Perl

Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of zlib which has several vulnerabilities, including CVE-2026-27171. The bundled Compress::Raw::Zlib was updated to version 2.221 in Perl blead commit c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94.

Published: 2026-03-29T20:50:51.058Z
Updated: 2026-03-30T15:35:08.162Z

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6

Published: 2025-05-30T12:20:11.237Z
Updated: 2026-04-18T14:15:40.356Z

A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.    $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;'    Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.

Published: 2025-04-13T13:16:09.841Z
Updated: 2025-10-16T14:04:20.393Z

Published: 2023-12-02T00:00:00.000Z
Updated: 2025-10-07T17:35:46.790Z

A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations.

Published: 2024-01-02T05:30:53.168Z
Updated: 2025-11-20T17:57:11.573Z

A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.

Published: 2023-12-18T13:43:07.713Z
Updated: 2026-01-22T00:06:16.471Z

HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.

Published: 2023-04-28T00:00:00.000Z
Updated: 2025-01-30T19:26:26.203Z

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.

Published: 2023-04-28T00:00:00.000Z
Updated: 2025-11-03T21:48:25.528Z

Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value.

Published: 2021-08-11T22:49:04.000Z
Updated: 2025-11-03T21:45:03.119Z

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

Published: 2020-06-05T14:20:50.000Z
Updated: 2024-08-04T12:04:22.480Z

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

Published: 2020-06-05T13:27:22.000Z
Updated: 2024-08-04T11:14:15.674Z

Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.

Published: 2018-04-17T20:00:00.000Z
Updated: 2024-08-05T06:17:17.123Z

An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.

Published: 2018-04-17T20:00:00.000Z
Updated: 2024-08-05T06:10:11.392Z

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.

Published: 2018-04-17T20:00:00.000Z
Updated: 2024-08-05T06:10:11.385Z

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

Published: 2018-12-07T21:00:00.000Z
Updated: 2024-08-05T11:08:21.410Z

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

Published: 2018-12-07T21:00:00.000Z
Updated: 2024-08-05T11:08:21.173Z

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

Published: 2018-12-05T22:00:00.000Z
Updated: 2024-08-05T11:08:21.746Z

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

Published: 2018-12-07T21:00:00.000Z
Updated: 2024-08-05T11:08:21.612Z

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

Published: 2018-06-07T13:00:00.000Z
Updated: 2024-08-05T08:24:03.584Z

Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.

Published: 2017-09-19T18:00:00.000Z
Updated: 2024-08-05T18:51:06.922Z

Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.

Published: 2017-09-19T18:00:00.000Z
Updated: 2024-08-05T18:51:06.539Z

Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.

Published: 2017-09-27T17:00:00.000Z
Updated: 2024-08-05T18:51:06.126Z

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.

Published: 2016-08-02T14:00:00.000Z
Updated: 2024-08-06T01:22:20.675Z

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

Published: 2016-04-08T15:00:00.000Z
Updated: 2024-08-05T23:24:49.270Z

Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.

Published: 2016-10-05T16:00:00.000Z
Updated: 2024-08-05T22:48:13.670Z

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."

Published: 2016-05-25T15:00:00.000Z
Updated: 2024-08-06T08:29:22.074Z

The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.

Published: 2014-09-30T16:00:00.000Z
Updated: 2024-08-06T11:12:34.783Z

The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.

Published: 2013-01-04T21:00:00.000Z
Updated: 2024-08-06T21:28:39.568Z

Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.

Published: 2012-09-09T21:00:00.000Z
Updated: 2024-08-06T18:45:27.524Z

The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.

Published: 2011-10-10T10:00:00.000Z
Updated: 2024-08-06T23:37:48.587Z

Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.

Published: 2012-01-13T18:00:00.000Z
Updated: 2024-08-06T23:15:31.951Z

The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.

Published: 2012-12-21T02:00:00.000Z
Updated: 2024-08-06T23:08:23.771Z

The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input.

Published: 2011-09-14T15:00:00.000Z
Updated: 2024-08-06T22:53:17.470Z

The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods."

Published: 2010-06-21T16:00:00.000Z
Updated: 2024-08-07T01:14:06.670Z

Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391.

Published: 2009-08-19T17:00:00.000Z
Updated: 2024-08-07T05:27:54.590Z

Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows.

Published: 2009-04-30T20:00:00.000Z
Updated: 2024-08-07T04:40:05.324Z

Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.

Published: 2002-03-09T05:00:00.000Z
Updated: 2024-08-01T17:11:02.970Z