CVE-2015-8608

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.

• https://rt.perl.org/Public/Bug/Display.html?id=126755
• https://github.com/Perl/perl5/issues/15067
• https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• https://www.oracle.com/security-alerts/cpujul2020.html

Fixed version: >=5.24.0

Severity: critical

Reported: 2017-02-07

CVE-2011-2728

The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.

• http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html
• http://www.securityfocus.com/bid/49858
• http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod
• http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77
• http://secunia.com/advisories/46172
• https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1
• https://bugzilla.redhat.com/show_bug.cgi?id=742987

Reported: 2012-12-21

CVE-2020-12723

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

• https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3
• https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod
• https://github.com/Perl/perl5/issues/16947
• https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a
• https://github.com/Perl/perl5/issues/17743
• https://security.netapp.com/advisory/ntap-20200611-0001/
• https://security.gentoo.org/glsa/202006-03
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/
• http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html
• https://www.oracle.com/security-alerts/cpuoct2020.html
• https://www.oracle.com/security-alerts/cpujan2021.html
• https://www.oracle.com/security-alerts/cpuApr2021.html
• https://www.oracle.com//security-alerts/cpujul2021.html
• https://www.oracle.com/security-alerts/cpuoct2021.html
• https://www.oracle.com/security-alerts/cpujan2022.html
• https://www.oracle.com/security-alerts/cpuapr2022.html

Fixed version: >=5.30.3

Severity: high

Reported: 2020-06-05

CVE-2020-10878

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

• https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3
• https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c
• https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8
• https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod
• https://security.netapp.com/advisory/ntap-20200611-0001/
• https://security.gentoo.org/glsa/202006-03
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/
• http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html
• https://www.oracle.com/security-alerts/cpuoct2020.html
• https://www.oracle.com/security-alerts/cpujan2021.html
• https://www.oracle.com/security-alerts/cpuApr2021.html
• https://www.oracle.com//security-alerts/cpujul2021.html
• https://www.oracle.com/security-alerts/cpuoct2021.html
• https://www.oracle.com/security-alerts/cpujan2022.html
• https://www.oracle.com/security-alerts/cpuapr2022.html

Fixed version: >=5.30.3

Severity: high

Reported: 2020-06-05

CVE-2020-10543

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

• https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3
• https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed
• https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod
• https://security.netapp.com/advisory/ntap-20200611-0001/
• https://security.gentoo.org/glsa/202006-03
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/
• http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html
• https://www.oracle.com/security-alerts/cpuoct2020.html
• https://www.oracle.com/security-alerts/cpujan2021.html
• https://www.oracle.com/security-alerts/cpuApr2021.html
• https://www.oracle.com//security-alerts/cpujul2021.html
• https://www.oracle.com/security-alerts/cpuoct2021.html
• https://www.oracle.com/security-alerts/cpujan2022.html
• https://www.oracle.com/security-alerts/cpuapr2022.html

Fixed version: >=5.30.3

Severity: high

Reported: 2020-06-05

CVE-2018-6913

Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.

• https://www.debian.org/security/2018/dsa-4172
• https://rt.perl.org/Public/Bug/Display.html?id=131844
• https://lists.debian.org/debian-lts-announce/2018/04/msg00009.html
• http://www.securitytracker.com/id/1040681
• https://usn.ubuntu.com/3625-2/
• https://usn.ubuntu.com/3625-1/
• http://www.securityfocus.com/bid/103953
• https://security.gentoo.org/glsa/201909-01
• https://www.oracle.com/security-alerts/cpujul2020.html

Fixed version: >=5.26.2

Severity: critical

Reported: 2018-04-17

CVE-2018-18314

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

• https://www.debian.org/security/2018/dsa-4347
• https://rt.perl.org/Ticket/Display.html?id=131649
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/
• https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f
• https://bugzilla.redhat.com/show_bug.cgi?id=1646751
• http://www.securitytracker.com/id/1042181
• https://usn.ubuntu.com/3834-1/
• http://www.securityfocus.com/bid/106145
• https://access.redhat.com/errata/RHSA-2019:0010
• https://access.redhat.com/errata/RHSA-2019:0001
• https://security.netapp.com/advisory/ntap-20190221-0003/
• https://security.gentoo.org/glsa/201909-01
• https://www.oracle.com/security-alerts/cpujul2020.html

