vulnerability
Amazon Linux 2023: CVE-2026-4177: Important priority package update for perl-YAML-Syck
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:N/C:P/I:P/A:P) | Mar 16, 2026 | Apr 7, 2026 | Apr 7, 2026 |
Severity
7
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
Mar 16, 2026
Added
Apr 7, 2026
Modified
Apr 7, 2026
Description
Multiple security issues have been discovered in the perl YAML::Syck module. A heap overflow occurs when class names exceed the initial 512-byte allocation, a base64 decoder could read past the buffer end on trailing newlines. strtok mutated n->type_id in place, corrupting shared node data, and a memory leak occurred in syck_hdlr_add_anchor when a node already had an anchor. The incoming anchor string 'a' was leaked on early return.
Solutions
amazon-linux-2023-upgrade-perl-yaml-syckamazon-linux-2023-upgrade-perl-yaml-syck-debuginfoamazon-linux-2023-upgrade-perl-yaml-syck-debugsourceamazon-linux-2023-upgrade-perl-yaml-syck-tests
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.