{"id":"CVE-2025-11683","details":"YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and potential information disclosure\n\nMissing null terminators in token.c leads to but-of-bounds read which allows adjacent variable to be read\n\nThe issue is seen with complex YAML files with a hash of all keys and empty values.  There is no indication that the issue leads to accessing memory outside that allocated to the module.","modified":"2026-05-22T18:29:30.135352512Z","published":"2025-10-16T01:15:32.890Z","related":["openSUSE-SU-2026:10746-1","openSUSE-SU-2026:20771-1"],"references":[{"type":"ADVISORY","url":"https://metacpan.org/dist/YAML-Syck/changes"},{"type":"REPORT","url":"https://github.com/cpan-authors/YAML-Syck/pull/65"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cpan-authors/YAML-Syck","events":[{"introduced":"0"},{"fixed":"5240a54e6afb0bdabbaf11714475dd9b3d8f16fa"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.36"}]}}],"versions":["0.01","0.02","0.03","0.04","0.05","0.06","0.07","0.08","0.09","0.10","0.11","0.12","0.13","0.14","0.15","0.16","0.17","0.18","0.19","0.20","0.21","0.22","0.23","0.24","0.25","0.26","0.27","0.28","0.29","0.30","0.31","0.32","0.33","0.34","0.35","0.36","0.37","0.38","0.40","0.41","0.42","0.43","0.44","0.45","0.46_01","0.60","0.61","0.62","0.63","0.64","0.65","0.66","0.67","0.70","0.71","0.72","0.80","0.81","0.82","0.84","0.85","0.86","0.87","0.88","0.90","0.91","0.94","0.95","0.96","0.97","0.98","0.99","1.00","1.01","1.02","1.03","1.04","1.05","1.07","1.07_01","1.08","1.08_01","1.09","1.10","1.10_01","1.10_02","1.10_03","1.10_04","1.10_05","1.10_06","1.10_07","1.11","1.12","1.13","1.14","1.15","1.20","1.21_01","1.22","1.23","1.24_01","1.24_02","1.26","1.27","1.28","1.28_01","1.29_01","1.30","1.30_01","1.31","1.32","1.33","1.34","1.35","v1.28","v1.28_01","v1.29_01","v1.30","v1.30_01","v1.31","v1.32","v1.33","v1.34","v1.35"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-11683.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}