Fixed version: >=5.26.3

Severity: critical

Reported: 2018-12-07

CVE-2018-18313

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

• https://www.debian.org/security/2018/dsa-4347
• https://usn.ubuntu.com/3834-2/
• https://rt.perl.org/Ticket/Display.html?id=133192
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/
• https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62
• https://bugzilla.redhat.com/show_bug.cgi?id=1646738
• http://www.securitytracker.com/id/1042181
• https://usn.ubuntu.com/3834-1/
• https://access.redhat.com/errata/RHSA-2019:0010
• https://access.redhat.com/errata/RHSA-2019:0001
• https://security.netapp.com/advisory/ntap-20190221-0003/
• https://support.apple.com/kb/HT209600
• https://seclists.org/bugtraq/2019/Mar/42
• http://seclists.org/fulldisclosure/2019/Mar/49
• https://security.gentoo.org/glsa/201909-01
• https://www.oracle.com/security-alerts/cpujul2020.html

Fixed version: >=5.26.3

Severity: critical

Reported: 2018-12-07

CVE-2018-18312

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

• https://www.debian.org/security/2018/dsa-4347
• https://rt.perl.org/Public/Bug/Display.html?id=133423
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/
• https://bugzilla.redhat.com/show_bug.cgi?id=1646734
• http://www.securitytracker.com/id/1042181
• https://usn.ubuntu.com/3834-1/
• http://www.securityfocus.com/bid/106179
• https://access.redhat.com/errata/RHSA-2019:0010
• https://access.redhat.com/errata/RHSA-2019:0001
• https://security.netapp.com/advisory/ntap-20190221-0003/
• https://security.gentoo.org/glsa/201909-01
• https://www.oracle.com/security-alerts/cpujul2020.html

Fixed version: >=5.28.1

Severity: critical

Reported: 2018-12-05

CVE-2018-18311

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

• https://www.debian.org/security/2018/dsa-4347
• https://usn.ubuntu.com/3834-2/
• https://rt.perl.org/Ticket/Display.html?id=133204
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/
• https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html
• https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be
• https://bugzilla.redhat.com/show_bug.cgi?id=1646730
• http://www.securitytracker.com/id/1042181
• https://usn.ubuntu.com/3834-1/
• http://www.securityfocus.com/bid/106145
• https://access.redhat.com/errata/RHSA-2019:0010
• https://access.redhat.com/errata/RHSA-2019:0001
• https://access.redhat.com/errata/RHSA-2019:0109
• https://security.netapp.com/advisory/ntap-20190221-0003/
• https://support.apple.com/kb/HT209600
• https://seclists.org/bugtraq/2019/Mar/42
• http://seclists.org/fulldisclosure/2019/Mar/49
• https://kc.mcafee.com/corporate/index?page=content&id=SB10278
• https://access.redhat.com/errata/RHBA-2019:0327
• https://access.redhat.com/errata/RHSA-2019:1790
• https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
• https://access.redhat.com/errata/RHSA-2019:1942
• https://access.redhat.com/errata/RHSA-2019:2400
• https://security.gentoo.org/glsa/201909-01
• https://www.oracle.com/security-alerts/cpuapr2020.html
• https://www.oracle.com/security-alerts/cpujul2020.html

Fixed version: >=5.28.1

Severity: critical

Reported: 2018-12-07

CVE-2017-12883

Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\\N{U+...}' escape.

• https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1
• https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1
• https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1
• https://bugzilla.redhat.com/show_bug.cgi?id=1492093
• http://www.securityfocus.com/bid/100852
• http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch
• https://rt.perl.org/Public/Bug/Display.html?id=131598
• http://www.debian.org/security/2017/dsa-3982
• https://security.netapp.com/advisory/ntap-20180426-0001/
• https://www.oracle.com/security-alerts/cpujul2020.html

Fixed version: >=5.26.1

Severity: critical

Reported: 2017-09-19

CVE-2017-12837

Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\\N{}' escape and the case-insensitive modifier.

