished": "2026-03-16T22:30:25.367Z", "assignerShortName": "CPANSec"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:toddr:yaml\\:\\:syck:*:*:*:*:*:perl:*:*", "matchCriteriaId": "618F919B-87EA-4A0F-9798-D29206FA3022", "versionEndExcluding": "1.37", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter.\n\nThe heap overflow occurs when class names exceed the initial 512-byte allocation.\n\nThe base64 decoder could read past the buffer end on trailing newlines.\n\nstrtok mutated n->type_id in place, corrupting shared node data.\n\nA memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return."}, {"lang": "es", "value": "Las versiones de YAML::Syck hasta la 1.36 para Perl tienen varias vulnerabilidades de seguridad potenciales, incluyendo un desbordamiento de b\u00fafer de mont\u00edculo de alta gravedad en el emisor YAML.\n\nEl desbordamiento de mont\u00edculo ocurre cuando los nombres de clase exceden la asignaci\u00f3n inicial de 512 bytes.\n\nEl decodificador base64 podr\u00eda leer m\u00e1s all\u00e1 del final del b\u00fafer en saltos de l\u00ednea finales.\n\nstrtok mut\u00f3 n->type_id in situ, corrompiendo datos de nodo compartidos.\n\nSe produjo una fuga de memoria en syck_hdlr_add_anchor cuando un nodo ya ten\u00eda un ancla. La cadena de ancla entrante 'a' se filtr\u00f3 en el retorno anticipado."}], "id": "CVE-2026-4177", "lastModified": "2026-03-23T18:17:31.370", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-16T23:16:21.543", "references": [{"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Patch"], "url": "https://github.com/cpan-authors/YAML-Syck/commit/e8844a31c8cf0052914b198fc784ed4e6b8ae69e.patch"}, {"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Release Notes"], "url": "https://metacpan.org/release/TODDR/YAML-Syck-1.37_01/changes#L21"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2026/03/16/6"}], "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}], "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "type": "Secondary"}]}

{"bugzilla": {"description": "perl-YAML-Syck: YAML::Syck versions through 1.36 for Perl has several potential security vulnerabilities including a high-severity heap buffer overflow in the YAML emitter", "id": "2448277", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448277"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-120", "details": ["Multiple security issues have been discovered in the perl YAML::Syck module. A heap overflow occurs when class names exceed the initial 512-byte allocation, a base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data, and a memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2026-4177", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "perl-YAML-Syck", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "perl-YAML-Syck", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "perl-YAML-Syck", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2026-03-16T22:30:25Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-4177\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-4177\nhttps://github.com/cpan-authors/YAML-Syck/commit/e8844a31c8cf0052914b198fc784ed4e6b8ae69e.patch\nhttps://metacpan.org/release/TODDR/YAML-Syck-1.37_01/changes#L21"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,1.36]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "YAML::Syck", "source": "cna", "vendor": "TODDR"}, "product": "yaml::syck", "vendor": "toddr"}], "analysis": {"en": {"generated_at": "2026-03-23T20:30:37.003610+00:00", "value": {"mitigation_remediation": ["Upgrade Perl module YAML::Syck to version 1.37 or newer", "Confirm that Perl applications now load the updated module version", "Restart affected services to ensure the updated module is in use"], "summary": {"action": "Patch Immediately", "impact": "Heap Buffer Overflow"}, "threat_synthesis": {"affected_systems": "The affected component is the Perl module YAML::Syck, distributed by the TODDR vendor. Any Perl application that loads this module\u2014whether a web service, a command\u2011line tool, or any process that parses YAML files\u2014is at risk. The problem exists in all releases through version 1.36. Upgrading to version 1.37 or later removes the known defects, because the vendor has fixed the allocation and bounds checks that were responsible for the overflow.", "description_and_impact": "YAML::Syck versions up to 1.36 for Perl contain a notably severe heap buffer overflow in the YAML emitter that is triggered when class names exceed a 512\u2011byte allocation. The overflow can corrupt adjacent memory blocks and potentially lead to unintended code execution or program termination. Additional weaknesses include a base64 decoder overread on trailing newlines, a mutating token that corrupts shared node data, and a memory leak when adding anchors. These vulnerabilities are consistent with the CWE\u2011120 and CWE\u2011122 categories, which describe heap-based buffer overflows and incorrect bounds checking.", "risk_and_exploitability": "The CVSS score of 9.1 indicates high severity, but the EPSS score is reported as less than 1%, which suggests that active exploitation is currently rare and the vulnerability is not listed in the CISA KEV catalog. The exact attack vector is not explicitly detailed in the advisory; based on the description it is inferred that an attacker would need to supply malformed or malicious YAML input to the vulnerable module, such as via network traffic, file uploads, or other data feeds that are parsed by the application. Because the vulnerability requires untrusted YAML data, the risk is mitigated if an application validates or sanitizes input, but if such controls are absent the potential for arbitrary code execution remains high. Overall, the combination of high impact and the possibility of remote exploitation makes patching a priority."}}}}, "created": "2026-03-17T09:52:05.312033+00:00", "updated": "2026-03-24T10:49:44.636967+00:00", "vendors": ["toddr", "toddr$PRODUCT$yaml::syck"]}