VYPR

Vendor CVEs

Perl Foundation

All CVEs

128 total · sorted by risk
  • CVE-2018-6913CriApr 17, 2018
    risk 0.65cvss 9.8epss 0.11

    Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.

  • CVE-2024-55564CriDec 9, 2024
    risk 0.64cvss 9.8epss 0.00

    The POSIX::2008 package before 0.24 for Perl has a potential _execve50c env buffer overflow.

  • CVE-2018-6797CriApr 17, 2018
    risk 0.64cvss 9.8epss 0.07

    An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.

  • CVE-2008-7319CriNov 7, 2017
    risk 0.64cvss 9.8epss 0.06

    The Net::Ping::External extension through 0.15 for Perl does not properly sanitize arguments (e.g., invalid hostnames) containing shell metacharacters before use of backticks in External.pm, allowing for shell command injection and arbitrary command execution if untrusted input…

  • CVE-2017-12814CriSep 28, 2017
    risk 0.64cvss 9.8epss 0.07

    Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.

  • CVE-2017-10788CriJul 1, 2017
    risk 0.64cvss 9.8epss 0.05

    The DBD::mysql module through 4.043 for Perl allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact by triggering (1) certain error responses from a MySQL server or (2) a loss of a network connection…

  • CVE-2017-10672CriJun 29, 2017
    risk 0.64cvss 9.8epss 0.08

    Use-after-free in the XML-LibXML module through 2.0129 for Perl allows remote attackers to execute arbitrary code by controlling the arguments to a replaceChild call.

  • CVE-2015-8608CriFeb 7, 2017
    risk 0.64cvss 9.8epss 0.05

    The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.

  • CVE-2017-12883CriSep 19, 2017
    risk 0.60cvss 9.1epss 0.06

    Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid…

  • CVE-2026-50638CriJun 10, 2026
    risk 0.59cvss 9.1epss 0.00

    Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions such as dogstatsd) allow mutiple metrics,separated by newlines, to be sent per packet. Metrics::Any::Adapter::DogStatsd which extends…

  • CVE-2021-47155CriMar 18, 2024
    risk 0.59cvss 9.1epss 0.01

    The Net::IPV4Addr module 0.10 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.

  • CVE-2016-9180CriDec 22, 2016
    risk 0.59cvss 9.1epss 0.04

    perl-XML-Twig: The option to `expand_external_ents`, documented as controlling external entity expansion in XML::Twig does not work. External entities are always expanded, regardless of the option's setting.

  • CVE-2026-9698CriJun 9, 2026
    risk 0.57cvss 9.8epss 0.00

    DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an…

  • CVE-2026-10879CriJun 5, 2026
    risk 0.57cvss 9.8epss 0.00

    DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. …

  • CVE-2026-8376CriMay 26, 2026
    risk 0.57cvss 9.8epss 0.00

    Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified…

  • CVE-2026-4176CriMar 29, 2026
    risk 0.57cvss 9.8epss 0.01

    Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a…

  • CVE-2015-8949CriAug 19, 2016
    risk 0.57cvss 9.8epss 0.04

    Use-after-free vulnerability in the my_login function in DBD::mysql before 4.033_01 allows attackers to have unspecified impact by leveraging a call to mysql_errno after a failure of my_login.

  • CVE-2014-9906CriAug 19, 2016
    risk 0.57cvss 9.8epss 0.06

    Use-after-free vulnerability in DBD::mysql before 4.029 allows attackers to cause a denial of service (program crash) or possibly execute arbitrary code via vectors related to a lost server connection.

  • CVE-2026-12087CriJun 15, 2026
    risk 0.52cvss 9.1epss 0.00

    Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both…

  • CVE-2016-6185HigAug 2, 2016
    risk 0.51cvss 7.8epss 0.01

    The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.

  • CVE-2016-1238HigAug 2, 2016
    risk 0.51cvss 7.8epss 0.01

    (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10)…

  • CVE-2026-9638HigJun 12, 2026
    risk 0.49cvss 7.5epss 0.00

    Crypt::PBKDF2 versions before 0.261630 for Perl generate insecure random values for salts. These versions use the built-in rand function, which is predictable and unsuitable for cryptography.

  • CVE-2026-49941HigJun 4, 2026
    risk 0.49cvss 7.5epss 0.00

    Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the _encode method to parse addresses. If the addresses did not look like netmasks or network ranges, then they were assumed to single IP addresses and passed back to itself as a…

  • CVE-2018-12015HigJun 7, 2018
    risk 0.49cvss 7.5epss 0.08

    In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

  • CVE-2018-6798HigApr 17, 2018
    risk 0.49cvss 7.5epss 0.04

    An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.

  • CVE-2017-12837HigSep 19, 2017
    risk 0.49cvss 7.5epss 0.06

    Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.

