Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

CVE-2026-57076

Gravedad:
Pendiente de análisis
Tipo:
CWE-416 Utilización después de liberación
Fecha de publicación:
16/07/2026
Última modificación:
16/07/2026

Descripción

*** Pendiente de traducción *** YAML::Syck versions before 1.47 for Perl allow a heap use-after-free via an anchor name reused as an anchors-table key in syck_hdlr_add_anchor.<br /> <br /> In the bundled libsyck an anchor name allocated by syck_strndup is stored both as node-&gt;anchor, freed when the node is freed, and as the key in the parser&amp;#39;s anchors table. Freeing the node frees the shared key, and a later anchor redefinition makes st_delete compare against the freed key, so st_strcmp reads freed heap memory. Anchors are a standard YAML feature and need no special flags, so this is reached on the default Load path.<br /> <br /> Any caller that runs Load or LoadFile on an untrusted document that redefines an anchor reaches the read of freed memory.

Impacto