Perl@* Security Vulnerabilities and Issues — Perl@* CVE List

Lucene search

PerlPerl*

12 matches found

CVE•added 2018/12/07 9:29 p.m.•506 views

CVE-2018-18311

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

9.8CVSS9.6AI score0.12041EPSS

CVE•added 2020/06/05 3:15 p.m.•446 views

CVE-2020-12723

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

7.5CVSS8.1AI score0.00201EPSS

CVE•added 2020/06/05 2:15 p.m.•362 views

CVE-2020-10878

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

8.6CVSS8.8AI score0.00148EPSS

CVE•added 2020/06/05 2:15 p.m.•341 views

CVE-2020-10543

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

8.2CVSS8.7AI score0.03944EPSS

CVE•added 2018/04/17 8:29 p.m.•255 views

CVE-2018-6913

Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.

9.8CVSS8AI score0.05812EPSS

CVE•added 2018/12/07 9:29 p.m.•243 views

CVE-2018-18313

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

9.1CVSS8.9AI score0.02701EPSS

CVE•added 2018/12/05 10:29 p.m.•207 views

CVE-2018-18312

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

9.8CVSS9.4AI score0.08537EPSS

CVE•added 2018/12/07 9:29 p.m.•202 views

CVE-2018-18314

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

9.8CVSS9.4AI score0.04683EPSS

CVE•added 2023/04/29 12:15 a.m.•202 views

CVE-2023-31484

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

8.1CVSS7.9AI score0.00911EPSS

CVE•added 2023/04/29 12:15 a.m.•140 views

CVE-2023-31486

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.

8.1CVSS7.9AI score0.00448EPSS

CVE•added 2016/04/08 3:59 p.m.•131 views

CVE-2016-2381

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

7.5CVSS7.3AI score0.19945EPSS

CVE•added 2024/01/02 6:15 a.m.•101 views

CVE-2023-47039

A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (cmd.exe). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system. ...

7.8CVSS7.9AI score0.00065EPSS