Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <allVDzsGr7PkCKl2@pjcj.com>
Date: Fri, 17 Jul 2026 00:03:58 +0200
From: Paul Johnson <paul@...j.net>
To: cve-announce@...urity.metacpan.org, oss-security@...ts.openwall.com
Subject: CVE-2026-57075: YAML::Syck versions before 1.47 for Perl allow an
 out-of-bounds read via a signed-char lookup-table index in syck_base64dec

========================================================================
CVE-2026-57075                                       CPAN Security Group
========================================================================

        CVE ID:  CVE-2026-57075
  Distribution:  YAML-Syck
      Versions:  before 1.47

      MetaCPAN:  https://metacpan.org/dist/YAML-Syck
      VCS Repo:  https://github.com/toddr/YAML-Syck


YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read
via a signed-char lookup-table index in syck_base64dec

Description
-----------
YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read
via a signed-char lookup-table index in syck_base64dec.

The base64 decoder in the bundled libsyck indexes the 256-entry static
table b64_xtable with a signed char, so any !!binary byte >= 0x80
sign-extends to a negative index and reads before the table. The
decoder receives the raw bytes of any !!binary node, a standard YAML
type not gated by $LoadBlessed or $LoadCode, so it is reached on the
default Load path.

Any caller that runs Load or LoadFile on an untrusted document
containing a !!binary scalar with a high-bit byte triggers the read,
and the value read can surface in the decoded result.

Problem types
-------------
- CWE-125 Out-of-bounds Read

Solutions
---------
Upgrade to YAML-Syck 1.47 or later.


References
----------
https://metacpan.org/release/TODDR/YAML-Syck-1.47/changes
https://github.com/toddr/YAML-Syck/commit/44c90a109ec3215ee7ce747bd11209835e123d8b.patch

-- 
Paul Johnson - paul@...j.net

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.