7.5
CVE-2026-8829
- EPSS 0.3%
- Veröffentlicht 04.06.2026 02:03:46
- Zuletzt bearbeitet 08.06.2026 16:29:43
- Quelle 9b29abf9-4ab0-4765-b253-1875cd
- CVE-Watchlists
- Unerledigt
LoginHTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities
HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities. The XS routine backing HTML::Entities::_decode_entities cached a pointer (repl) into the entity-value SV returned by hv_fetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and that value contained its own key as an entity reference, a later call to grow_gap() reallocated the SV's PV buffer and freed the backing allocation that repl still pointed into. The subsequent copy loop read repl_len bytes from the freed allocation. The read may disclose adjacent heap contents into the destination SV.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Oalders ≫ Html::entities SwPlatformperl Version < 3.84
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.217 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-416 Use After Free
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.
https://github.com/libwww-perl/HTML-Parser/pull/56
https://github.com/libwww-perl/HTML-Parser/commit/6922552b0778c90a9587a3894e248be4d3a25e1c.patch
http://www.openwall.com/lists/oss-security/2026/06/04/2