Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.
Max CVSS
9.1
EPSS Score
2.03%
Published
2017-09-19
Updated
2020-07-15
Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.
Max CVSS
7.5
EPSS Score
1.86%
Published
2017-09-19
Updated
2020-07-15
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.
Max CVSS
9.8
EPSS Score
1.49%
Published
2017-09-28
Updated
2020-07-15
The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.
Max CVSS
9.8
EPSS Score
5.47%
Published
2017-02-07
Updated
2020-07-15
4 vulnerabilities found