Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Perl
(Perl)| Repositories | https://github.com/Perl/perl5 |
| #Vulnerabilities | 42 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-12-07 | CVE-2018-18311 | Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | Mac_os_x, Ubuntu_linux, Debian_linux, Fedora, Web_gateway, E\-Series_santricity_os_controller, Snap_creator_framework, Snapcenter, Snapdriver, Perl, Enterprise_linux, Enterprise_linux_desktop, Enterprise_linux_eus, Enterprise_linux_server, Enterprise_linux_server_aus, Enterprise_linux_server_tus, Enterprise_linux_workstation, Openshift_container_platform | 9.8 | ||
| 2018-12-07 | CVE-2018-18313 | Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. | Mac_os_x, Ubuntu_linux, Debian_linux, E\-Series_santricity_os_controller, Snap_creator_framework, Snapcenter, Snapdrive, Perl, Enterprise_linux | 9.1 | ||
| 2018-12-07 | CVE-2018-18314 | Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | Ubuntu_linux, Debian_linux, E\-Series_santricity_os_controller, Snap_creator_framework, Snapcenter, Snapdrive, Perl, Enterprise_linux | 9.8 | ||
| 2020-06-05 | CVE-2020-10543 | Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. | Fedora, Leap, Communications_billing_and_revenue_management, Communications_diameter_signaling_router, Communications_eagle_application_processor, Communications_eagle_lnp_application_processor, Communications_lsms, Communications_offline_mediation_controller, Communications_performance_intelligence_center, Communications_pricing_design_center, Configuration_manager, Enterprise_manager_base_platform, Sd\-Wan_edge, Tekelec_platform_distribution, Perl | 8.2 | ||
| 2020-06-05 | CVE-2020-10878 | Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. | Fedora, Oncommand_workflow_automation, Snap_creator_framework, Leap, Communications_billing_and_revenue_management, Communications_diameter_signaling_router, Communications_eagle_application_processor, Communications_eagle_lnp_application_processor, Communications_lsms, Communications_offline_mediation_controller, Communications_performance_intelligence_center, Communications_pricing_design_center, Configuration_manager, Enterprise_manager_base_platform, Sd\-Wan_aware, Tekelec_platform_distribution, Perl | 8.6 | ||
| 2020-06-05 | CVE-2020-12723 | regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. | Fedora, Oncommand_workflow_automation, Snap_creator_framework, Leap, Communications_billing_and_revenue_management, Communications_diameter_signaling_router, Communications_eagle_application_processor, Communications_eagle_lnp_application_processor, Communications_lsms, Communications_offline_mediation_controller, Communications_performance_intelligence_center, Configuration_manager, Enterprise_manager_base_platform, Sd\-Wan_edge, Tekelec_platform_distribution, Perl | 7.5 | ||
| 2023-04-29 | CVE-2023-31484 | CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. | Cpanpm, Perl | 8.1 | ||
| 2023-08-22 | CVE-2022-48522 | In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation. | Perl | 9.8 | ||
| 2023-04-29 | CVE-2023-31486 | HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. | Http\:\:tiny, Perl | 8.1 | ||
| 2012-01-13 | CVE-2011-2939 | Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow. | Encode_module, Perl | N/A |