Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-12T16:14:21 perl-YAML-Syck: perl-YAML-Syck: Information disclosure via out-of-bounds read in base60 parsing 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CWE-125

YAML::Syck versions before 1.38 for Perl has an out-of-bounds read. The base60 (sexagesimal) parsing code in perl_syck.h has a buffer underflow bug in both int#base60 and float#base60 handlers. When processing the leftmost segment of a colon-separated value (e.g., the 1 in 1:30:45), the inner while loop can decrement a pointer past the start of the string buffer: while ( colon >= ptr && *colon != ':' ) { colon--; } if ( *colon == ':' ) *colon = '\0'; // colon may be ptr-1 here When no colon is found (final/leftmost segment), colon becomes ptr-1, and the subsequent *colon dereference reads one byte before the allocated buffer.

A flaw was found in perl-YAML-Syck. The base60 (sexagesimal) parsing code in perl_syck.h contains a buffer underflow vulnerability. When processing specially crafted colon-separated values, an attacker could cause the parser to read one byte before the allocated buffer. This out-of-bounds read may lead to information disclosure.

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. Red Hat Enterprise Linux 6 Fix deferred perl-YAML-Syck Red Hat Enterprise Linux 8 Fix deferred perl-YAML-Syck https://www.cve.org/CVERecord?id=CVE-2026-5089 https://nvd.nist.gov/vuln/detail/CVE-2026-5089 https://github.com/cpan-authors/YAML-Syck/commit/208a4d3bd1b5cdb4a791a6e3905bd6bd45e9d005.patch https://github.com/cpan-authors/YAML-Syck/issues/132 https://github.com/cpan-authors/YAML-Syck/pull/133 https://metacpan.org/release/TODDR/YAML-Syck-1.38/changes