vulnerability

Debian: CVE-2025-11683: libyaml-syck-perl -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
6	(AV:A/AC:L/Au:N/C:C/I:N/A:N)	Jan 12, 2026	Jan 12, 2026	Jan 13, 2026

Severity

CVSS

(AV:A/AC:L/Au:N/C:C/I:N/A:N)

Published

Jan 12, 2026

Added

Jan 12, 2026

Modified

Jan 13, 2026

Description

YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read The issue is seen with complex YAML files with a hash of all keys and empty values. There is no indication that the issue leads to accessing memory outside that allocated to the module.

Solution

debian-upgrade-libyaml-syck-perl

References

CVE-2025-11683
https://attackerkb.com/topics/CVE-2025-11683
CWE-119

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today