VYPR

Perl

by Perl Foundation

Source repositories

CVEs (52)

  • CVE-2008-2827Jun 23, 2008
    risk 0.03cvss epss 0.01

    The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.

  • CVE-2005-0155May 2, 2005
    risk 0.03cvss epss 0.01

    The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.

  • CVE-2005-0156Feb 7, 2005
    risk 0.03cvss epss 0.01

    Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

  • CVE-2022-48522Aug 22, 2023
    risk 0.01cvss epss 0.02

    In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.

  • CVE-2020-10543Jun 5, 2020
    risk 0.01cvss epss 0.11

    Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

  • CVE-2018-18311Dec 7, 2018
    risk 0.01cvss epss 0.12

    Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

  • CVE-2018-18313Dec 7, 2018
    risk 0.01cvss epss 0.09

    Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

  • CVE-2018-18312Dec 5, 2018
    risk 0.01cvss epss 0.12

    Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

  • CVE-2012-6329Jan 4, 2013
    risk 0.01cvss epss 0.62

    The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands…

  • CVE-2004-0377May 4, 2004
    risk 0.01cvss epss 0.07

    Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character.

  • CVE-2024-56406Apr 13, 2025
    risk 0.00cvss epss 0.00

    A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can…

  • CVE-2023-47039Jan 2, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe`…

  • CVE-2023-47038Dec 18, 2023
    risk 0.00cvss epss 0.01

    A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.

  • CVE-2020-12723Jun 5, 2020
    risk 0.00cvss epss 0.06

    regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

  • CVE-2020-10878Jun 5, 2020
    risk 0.00cvss epss 0.05

    Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

  • CVE-2018-18314Dec 7, 2018
    risk 0.00cvss epss 0.06

    Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

  • CVE-2013-7422Aug 16, 2015
    risk 0.00cvss epss 0.03

    Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid…

  • CVE-2014-4330Sep 30, 2014
    risk 0.00cvss epss 0.01

    The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive…

  • CVE-2013-1667Mar 14, 2013
    risk 0.00cvss epss 0.04

    The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.

  • CVE-2011-2728Dec 21, 2012
    risk 0.00cvss epss 0.01

    The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.