Perl

Perl

48 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 4.01%
  • Veröffentlicht 17.04.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:11:13

An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.

  • EPSS 6.6%
  • Veröffentlicht 17.04.2018 20:29:00
  • Zuletzt bearbeitet 21.11.2024 04:11:13

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.

Exploit
  • EPSS 6.98%
  • Veröffentlicht 28.09.2017 01:29:01
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.

  • EPSS 5.91%
  • Veröffentlicht 19.09.2017 18:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular exp...

  • EPSS 6.21%
  • Veröffentlicht 19.09.2017 18:29:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and th...

Exploit
  • EPSS 4.62%
  • Veröffentlicht 07.02.2017 15:59:00
  • Zuletzt bearbeitet 13.05.2026 00:24:29

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.

Exploit
  • EPSS 0.79%
  • Veröffentlicht 02.08.2016 14:59:02
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.

  • EPSS 0.78%
  • Veröffentlicht 02.08.2016 14:59:00
  • Zuletzt bearbeitet 06.05.2026 22:30:45

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpa...

  • EPSS 2.55%
  • Veröffentlicht 25.05.2016 15:59:01
  • Zuletzt bearbeitet 06.05.2026 22:30:45

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."

  • EPSS 9.01%
  • Veröffentlicht 08.04.2016 15:59:05
  • Zuletzt bearbeitet 06.05.2026 22:30:45

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.