54 matches found
Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk
...
Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack
...
UBUNTU-CVE-2026-13221
Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perlstudychunk. When such branches are combined into a trie, the delta between the first branch and the shared tail is stored ...
Linux Distros Unpatched Vulnerability : CVE-2026-57432
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Perl versions through 5.43.10 have an integer overflow in Smeasurestruct leading to an out-of-bounds heap read in pack and unpack. Smeasurestruct adds each item...
Linux Distros Unpatched Vulnerability : CVE-2026-13221
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into...
EUVD-2026-42124
DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders. DBI version 1.650 sets a hard limit of 99,999 placeholders...
MGASA-2026-0220 Updated perl packages fix security vulnerabilities
Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. CVE-2026-8376...
Linux Distros Unpatched Vulnerability : CVE-2026-10725
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small...
CVE-2026-49942 Net::CIDR::Set versions through 0.20 for Perl did not validate network masks
Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could contain Unicode digits such as the Arabic-Indic One U+0661, or non-digits, which were ignored. This could allow network masks to accept larger networks. Leading zeros were also...
CVE-2026-49942 Net::CIDR::Set versions through 0.20 for Perl did not validate network masks
Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could contain Unicode digits such as the Arabic-Indic One U+0661, or non-digits, which were ignored. This could allow network masks to accept larger networks. Leading zeros were also...
Linux Distros Unpatched Vulnerability : CVE-2026-42496
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. makespecialfile passes the tar...
CVE-2026-8463 Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2_verify on empty encoded input
Crypt::Argon2 versions from 0.017 before 0.031 for Perl perform a heap out-of-bounds read in argon2verify on empty encoded input. The auto-detect form of argon2verify passes encodedlen - 1 as the length argument to memchr without checking that encodedlen is non-zero. When the encoded string is...
EUVD-2026-25833
Text::Minify::XS versions from v0.3.0 before v0.7.8 for Perl have a heap overflow when processing some malformed UTF-8 characters. The minify functions mishandled some malformed UTF-8 characters, leading to heap corruption. Note that the minifyutf8 function is an alias for minnify...
Security update for perl
This update for perl fixes the following issue: CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow bsc1262486. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch". Alternatively you can run...
SUSE CVE-2026-4176
Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of...
Linux Distros Unpatched Vulnerability : CVE-2026-4176
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib...
CVE-2026-4176
Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of...
CVE-2026-4176 Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib
Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of...
CVE-2026-4176
Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of...
CVE-2026-4176
Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of...