GCVE - cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:*

part: a version: 5.10.0 update: rc1

Vendor	Perl (`1e08d0ea-f6e4-5b5b-a347-b9704b70f1d2`)
Product	Perl (`d036ec11-adad-5b60-822b-4cf91054fb72`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/perl`	purl2cpe	2026-06-01 10:17:04.924145
`pkg:deb/ubuntu/perl`	purl2cpe	2026-06-01 10:17:04.924146
`pkg:github/perl/perl5`	purl2cpe	2026-06-01 10:17:04.924147
`pkg:perl/perl5`	purl2cpe	2026-06-01 10:17:04.924149
`pkg:rpm/fedora/perl`	purl2cpe	2026-06-01 10:17:04.924150
`pkg:rpm/opensuse/perl`	purl2cpe	2026-06-01 10:17:04.924155

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2013-1667`	vulnerable	2026-06-03 14:32:50.747703	Details available The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key. Published: 2013-03-12T16:00:00.000Z Updated: 2024-08-06T15:13:31.612Z Open on db.gcve.eu Reference links http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html http://secunia.com/advisories/52472 http://www.mandriva.com/security/advisories?name=MDVSA-2013:113 https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-6329`	vulnerable	2026-06-03 14:32:33.546511	Details available The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6. Published: 2013-01-04T21:00:00.000Z Updated: 2024-08-06T21:28:39.568Z Open on db.gcve.eu Reference links http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.mandriva.com/security/advisories?name=MDVSA-2013:113 http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329 http://sourceforge.net/mailarchive/message.php?msg_id=30219695 http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2939`	vulnerable	2026-06-03 14:31:11.377721	Details available Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow. Published: 2012-01-13T18:00:00.000Z Updated: 2024-08-06T23:15:31.951Z Open on db.gcve.eu Reference links http://secunia.com/advisories/46989 http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod http://secunia.com/advisories/55314 http://www.ubuntu.com/usn/USN-1643-1 http://www.securityfocus.com/bid/49858	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-2728`	vulnerable	2026-06-03 14:31:10.542218	Details available The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference. Published: 2012-12-21T02:00:00.000Z Updated: 2024-08-06T23:08:23.771Z Open on db.gcve.eu Reference links http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77 https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1 http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html http://www.securityfocus.com/bid/49858	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-1487`	vulnerable	2026-06-03 14:31:01.738941	Details available The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. Published: 2011-04-11T18:00:00.000Z Updated: 2024-08-06T22:28:41.416Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=692844 http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html http://secunia.com/advisories/44168 http://secunia.com/advisories/43921	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2011-0761`	vulnerable	2026-06-03 14:30:51.512535	Details available Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call. Published: 2011-05-13T17:00:00.000Z Updated: 2024-08-06T22:05:53.460Z Open on db.gcve.eu Reference links http://www.toucan-system.com/advisories/tssa-2011-03.txt http://securityreason.com/securityalert/8248 http://securitytracker.com/id?1025507 https://exchange.xforce.ibmcloud.com/vulnerabilities/67355 http://www.securityfocus.com/bid/47766	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.