High severity7.5NVD Advisory· Published Jun 4, 2026· Updated Jun 8, 2026
CVE-2026-8829
CVE-2026-8829
Description
HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities.
The XS routine backing HTML::Entities::_decode_entities cached a pointer (repl) into the entity-value SV returned by hv_fetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and that value contained its own key as an entity reference, a later call to grow_gap() reallocated the SV's PV buffer and freed the backing allocation that repl still pointed into. The subsequent copy loop read repl_len bytes from the freed allocation.
The read may disclose adjacent heap contents into the destination SV.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7(expand)+ 1 more
- (no CPE)
- (no CPE)range: <3.84
- Range: <3.84
- osv-coords3 versionspkg:rpm/opensuse/perl-HTML-Parser&distro=openSUSE%20Tumbleweedpkg:rpm/suse/perl-HTML-Parser&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/perl-HTML-Parser&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0
< 3.850.0-1.1+ 2 more
- (no CPE)range: < 3.850.0-1.1
- (no CPE)range: < 3.830.0-160000.3.1
- (no CPE)range: < 3.830.0-160000.3.1
Patches
Vulnerability mechanics
References
3- github.com/libwww-perl/HTML-Parser/commit/6922552b0778c90a9587a3894e248be4d3a25e1c.patchnvdPatch
- github.com/libwww-perl/HTML-Parser/pull/56nvdIssue TrackingPatch
- www.openwall.com/lists/oss-security/2026/06/04/2nvdMailing ListThird Party Advisory
News mentions
0No linked articles in our index yet.