Perl
By the Year
In 2023 there have been 0 vulnerabilities in Perl . Perl did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 3 | 8.10 |
| 2019 | 0 | 0.00 |
| 2018 | 8 | 9.14 |
It may take a day or so for new Perl vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Perl Security Vulnerabilities
regcomp.c in Perl before 5.30.3
CVE-2020-12723
7.5 - High
- June 05, 2020
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
Classic Buffer Overflow
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation
CVE-2020-10878
8.6 - High
- June 05, 2020
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
Integer Overflow or Wraparound
Perl before 5.30.3 on 32-bit platforms
CVE-2020-10543
8.2 - High
- June 05, 2020
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
Memory Corruption
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression
CVE-2018-18311
9.8 - Critical
- December 07, 2018
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Memory Corruption
Perl before 5.26.3 has a buffer over-read via a crafted regular expression
CVE-2018-18313
9.1 - Critical
- December 07, 2018
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
Out-of-bounds Read
Perl before 5.26.3 has a buffer overflow via a crafted regular expression
CVE-2018-18314
9.8 - Critical
- December 07, 2018
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Buffer Overflow
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression
CVE-2018-18312
9.8 - Critical
- December 05, 2018
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Buffer Overflow
In Perl through 5.26.2, the Archive::Tar module
CVE-2018-12015
7.5 - High
- June 07, 2018
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
insecure temporary file
An issue was discovered in Perl 5.18 through 5.26
CVE-2018-6797
9.8 - Critical
- April 17, 2018
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.
Memory Corruption
An issue was discovered in Perl 5.22 through 5.26
CVE-2018-6798
7.5 - High
- April 17, 2018
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.
Out-of-bounds Read
Heap-based buffer overflow in the pack function in Perl before 5.26.2
CVE-2018-6913
9.8 - Critical
- April 17, 2018
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
Memory Corruption
Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1
CVE-2017-12837
7.5 - High
- September 19, 2017
Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.
Buffer Overflow
Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1
CVE-2017-12883
9.1 - Critical
- September 19, 2017
Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.
Buffer Overflow
The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22
CVE-2015-8608
9.8 - Critical
- February 07, 2017
The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.
Out-of-bounds Read
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might
CVE-2016-6185
7.8 - High
- August 02, 2016
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process
CVE-2016-2381
7.5 - High
- April 08, 2016
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
Improper Input Validation
