CVE-2026-57075 PUBLISHED

YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syck_base64dec

Assigner: CPANSec
Reserved: 23.06.2026 Published: 16.07.2026 Updated: 17.07.2026

YAML::Syck versions before 1.47 for Perl allow an out-of-bounds read via a signed-char lookup-table index in syck_base64dec.

The base64 decoder in the bundled libsyck indexes the 256-entry static table b64_xtable with a signed char, so any !!binary byte >= 0x80 sign-extends to a negative index and reads before the table. The decoder receives the raw bytes of any !!binary node, a standard YAML type not gated by $LoadBlessed or $LoadCode, so it is reached on the default Load path.

Any caller that runs Load or LoadFile on an untrusted document containing a !!binary scalar with a high-bit byte triggers the read, and the value read can surface in the decoded result.

Product Status

Vendor TODDR
Product YAML::Syck
Versions Default: unaffected
  • affected from 0 to 1.47 (excl.)

Solutions

Upgrade to YAML-Syck 1.47 or later.

References

Problem Types

  • CWE-125 Out-of-bounds Read CWE