VYPR

rpm package

opensuse/perl&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/perl&distro=openSUSE%20Tumbleweed

Vulnerabilities (18)

  • CVE-2025-40909MedMay 30, 2025
    affected < 5.40.2-3.1fixed 5.40.2-3.1

    Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is

  • CVE-2024-56406Apr 13, 2025
    affected < 5.40.2-1.1fixed 5.40.2-1.1

    A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can

  • CVE-2023-47039Jan 2, 2024
    affected < 5.38.2-1.1fixed 5.38.2-1.1

    A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within

  • CVE-2023-47038Dec 18, 2023
    affected < 5.38.2-1.1fixed 5.38.2-1.1

    A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.

  • CVE-2020-12723Jun 5, 2020
    affected < 5.34.0-1.1fixed 5.34.0-1.1

    regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

  • CVE-2020-10878Jun 5, 2020
    affected < 5.34.0-1.1fixed 5.34.0-1.1

    Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

  • CVE-2020-10543Jun 5, 2020
    affected < 5.34.0-1.1fixed 5.34.0-1.1

    Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

  • CVE-2018-18311Dec 7, 2018
    affected < 5.34.0-1.1fixed 5.34.0-1.1

    Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

  • CVE-2018-18312Dec 5, 2018
    affected < 5.34.0-1.1fixed 5.34.0-1.1

    Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

  • CVE-2017-12814CriSep 28, 2017
    affected < 5.34.0-1.1fixed 5.34.0-1.1

    Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.

  • CVE-2017-12883CriSep 19, 2017
    affected < 5.34.0-1.1fixed 5.34.0-1.1

    Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+

  • CVE-2017-12837HigSep 19, 2017
    affected < 5.34.0-1.1fixed 5.34.0-1.1

    Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.

  • CVE-2010-4777Feb 10, 2014
    affected < 5.24.0-3.5fixed 5.24.0-3.5

    The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handl

  • CVE-2010-4411Dec 6, 2010
    affected < 5.24.0-3.5fixed 5.24.0-3.5

    Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unknown vectors. NOTE: this issue exists because of an incomplete fix for CVE-2010-2761.

  • CVE-2010-4410Dec 6, 2010
    affected < 5.24.0-3.5fixed 5.24.0-3.5

    CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters p

  • CVE-2010-2761Dec 6, 2010
    affected < 5.24.0-3.5fixed 5.24.0-3.5

    The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP respon

  • CVE-2007-5116Nov 7, 2007
    affected < 5.34.0-1.1fixed 5.34.0-1.1

    Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.

  • CVE-2005-3962Dec 1, 2005
    affected < 5.34.0-1.1fixed 5.34.0-1.1

    Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffe