vulnerability
Amazon Linux 2023: CVE-2025-11683: Important priority package update for perl-YAML-Syck
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:A/AC:L/Au:N/C:C/I:N/A:N) | Oct 16, 2025 | Oct 28, 2025 | Oct 28, 2025 |
Severity
6
CVSS
(AV:A/AC:L/Au:N/C:C/I:N/A:N)
Published
Oct 16, 2025
Added
Oct 28, 2025
Modified
Oct 28, 2025
Description
YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure
Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read
The issue is seen with complex YAML files with a hash of all keys and empty values. There is no indication that the issue leads to accessing memory outside that allocated to the module.
Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read
The issue is seen with complex YAML files with a hash of all keys and empty values. There is no indication that the issue leads to accessing memory outside that allocated to the module.
Solutions
amazon-linux-2023-upgrade-perl-yaml-syckamazon-linux-2023-upgrade-perl-yaml-syck-debuginfoamazon-linux-2023-upgrade-perl-yaml-syck-debugsource
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.