VYPR

rpm package

almalinux/perl-Class-Struct

pkg:rpm/almalinux/perl-Class-Struct

Vulnerabilities (5)

  • CVE-2026-48962HigMay 27, 2026
    affected < 0.66-474.module_el8.10.0+4162+0aac7c4cfixed 0.66-474.module_el8.10.0+4162+0aac7c4c

    IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob. _parseOutputGlob() wraps the caller-supplied output glob string in double quotes and stores it in the parser state; _getFiles() then runs the stored

  • CVE-2026-42496CriMay 26, 2026
    affected < 0.66-474.module_el8.10.0+4162+0aac7c4cfixed 0.66-474.module_el8.10.0+4162+0aac7c4c

    Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode

  • CVE-2025-40909MedMay 30, 2025
    affected < 0.66-474.module_el8.10.0+4162+0aac7c4cfixed 0.66-474.module_el8.10.0+4162+0aac7c4c

    Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is

  • CVE-2024-56406Apr 13, 2025
    affected < 0.68-512.1.el10_0fixed 0.68-512.1.el10_0

    A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can

  • CVE-2023-47038Dec 18, 2023
    affected < 0.66-481.el9fixed 0.66-481.el9

    A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.