Perl : Security Vulnerabilities, CVEs, CVSS score >= 9
The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.
Max CVSS
9.8
EPSS Score
5.47%
Published
2017-02-07
Updated
2020-07-15
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.
Max CVSS
9.8
EPSS Score
1.49%
Published
2017-09-28
Updated
2020-07-15
Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.
Max CVSS
9.1
EPSS Score
2.03%
Published
2017-09-19
Updated
2020-07-15
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.
Max CVSS
9.8
EPSS Score
0.85%
Published
2018-04-17
Updated
2020-08-24
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
Max CVSS
9.8
EPSS Score
1.70%
Published
2018-04-17
Updated
2020-08-24
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Max CVSS
9.8
EPSS Score
0.53%
Published
2018-12-07
Updated
2020-08-24
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Max CVSS
9.8
EPSS Score
2.83%
Published
2018-12-05
Updated
2020-07-15
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
Max CVSS
9.1
EPSS Score
0.67%
Published
2018-12-07
Updated
2020-07-15
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Max CVSS
9.8
EPSS Score
2.02%
Published
2018-12-07
Updated
2020-07-15
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
Max CVSS
9.8
EPSS Score
0.29%
Published
2023-08-22
Updated
2023-09-15
In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.
Max CVSS
9.8
EPSS Score
0.06%
Published
2023-12-02
Updated
2023-12-14
11 vulnerabilities found