In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
9.8CVSS
9.4AI Score
0.005EPSS
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
8.1CVSS
7.9AI Score
0.005EPSS
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.
8.1CVSS
7.9AI Score
0.003EPSS
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
7.8CVSS
7.5AI Score
0.0004EPSS
In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.
9.8CVSS
9.1AI Score
0.001EPSS