Perl

A vulnerability was found in Perl

CVE-2023-47039 7.8 - High - January 02, 2024

A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations.

Memory Corruption

A vulnerability was found in perl 5.30.0 through 5.38.0

CVE-2023-47038 7.8 - High - December 18, 2023

A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.

Memory Corruption

In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{

CVE-2023-47100 9.8 - Critical - December 02, 2023

In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.

Improper Handling of Exceptional Conditions

In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash

CVE-2022-48522 9.8 - Critical - August 22, 2023

In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.

Memory Corruption

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

CVE-2023-31484 8.1 - High - April 29, 2023

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

Improper Certificate Validation

HTTP::Tiny before 0.083

CVE-2023-31486 8.1 - High - April 29, 2023

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.

Improper Certificate Validation

regcomp.c in Perl before 5.30.3

CVE-2020-12723 7.5 - High - June 05, 2020

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

Classic Buffer Overflow

Perl before 5.30.3 on 32-bit platforms

CVE-2020-10543 8.2 - High - June 05, 2020

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

Memory Corruption

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation

CVE-2020-10878 8.6 - High - June 05, 2020

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

Integer Overflow or Wraparound

Perl before 5.26.3 has a buffer overflow via a crafted regular expression

CVE-2018-18314 9.8 - Critical - December 07, 2018

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

Buffer Overflow

Perl before 5.26.3 has a buffer over-read via a crafted regular expression

CVE-2018-18313 9.1 - Critical - December 07, 2018

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

Out-of-bounds Read

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression

CVE-2018-18311 9.8 - Critical - December 07, 2018

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

Memory Corruption

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression

CVE-2018-18312 9.8 - Critical - December 05, 2018

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

Buffer Overflow

In Perl through 5.26.2, the Archive::Tar module

CVE-2018-12015 7.5 - High - June 07, 2018

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

insecure temporary file

Heap-based buffer overflow in the pack function in Perl before 5.26.2

CVE-2018-6913 9.8 - Critical - April 17, 2018

Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.

Memory Corruption

An issue was discovered in Perl 5.22 through 5.26

CVE-2018-6798 7.5 - High - April 17, 2018

An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.

Out-of-bounds Read

An issue was discovered in Perl 5.18 through 5.26

CVE-2018-6797 9.8 - Critical - April 17, 2018

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.

Memory Corruption

Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1

CVE-2017-12883 9.1 - Critical - September 19, 2017

Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.

Buffer Overflow

Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1

CVE-2017-12837 7.5 - High - September 19, 2017

Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.

Buffer Overflow

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22

CVE-2015-8608 9.8 - Critical - February 07, 2017

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.

Out-of-bounds Read

(1) cpan/Archive-Tar/bin/ptar

CVE-2016-1238 7.8 - High - August 02, 2016

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

Permissions, Privileges, and Access Controls

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might

CVE-2016-6185 7.8 - High - August 02, 2016

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process

CVE-2016-2381 7.5 - High - April 08, 2016

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

Improper Input Validation

Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might

CVE-2011-2939 - January 13, 2012

Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.

Numeric Errors

Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which

CVE-1999-1386 5.5 - Medium - December 31, 1999

Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.

insecure temporary file