Unrated severityNVD Advisory· Published Apr 13, 2025· Updated Oct 16, 2025
Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes
CVE-2024-56406
Description
A heap buffer overflow vulnerability was discovered in Perl.
Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10.
When there are non-ASCII bytes in the left-hand-side of the tr operator, S_do_trans_invmap can overflow the destination pointer d.
$ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;' Segmentation fault (core dumped)
It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
105>=5.33.1 <=5.41.10 (affected branches 5.34, 5.36, 5.38, 5.40)+ 1 more
- (no CPE)range: >=5.33.1 <=5.41.10 (affected branches 5.34, 5.36, 5.38, 5.40)
- (no CPE)range: 5.41.0
- osv-coords103 versionspkg:rpm/almalinux/perlpkg:rpm/almalinux/perl-Attribute-Handlerspkg:rpm/almalinux/perl-AutoLoaderpkg:rpm/almalinux/perl-AutoSplitpkg:rpm/almalinux/perl-autousepkg:rpm/almalinux/perl-Bpkg:rpm/almalinux/perl-basepkg:rpm/almalinux/perl-Benchmarkpkg:rpm/almalinux/perl-blibpkg:rpm/almalinux/perl-Class-Structpkg:rpm/almalinux/perl-Config-Extensionspkg:rpm/almalinux/perl-DBM_Filterpkg:rpm/almalinux/perl-debuggerpkg:rpm/almalinux/perl-deprecatepkg:rpm/almalinux/perl-develpkg:rpm/almalinux/perl-Devel-Peekpkg:rpm/almalinux/perl-Devel-SelfStubberpkg:rpm/almalinux/perl-diagnosticspkg:rpm/almalinux/perl-DirHandlepkg:rpm/almalinux/perl-docpkg:rpm/almalinux/perl-Dumpvaluepkg:rpm/almalinux/perl-DynaLoaderpkg:rpm/almalinux/perl-encoding-warningspkg:rpm/almalinux/perl-Englishpkg:rpm/almalinux/perl-Errnopkg:rpm/almalinux/perl-ExtUtils-Constantpkg:rpm/almalinux/perl-ExtUtils-Embedpkg:rpm/almalinux/perl-ExtUtils-Miniperlpkg:rpm/almalinux/perl-Fcntlpkg:rpm/almalinux/perl-fieldspkg:rpm/almalinux/perl-File-Basenamepkg:rpm/almalinux/perl-FileCachepkg:rpm/almalinux/perl-File-Comparepkg:rpm/almalinux/perl-File-Copypkg:rpm/almalinux/perl-File-DosGlobpkg:rpm/almalinux/perl-File-Findpkg:rpm/almalinux/perl-FileHandlepkg:rpm/almalinux/perl-File-statpkg:rpm/almalinux/perl-filetestpkg:rpm/almalinux/perl-FindBinpkg:rpm/almalinux/perl-GDBM_Filepkg:rpm/almalinux/perl-Getopt-Stdpkg:rpm/almalinux/perl-Hash-Utilpkg:rpm/almalinux/perl-Hash-Util-FieldHashpkg:rpm/almalinux/perl-I18N-Collatepkg:rpm/almalinux/perl-I18N-Langinfopkg:rpm/almalinux/perl-I18N-LangTagspkg:rpm/almalinux/perl-ifpkg:rpm/almalinux/perl-interpreterpkg:rpm/almalinux/perl-IOpkg:rpm/almalinux/perl-IPC-Open3pkg:rpm/almalinux/perl-lesspkg:rpm/almalinux/perl-libpkg:rpm/almalinux/perl-libnetcfgpkg:rpm/almalinux/perl-libspkg:rpm/almalinux/perl-localepkg:rpm/almalinux/perl-Locale-Maketext-Simplepkg:rpm/almalinux/perl-macrospkg:rpm/almalinux/perl-Math-Complexpkg:rpm/almalinux/perl-Memoizepkg:rpm/almalinux/perl-meta-notationpkg:rpm/almalinux/perl-Module-Loadedpkg:rpm/almalinux/perl-mropkg:rpm/almalinux/perl-NDBM_Filepkg:rpm/almalinux/perl-Netpkg:rpm/almalinux/perl-NEXTpkg:rpm/almalinux/perl-ODBM_Filepkg:rpm/almalinux/perl-Opcodepkg:rpm/almalinux/perl-openpkg:rpm/almalinux/perl-overloadpkg:rpm/almalinux/perl-overloadingpkg:rpm/almalinux/perl-phpkg:rpm/almalinux/perl-Pod-Functionspkg:rpm/almalinux/perl-Pod-Htmlpkg:rpm/almalinux/perl-POSIXpkg:rpm/almalinux/perl-Safepkg:rpm/almalinux/perl-Search-Dictpkg:rpm/almalinux/perl-SelectSaverpkg:rpm/almalinux/perl-SelfLoaderpkg:rpm/almalinux/perl-sigtrappkg:rpm/almalinux/perl-sortpkg:rpm/almalinux/perl-subspkg:rpm/almalinux/perl-Symbolpkg:rpm/almalinux/perl-Sys-Hostnamepkg:rpm/almalinux/perl-Term-Completepkg:rpm/almalinux/perl-Term-ReadLinepkg:rpm/almalinux/perl-Testpkg:rpm/almalinux/perl-Text-Abbrevpkg:rpm/almalinux/perl-Threadpkg:rpm/almalinux/perl-Thread-Semaphorepkg:rpm/almalinux/perl-Tiepkg:rpm/almalinux/perl-Tie-Filepkg:rpm/almalinux/perl-Tie-Memoizepkg:rpm/almalinux/perl-Timepkg:rpm/almalinux/perl-Time-Piecepkg:rpm/almalinux/perl-Unicode-UCDpkg:rpm/almalinux/perl-User-pwentpkg:rpm/almalinux/perl-utilspkg:rpm/almalinux/perl-varspkg:rpm/almalinux/perl-vmsishpkg:rpm/opensuse/perl&distro=openSUSE%20Tumbleweedpkg:rpm/suse/perl&distro=SUSE%20Linux%20Micro%206.0pkg:rpm/suse/perl&distro=SUSE%20Linux%20Micro%206.1
< 4:5.40.2-512.1.el10_0+ 102 more
- (no CPE)range: < 4:5.40.2-512.1.el10_0
- (no CPE)range: < 1.03-512.1.el10_0
- (no CPE)range: < 5.74-512.1.el10_0
- (no CPE)range: < 5.74-512.1.el10_0
- (no CPE)range: < 1.11-512.1.el10_0
- (no CPE)range: < 1.89-512.1.el10_0
- (no CPE)range: < 2.27-512.1.el10_0
- (no CPE)range: < 1.25-512.1.el10_0
- (no CPE)range: < 1.07-512.1.el10_0
- (no CPE)range: < 0.68-512.1.el10_0
- (no CPE)range: < 0.03-512.1.el10_0
- (no CPE)range: < 0.06-512.1.el10_0
- (no CPE)range: < 1.60-512.1.el10_0
- (no CPE)range: < 0.04-512.1.el10_0
- (no CPE)range: < 4:5.40.2-512.1.el10_0
- (no CPE)range: < 1.34-512.1.el10_0
- (no CPE)range: < 1.06-512.1.el10_0
- (no CPE)range: < 1.40-512.1.el10_0
- (no CPE)range: < 1.05-512.1.el10_0
- (no CPE)range: < 5.40.2-512.1.el10_0
- (no CPE)range: < 2.27-512.1.el10_0
- (no CPE)range: < 1.56-512.1.el10_0
- (no CPE)range: < 0.14-512.1.el10_0
- (no CPE)range: < 1.11-512.1.el10_0
- (no CPE)range: < 1.38-512.1.el10_0
- (no CPE)range: < 0.25-512.1.el10_0
- (no CPE)range: < 1.35-512.1.el10_0
- (no CPE)range: < 1.14-512.1.el10_0
- (no CPE)range: < 1.18-512.1.el10_0
- (no CPE)range: < 2.27-512.1.el10_0
- (no CPE)range: < 2.86-512.1.el10_0
- (no CPE)range: < 1.10-512.1.el10_0
- (no CPE)range: < 1.100.800-512.1.el10_0
- (no CPE)range: < 2.41-512.1.el10_0
- (no CPE)range: < 1.12-512.1.el10_0
- (no CPE)range: < 1.44-512.1.el10_0
- (no CPE)range: < 2.05-512.1.el10_0
- (no CPE)range: < 1.14-512.1.el10_0
