Perl : Security Vulnerabilities, CVEs, CVSS score >= 8
In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.
Max CVSS
9.8
EPSS Score
0.06%
Published
2023-12-02
Updated
2023-12-14
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.
Max CVSS
8.1
EPSS Score
0.24%
Published
2023-04-29
Updated
2023-06-21
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
Max CVSS
8.1
EPSS Score
0.24%
Published
2023-04-29
Updated
2023-08-02
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
Max CVSS
9.8
EPSS Score
0.29%
Published
2023-08-22
Updated
2023-09-15
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
Max CVSS
8.6
EPSS Score
0.29%
Published
2020-06-05
Updated
2022-05-12
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
Max CVSS
8.2
EPSS Score
0.32%
Published
2020-06-05
Updated
2022-05-12
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Max CVSS
9.8
EPSS Score
2.02%
Published
2018-12-07
Updated
2020-07-15
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
Max CVSS
9.1
EPSS Score
0.67%
Published
2018-12-07
Updated
2020-07-15
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Max CVSS
9.8
EPSS Score
2.83%
Published
2018-12-05
Updated
2020-07-15
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Max CVSS
9.8
EPSS Score
0.53%
Published
2018-12-07
Updated
2020-08-24
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
Max CVSS
9.8
EPSS Score
1.70%
Published
2018-04-17
Updated
2020-08-24
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.
Max CVSS
9.8
EPSS Score
0.85%
Published
2018-04-17
Updated
2020-08-24
Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.
Max CVSS
9.1
EPSS Score
2.03%
Published
2017-09-19
Updated
2020-07-15
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.
Max CVSS
9.8
EPSS Score
1.49%
Published
2017-09-28
Updated
2020-07-15
The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.
Max CVSS
9.8
EPSS Score
5.47%
Published
2017-02-07
Updated
2020-07-15
15 vulnerabilities found