Perl Perl

Do you want an email whenever new security vulnerabilities are reported in Perl?

By the Year

In 2022 there have been 0 vulnerabilities in Perl . Perl did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 0 0.00
2020 3 8.10
2019 0 0.00
2018 8 9.14

It may take a day or so for new Perl vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Perl Security Vulnerabilities

regcomp.c in Perl before 5.30.3

CVE-2020-12723 7.5 - High - June 05, 2020

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

Classic Buffer Overflow

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation

CVE-2020-10878 8.6 - High - June 05, 2020

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

Integer Overflow or Wraparound

Perl before 5.30.3 on 32-bit platforms

CVE-2020-10543 8.2 - High - June 05, 2020

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

Memory Corruption

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression

CVE-2018-18311 9.8 - Critical - December 07, 2018

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

Memory Corruption

Perl before 5.26.3 has a buffer over-read via a crafted regular expression

CVE-2018-18313 9.1 - Critical - December 07, 2018

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

Out-of-bounds Read

Perl before 5.26.3 has a buffer overflow via a crafted regular expression

CVE-2018-18314 9.8 - Critical - December 07, 2018

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

Buffer Overflow

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression

CVE-2018-18312 9.8 - Critical - December 05, 2018

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

Buffer Overflow

In Perl through 5.26.2, the Archive::Tar module

CVE-2018-12015 7.5 - High - June 07, 2018

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

insecure temporary file

An issue was discovered in Perl 5.18 through 5.26

CVE-2018-6797 9.8 - Critical - April 17, 2018

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.

Memory Corruption

An issue was discovered in Perl 5.22 through 5.26

CVE-2018-6798 7.5 - High - April 17, 2018

An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.

Out-of-bounds Read

Heap-based buffer overflow in the pack function in Perl before 5.26.2

CVE-2018-6913 9.8 - Critical - April 17, 2018

Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.

Memory Corruption

Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1

CVE-2017-12837 7.5 - High - September 19, 2017

Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.

Buffer Overflow

Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1

CVE-2017-12883 9.1 - Critical - September 19, 2017

Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.

Buffer Overflow

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22

CVE-2015-8608 9.8 - Critical - February 07, 2017

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.

Out-of-bounds Read

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might

CVE-2016-6185 7.8 - High - August 02, 2016

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process

CVE-2016-2381 7.5 - High - April 08, 2016

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

Improper Input Validation

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Oracle Solaris or by Perl? Click the Watch button to subscribe.

Perl
Vendor

Perl
Product

subscribe