In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.
Max CVSS
9.8
Published
2023-12-02
Updated
2023-12-14
EPSS
0.06%
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations.
Max CVSS
7.8
Published
2024-01-02
Updated
2024-02-08
EPSS
0.04%
A vulnerability was found in perl. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
Max CVSS
7.8
Published
2023-12-18
Updated
2024-02-05
EPSS
0.04%
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.
Max CVSS
8.1
Published
2023-04-29
Updated
2023-06-21
EPSS
0.24%
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
Max CVSS
8.1
Published
2023-04-29
Updated
2023-08-02
EPSS
0.21%
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
Max CVSS
9.8
Published
2023-08-22
Updated
2023-09-15
EPSS
0.29%
CPAN 2.28 allows Signature Verification Bypass.
Max CVSS
7.8
Published
2021-12-13
Updated
2022-04-01
EPSS
0.13%
A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.
Max CVSS
7.1
Published
2020-09-16
Updated
2022-12-06
EPSS
0.04%
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.
Max CVSS
5.5
Published
2020-09-16
Updated
2021-10-19
EPSS
0.04%
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
Max CVSS
7.5
Published
2020-06-05
Updated
2022-05-12
EPSS
0.32%
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
Max CVSS
8.6
Published
2020-06-05
Updated
2022-05-12
EPSS
0.27%
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
Max CVSS
8.2
Published
2020-06-05
Updated
2022-05-12
EPSS
0.30%
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.
Max CVSS
4.7
Published
2020-09-17
Updated
2022-04-28
EPSS
0.05%
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Max CVSS
9.8
Published
2018-12-07
Updated
2020-07-15
EPSS
2.02%
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
Max CVSS
9.1
Published
2018-12-07
Updated
2020-07-15
EPSS
0.67%
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Max CVSS
9.8
Published
2018-12-05
Updated
2020-07-15
EPSS
2.83%
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
Max CVSS
9.8
Published
2018-12-07
Updated
2020-08-24
EPSS
0.53%
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
Max CVSS
7.5
Published
2018-06-07
Updated
2020-08-24
EPSS
57.00%
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
Max CVSS
9.8
Published
2018-04-17
Updated
2020-08-24
EPSS
1.86%
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.
Max CVSS
7.5
Published
2018-04-17
Updated
2020-07-15
EPSS
0.53%
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.
Max CVSS
9.8
Published
2018-04-17
Updated
2020-08-24
EPSS
0.85%
Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.
Max CVSS
9.1
Published
2017-09-19
Updated
2020-07-15
EPSS
2.03%
Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.
Max CVSS
7.5
Published
2017-09-19
Updated
2020-07-15
EPSS
1.86%
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.
Max CVSS
9.8
Published
2017-09-28
Updated
2020-07-15
EPSS
1.49%
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.
Max CVSS
7.8
Published
2016-08-02
Updated
2021-09-17
EPSS
0.04%
58 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!