CVE-2026-13713 in YAML::Syck情報

要約

〜によって MITRE • 2026年07月17日

YAML::Syck versions before 1.47 for Perl allow a use-after-free and double-free via an anchor node freed while still on the parser value stack.

In the bundled libsyck, when an anchor name is redefined or removed, syck_hdlr_add_anchor and syck_hdlr_remove_anchor free the node stored under that name with syck_free_node. That node can still be live on the parser's value stack, so syck_hdlr_add_node reaches it again and frees it a second time. On a normal build the 48-byte node chunk is freed twice and the interpreter aborts. Anchors need no special flags, so this is reached on the default Load path, and a 7-byte document that redefines an anchor triggers it.

Any caller that runs Load or LoadFile on an untrusted document that redefines an anchor mid-parse crashes the interpreter, a denial of service.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

責任者

CPANSec

予約する

2026年06月29日

モデレーション

承諾済み

エントリ

VDB-379664

EPSS

0.00000

アクティビティ

非常低い

ソース

Do you want to use VulDB in your project?

Use the official API to access entries easily!