  • CVE-2015-8978HigNov 22, 2016
    risk 0.49cvss 7.5epss 0.02

    In Soap Lite (aka the SOAP::Lite extension for Perl) 1.14 and earlier, an example attack consists of defining 10 or more XML entities, each defined as consisting of 10 of the previous entity, with the document consisting of a single instance of the largest entity, which expands…

  • CVE-2015-8853HigMay 25, 2016
    risk 0.49cvss 7.5epss 0.03

    The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."

  • CVE-2016-2381HigApr 8, 2016
    risk 0.49cvss 7.5epss 0.09

    Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

  • CVE-2015-8607HigJan 13, 2016
    risk 0.48cvss 7.3epss 0.03

    The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.

  • CVE-2026-9658HigMay 28, 2026
    risk 0.47cvss 7.3epss 0.00

    Plack::Middleware::Security::Common versions before 0.13.1 for Perl did not block header injections in request paths. The header injection rule was ineffective at blocking header injections in the request paths unless they were double-encoded, for example, GET…

  • CVE-2016-9181HigDec 22, 2016
    risk 0.46cvss 7.1epss 0.01

    perl-Image-Info: When parsing an SVG file, external entity expansion (XXE) was not disabled. An attacker could craft an SVG file which, when processed by an application using perl-Image-Info, could cause denial of service or, potentially, information disclosure.

  • CVE-2026-10725HigJun 6, 2026
    risk 0.42cvss 7.5epss 0.00

    Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory (the "HTTP/2 bomb"). The headers_decode method materialises a full…

  • CVE-2026-8829HigJun 4, 2026
    risk 0.42cvss 7.5epss 0.00

    HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities. The XS routine backing HTML::Entities::_decode_entities cached a pointer (repl) into the entity-value SV returned by hv_fetch on the entity2char hash. When the input SV was identical to a…

  • CVE-2026-8722MedJun 4, 2026
    risk 0.42cvss 6.5epss 0.00

    Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics.

  • CVE-2026-48959HigMay 27, 2026
    risk 0.42cvss 7.5epss 0.00

    IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward. fastForward() compares length $offset (the digit count of the offset, 1 to 19) against the chunk size $c instead of $offset itself, so $c shrinks from 16 KiB to 1-19…

  • CVE-2016-1246HigOct 5, 2016
    risk 0.42cvss 7.5epss 0.04

    Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.

  • CVE-2026-49942HigJun 4, 2026
    risk 0.40cvss 7.3epss 0.00

    Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could contain Unicode digits such as the Arabic-Indic One (U+0661), or non-digits, which were ignored. This could allow network masks to accept larger networks. …

  • CVE-2017-10789MedJul 1, 2017
    risk 0.39cvss 5.9epss 0.02

    The DBD::mysql module through 4.043 for Perl uses the mysql_ssl=1 setting to mean that SSL is optional (even though this setting's documentation has a "your communication with the server will be encrypted" statement), which allows man-in-the-middle attackers to spoof servers via…

  • CVE-2014-5509MedJan 8, 2018
    risk 0.36cvss 5.5epss 0.00

    clipedit in the Clipboard module for Perl allows local users to delete arbitrary files via a symlink attack on /tmp/clipedit$$.

  • CVE-1999-1386MedDec 31, 1999
    risk 0.36cvss 5.5epss 0.00

    Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.

  • CVE-2026-49940MedJun 4, 2026
    risk 0.35cvss 6.5epss 0.00

    Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One (U+0661) were accepted but not properly parsed as numbers. This could allow network masks to accept larger networks.

  • CVE-2024-55918MedDec 13, 2024
    risk 0.34cvss 5.3epss 0.01

    An issue was discovered in the Graphics::ColorNames package before 3.2.0 for Perl. There is an ambiguity between modules and filenames that can lead to HTML injection by an attacker who can create a file in the current working directory.

  • CVE-2016-1249MedFeb 17, 2017
    risk 0.32cvss 5.9epss 0.02

    The DBD::mysql module before 4.039 for Perl, when using server-side prepared statement support, allows attackers to cause a denial of service (out-of-bounds read) via vectors involving an unaligned number of placeholders in WHERE condition and output fields in SELECT expression.

  • CVE-2025-40909MedMay 30, 2025
    risk 0.31cvss 5.9epss 0.00

    Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which…

  • CVE-2015-8326MedJun 7, 2017
    risk 0.29cvss 5.5epss 0.00

    The IPTables-Parse module before 1.6 for Perl allows local users to write to arbitrary files owned by the current user.

  • CVE-2011-3597Jan 13, 2012
    risk 0.04cvss epss 0.14

    Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.

  • CVE-2011-0761May 13, 2011
    risk 0.04cvss epss 0.09

    Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir…

  • CVE-2011-1487Apr 11, 2011
    risk 0.04cvss epss 0.09

    The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass…

  • CVE-2008-3285Jul 24, 2008
    risk 0.04cvss epss 0.07

    The Filesys::SmbClientParser module 2.7 and earlier for Perl allows remote SMB servers to execute arbitrary code via a folder name containing shell metacharacters.

Page 1 of 3