- (no CPE)range: < 1.03-512.1.el10_0
- (no CPE)range: < 1.54-512.1.el10_0
- (no CPE)range: < 1:1.24-512.1.el10_0
- (no CPE)range: < 1.14-512.1.el10_0
- (no CPE)range: < 0.32-512.1.el10_0
- (no CPE)range: < 1.27-512.1.el10_0
- (no CPE)range: < 1.02-512.1.el10_0
- (no CPE)range: < 0.24-512.1.el10_0
- (no CPE)range: < 0.45-512.1.el10_0
- (no CPE)range: < 0.61.000-512.1.el10_0
- (no CPE)range: < 4:5.40.2-512.1.el10_0
- (no CPE)range: < 1.55-512.1.el10_0
- (no CPE)range: < 1.22-512.1.el10_0
- (no CPE)range: < 0.03-512.1.el10_0
- (no CPE)range: < 0.65-512.1.el10_0
- (no CPE)range: < 4:5.40.2-512.1.el10_0
- (no CPE)range: < 4:5.40.2-512.1.el10_0
- (no CPE)range: < 1.12-512.1.el10_0
- (no CPE)range: < 1:0.21-512.1.el10_0
- (no CPE)range: < 4:5.40.2-512.1.el10_0
- (no CPE)range: < 1.62-512.1.el10_0
- (no CPE)range: < 1.16-512.1.el10_0
- (no CPE)range: < 5.40.2-512.1.el10_0
- (no CPE)range: < 1:0.08-512.1.el10_0
- (no CPE)range: < 1.29-512.1.el10_0
- (no CPE)range: < 1.17-512.1.el10_0
- (no CPE)range: < 1.04-512.1.el10_0
- (no CPE)range: < 0.69-512.1.el10_0
- (no CPE)range: < 1.18-512.1.el10_0
- (no CPE)range: < 1.65-512.1.el10_0
- (no CPE)range: < 1.13-512.1.el10_0
- (no CPE)range: < 1.37-512.1.el10_0
- (no CPE)range: < 0.02-512.1.el10_0
- (no CPE)range: < 5.40.2-512.1.el10_0
- (no CPE)range: < 1.14-512.1.el10_0
- (no CPE)range: < 1.35-512.1.el10_0
- (no CPE)range: < 2.20-512.1.el10_0
- (no CPE)range: < 2.46-512.1.el10_0
- (no CPE)range: < 1.07-512.1.el10_0
- (no CPE)range: < 1.02-512.1.el10_0
- (no CPE)range: < 1.27-512.1.el10_0
- (no CPE)range: < 1.10-512.1.el10_0
- (no CPE)range: < 2.05-512.1.el10_0
- (no CPE)range: < 1.04-512.1.el10_0
- (no CPE)range: < 1.09-512.1.el10_0
- (no CPE)range: < 1.25-512.1.el10_0
- (no CPE)range: < 1.403-512.1.el10_0
- (no CPE)range: < 1.17-512.1.el10_0
- (no CPE)range: < 1.31-512.1.el10_0
- (no CPE)range: < 1.02-512.1.el10_0
- (no CPE)range: < 3.05-512.1.el10_0
- (no CPE)range: < 2.13-512.1.el10_0
- (no CPE)range: < 4.6-512.1.el10_0
- (no CPE)range: < 1.09-512.1.el10_0
- (no CPE)range: < 1.1-512.1.el10_0
- (no CPE)range: < 1.04-512.1.el10_0
- (no CPE)range: < 1.3401-512.1.el10_0
- (no CPE)range: < 0.78-512.1.el10_0
- (no CPE)range: < 1.05-512.1.el10_0
- (no CPE)range: < 5.40.2-512.1.el10_0
- (no CPE)range: < 1.05-512.1.el10_0
- (no CPE)range: < 1.04-512.1.el10_0
- (no CPE)range: < 5.40.2-1.1
- (no CPE)range: < 5.38.2-2.1
- (no CPE)range: < 5.38.2-slfo.1.1_2.1
Patches
Vulnerability mechanics
References
3- github.com/Perl/perl5/commit/87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd.patchmitrepatch
- metacpan.org/release/SHAY/perl-5.38.4/changesmitrerelease-notes
- metacpan.org/release/SHAY/perl-5.40.2/changesmitrerelease-notes
News mentions
0No linked articles in our index yet.