In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.
Max CVSS
9.8
EPSS Score
0.06%
Published
2023-12-02
Updated
2023-12-14
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.
Max CVSS
8.1
EPSS Score
0.24%
Published
2023-04-29
Updated
2023-06-21
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
Max CVSS
8.1
EPSS Score
0.24%
Published
2023-04-29
Updated
2023-08-02
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
Max CVSS
9.8
EPSS Score
0.29%
Published
2023-08-22
Updated
2023-09-15
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
Max CVSS
8.6
EPSS Score
0.27%
Published
2020-06-05
Updated
2022-05-12
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
Max CVSS
8.2
EPSS Score
0.30%
Published
2020-06-05
Updated
2022-05-12
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Max CVSS
9.8
EPSS Score
2.02%
Published
2018-12-07
Updated
2020-07-15
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
Max CVSS
9.1
EPSS Score
0.67%
Published
2018-12-07
Updated
2020-07-15
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Max CVSS
9.8
EPSS Score
2.83%
Published
2018-12-05
Updated
2020-07-15
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Max CVSS
9.8
EPSS Score
0.53%
Published
2018-12-07
Updated
2020-08-24
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
Max CVSS
9.8
EPSS Score
1.70%
Published
2018-04-17
Updated
2020-08-24
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.
Max CVSS
9.8
EPSS Score
0.85%
Published
2018-04-17
Updated
2020-08-24
Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.
Max CVSS
9.1
EPSS Score
2.03%
Published
2017-09-19
Updated
2020-07-15
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.
Max CVSS
9.8
EPSS Score
1.49%
Published
2017-09-28
Updated
2020-07-15
The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.
Max CVSS
9.8
EPSS Score
5.47%
Published
2017-02-07
Updated
2020-07-15
15 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!