CVE-2026-57076
Gravedad:
Pendiente de análisis
Tipo:
CWE-416
Utilización después de liberación
Fecha de publicación:
16/07/2026
Última modificación:
16/07/2026
Descripción
*** Pendiente de traducción *** YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syck_hdlr_add_anchor.<br />
<br />
In the bundled libsyck an anchor name allocated by syck_strndup is stored both as node->anchor, freed when the node is freed, and as the key in the parser&#39;s anchors table. Freeing the node frees the shared key, and a later anchor redefinition makes st_delete compare against the freed key, so st_strcmp reads freed heap memory. Anchors are a standard YAML feature and need no special flags, so this is reached on the default Load path.<br />
<br />
Any caller that runs Load or LoadFile on an untrusted document that redefines an anchor reaches the read of freed memory.



