漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
YAML::Syck versions before 1.36 for Perl has missing Null-Terminators which causes Out-of-Bounds Read and potential Information Disclosure
Vulnerability Description
YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure Missing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read The issue is seen with complex YAML files with a hash of all keys and empty values. There is no indication that the issue leads to accessing memory outside that allocated to the module.
CVSS Information
N/A
Vulnerability Type
内存缓冲区边界内操作的限制不恰当
Vulnerability Title
YAML::Syck 安全漏洞
Vulnerability Description
YAML::Syck是CPAN Authors开源的一个Perl库。 YAML::Syck 1.36之前版本存在安全漏洞,该漏洞源于token.c中缺少空终止符,可能导致越界读取和信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A