Back

Fedora 42 and 43 perl-YAML-Syck Buffer Overflow Vulnerabilities

Severity: High (Score: 70.5)

Sources: Linuxsecurity

Summary

Fedora versions 42 and 43 are affected by high-severity vulnerabilities in the perl-YAML-Syck module, specifically versions up to and including 1.36. These vulnerabilities include a heap buffer overflow in the YAML emitter, which can occur when class names exceed the initial 512-byte allocation. Additionally, the base64 decoder may read past the buffer end on trailing newlines, and a memory leak can occur in the syck_hdlr_add_anchor function. The vulnerabilities could lead to data corruption and potential exploitation. The CVE-2026-4177 was published on March 16, 2026, detailing these issues. Users are advised to update to version 1.39 or later to mitigate these risks. The updates include various bug fixes and improvements to enhance security and functionality. Key Points: • Fedora 42 and 43 are vulnerable to high-severity buffer overflow issues in perl-YAML-Syck. • CVE-2026-4177 details the vulnerabilities, including heap overflow and memory leaks. • Users should update to version 1.39 or later to address these vulnerabilities.

Key Entities

  • CVE-2026-4177 (cve)
  • Fedora (company)
  • Libsyck (platform)
  • YAML (platform)
  • Perl (tool)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed