Perl
Source repositories
CVEs (52)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-2827 | 0.03 | — | 0.01 | Jun 23, 2008 | The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452. | |||
| CVE-2005-0155 | 0.03 | — | 0.01 | May 2, 2005 | The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable. | |||
| CVE-2005-0156 | 0.03 | — | 0.01 | Feb 7, 2005 | Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree. | |||
| CVE-2022-48522 | 0.01 | — | 0.02 | Aug 22, 2023 | In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation. | |||
| CVE-2020-10543 | 0.01 | — | 0.11 | Jun 5, 2020 | Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. | |||
| CVE-2018-18311 | 0.01 | — | 0.12 | Dec 7, 2018 | Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | |||
| CVE-2018-18313 | 0.01 | — | 0.09 | Dec 7, 2018 | Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. | |||
| CVE-2018-18312 | 0.01 | — | 0.12 | Dec 5, 2018 | Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | |||
| CVE-2012-6329 | 0.01 | — | 0.62 | Jan 4, 2013 | The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands… | |||
| CVE-2004-0377 | 0.01 | — | 0.07 | May 4, 2004 | Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character. | |||
| CVE-2024-56406 | 0.00 | — | 0.00 | Apr 13, 2025 | A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can… | |||
| CVE-2023-47039 | 0.00 | — | 0.00 | Jan 2, 2024 | A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe`… | |||
| CVE-2023-47038 | 0.00 | — | 0.01 | Dec 18, 2023 | A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer. | |||
| CVE-2020-12723 | 0.00 | — | 0.06 | Jun 5, 2020 | regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. | |||
| CVE-2020-10878 | 0.00 | — | 0.05 | Jun 5, 2020 | Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. | |||
| CVE-2018-18314 | 0.00 | — | 0.06 | Dec 7, 2018 | Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. | |||
| CVE-2013-7422 | 0.00 | — | 0.03 | Aug 16, 2015 | Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid… | |||
| CVE-2014-4330 | 0.00 | — | 0.01 | Sep 30, 2014 | The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive… | |||
| CVE-2013-1667 | 0.00 | — | 0.04 | Mar 14, 2013 | The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key. | |||
| CVE-2011-2728 | 0.00 | — | 0.01 | Dec 21, 2012 | The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference. |
- CVE-2008-2827Jun 23, 2008risk 0.03cvss —epss 0.01
The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.
- CVE-2005-0155May 2, 2005risk 0.03cvss —epss 0.01
The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.
- CVE-2005-0156Feb 7, 2005risk 0.03cvss —epss 0.01
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
- CVE-2022-48522Aug 22, 2023risk 0.01cvss —epss 0.02
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
- CVE-2020-10543Jun 5, 2020risk 0.01cvss —epss 0.11
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
- CVE-2018-18311Dec 7, 2018risk 0.01cvss —epss 0.12
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
- CVE-2018-18313Dec 7, 2018risk 0.01cvss —epss 0.09
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
- CVE-2018-18312Dec 5, 2018risk 0.01cvss —epss 0.12
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
- CVE-2012-6329Jan 4, 2013risk 0.01cvss —epss 0.62
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands…
- CVE-2004-0377May 4, 2004risk 0.01cvss —epss 0.07
Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character.
- CVE-2024-56406Apr 13, 2025risk 0.00cvss —epss 0.00
A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can…
- CVE-2023-47039Jan 2, 2024risk 0.00cvss —epss 0.00
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe`…
- CVE-2023-47038Dec 18, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
- CVE-2020-12723Jun 5, 2020risk 0.00cvss —epss 0.06
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
- CVE-2020-10878Jun 5, 2020risk 0.00cvss —epss 0.05
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
- CVE-2018-18314Dec 7, 2018risk 0.00cvss —epss 0.06
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
- CVE-2013-7422Aug 16, 2015risk 0.00cvss —epss 0.03
Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid…
- CVE-2014-4330Sep 30, 2014risk 0.00cvss —epss 0.01
The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive…
- CVE-2013-1667Mar 14, 2013risk 0.00cvss —epss 0.04
The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
- CVE-2011-2728Dec 21, 2012risk 0.00cvss —epss 0.01
The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.
Page 2 of 3