CVE-2026-5089: CWE-124 Buffer Underwrite ('Buffer Underflow') in TODDR YAML::Syck
CVE-2026-5089 is a buffer underwrite (buffer underflow) vulnerability in YAML::Syck versions before 1. 38 for Perl. The flaw exists in the base60 parsing code within perl_syck. h, where pointer arithmetic can cause a pointer to decrement before the start of the string buffer during parsing of colon-separated values. This results in an out-of-bounds read of memory preceding the allocated buffer.
AI Analysis
Technical Summary
YAML::Syck versions prior to 1.38 for Perl contain a buffer underwrite vulnerability (CWE-124) in the base60 (sexagesimal) parsing functions int#base60 and float#base60 within perl_syck.h. Specifically, when parsing the leftmost segment of a colon-separated time value, an inner loop decrements a pointer until it reaches before the start of the buffer if no colon is found. This leads to dereferencing memory one byte before the allocated buffer, causing an out-of-bounds read. This vulnerability could potentially lead to undefined behavior or memory disclosure depending on usage context.
Potential Impact
The vulnerability causes an out-of-bounds read of memory preceding the allocated buffer during YAML parsing. While no direct exploit in the wild is known, such memory access errors can lead to application crashes or potentially expose sensitive memory contents. No CVSS score is assigned, and no vendor advisory or patch information is currently available.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should consider avoiding processing untrusted YAML data with vulnerable versions of YAML::Syck. Monitor official TODDR or YAML::Syck project channels for updates or patches addressing this issue.
CVE-2026-5089: CWE-124 Buffer Underwrite ('Buffer Underflow') in TODDR YAML::Syck
Description
CVE-2026-5089 is a buffer underwrite (buffer underflow) vulnerability in YAML::Syck versions before 1. 38 for Perl. The flaw exists in the base60 parsing code within perl_syck. h, where pointer arithmetic can cause a pointer to decrement before the start of the string buffer during parsing of colon-separated values. This results in an out-of-bounds read of memory preceding the allocated buffer.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
YAML::Syck versions prior to 1.38 for Perl contain a buffer underwrite vulnerability (CWE-124) in the base60 (sexagesimal) parsing functions int#base60 and float#base60 within perl_syck.h. Specifically, when parsing the leftmost segment of a colon-separated time value, an inner loop decrements a pointer until it reaches before the start of the buffer if no colon is found. This leads to dereferencing memory one byte before the allocated buffer, causing an out-of-bounds read. This vulnerability could potentially lead to undefined behavior or memory disclosure depending on usage context.
Potential Impact
The vulnerability causes an out-of-bounds read of memory preceding the allocated buffer during YAML parsing. While no direct exploit in the wild is known, such memory access errors can lead to application crashes or potentially expose sensitive memory contents. No CVSS score is assigned, and no vendor advisory or patch information is currently available.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, users should consider avoiding processing untrusted YAML data with vulnerable versions of YAML::Syck. Monitor official TODDR or YAML::Syck project channels for updates or patches addressing this issue.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- CPANSec
- Date Reserved
- 2026-03-28T19:33:37.653Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a03d8cfcbff5d86103ec249
Added to database: 5/13/2026, 1:50:07 AM
Last enriched: 5/13/2026, 1:56:11 AM
Last updated: 5/13/2026, 4:37:25 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.