Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Perl
(Perl)| Repositories | https://github.com/Perl/perl5 |
| #Vulnerabilities | 42 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-04-17 | CVE-2018-6798 | An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure. | Ubuntu_linux, Debian_linux, Perl, Enterprise_linux_server, Enterprise_linux_workstation | 7.5 | ||
| 2018-04-17 | CVE-2018-6797 | An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written. | Ubuntu_linux, Debian_linux, Perl, Enterprise_linux_server, Enterprise_linux_workstation | 9.8 | ||
| 2017-09-19 | CVE-2017-12883 | Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape. | Perl | 9.1 | ||
| 2017-09-19 | CVE-2017-12837 | Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier. | Perl | 7.5 | ||
| 2017-09-28 | CVE-2017-12814 | Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable. | Perl | 9.8 | ||
| 2017-02-07 | CVE-2015-8608 | The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument. | Perl | 9.8 | ||
| 2016-05-25 | CVE-2015-8853 | The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80." | Fedora, Perl | 7.5 | ||
| 2014-09-30 | CVE-2014-4330 | The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function. | Data_dumper, Perl | N/A | ||
| 2015-08-16 | CVE-2013-7422 | Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression. | Mac_os_x, Perl | N/A | ||
| 2013-03-14 | CVE-2013-1667 | The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key. | Perl | N/A |