• https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1
• https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1
• https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5
• https://bugzilla.redhat.com/show_bug.cgi?id=1492091
• http://www.securityfocus.com/bid/100860
• https://rt.perl.org/Public/Bug/Display.html?id=131582
• http://www.debian.org/security/2017/dsa-3982
• https://security.netapp.com/advisory/ntap-20180426-0001/
• https://www.oracle.com/security-alerts/cpujul2020.html

Fixed version: >=5.28.1

Severity: high

Reported: 2017-09-19

CVE-2015-8853

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."

• http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html
• http://www.openwall.com/lists/oss-security/2016/04/20/7
• https://bugzilla.redhat.com/show_bug.cgi?id=1329106
• https://rt.perl.org/Public/Bug/Display.html?id=123562
• http://www.openwall.com/lists/oss-security/2016/04/20/5
• http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5
• https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
• http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
• http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
• http://www.securityfocus.com/bid/86707
• https://security.gentoo.org/glsa/201701-75
• https://usn.ubuntu.com/3625-2/
• https://usn.ubuntu.com/3625-1/

Fixed version: >=5.24.0

Severity: high

Reported: 2016-05-25

CVE-2013-1667

The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.

• http://www.securityfocus.com/bid/58311
• http://perl5.git.perl.org/perl.git/commitdiff/d59e31f
• http://perl5.git.perl.org/perl.git/commitdiff/9d83adc
• http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html
• http://www.debian.org/security/2013/dsa-2641
• http://secunia.com/advisories/52499
• http://secunia.com/advisories/52472
• https://bugzilla.redhat.com/show_bug.cgi?id=912276
• http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296
• http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5
• http://osvdb.org/90892
• http://www.ubuntu.com/usn/USN-1770-1
• http://rhn.redhat.com/errata/RHSA-2013-0685.html
• http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
• http://marc.info/?l=bugtraq&m=137891988921058&w=2
• http://www.mandriva.com/security/advisories?name=MDVSA-2013:113
• https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094
• http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
• https://exchange.xforce.ibmcloud.com/vulnerabilities/82598
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771

Fixed version: >=5.26.1

Reported: 2013-03-14

CVE-2010-4777

The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.

• http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html
• https://bugzilla.redhat.com/show_bug.cgi?id=694166
• http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836
• https://rt.perl.org/Public/Bug/Display.html?id=76538
• https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html
• http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
• http://forums.ocsinventory-ng.org/viewtopic.php?id=7215

Fixed version: >5.14.0

Reported: 2014-02-10

CVE-2012-5195

Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.

• http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44
• http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html
• http://www.securityfocus.com/bid/56287
• http://www.openwall.com/lists/oss-security/2012/10/27/1
• http://secunia.com/advisories/51457
• http://www.openwall.com/lists/oss-security/2012/10/26/2
• http://www.ubuntu.com/usn/USN-1643-1
• http://www.debian.org/security/2012/dsa-2586
• http://rhn.redhat.com/errata/RHSA-2013-0685.html
• http://secunia.com/advisories/55314
• http://www.mandriva.com/security/advisories?name=MDVSA-2013:113
• https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352
• http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
• http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673

Fixed version: >=5.16.0

Reported: 2012-12-18

CVE-2016-6185

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.

• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/
• http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/
• http://www.openwall.com/lists/oss-security/2016/07/07/1
• http://www.openwall.com/lists/oss-security/2016/07/08/5
• https://rt.cpan.org/Public/Bug/Display.html?id=115808
• http://www.debian.org/security/2016/dsa-3628
• http://www.securitytracker.com/id/1036260
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/
• http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
• http://www.securityfocus.com/bid/91685
• https://security.gentoo.org/glsa/201701-75
• https://usn.ubuntu.com/3625-2/
• https://usn.ubuntu.com/3625-1/

Fixed version: >=5.25.2

Severity: high

Reported: 2016-08-02

CVE-2013-7422

Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.

• http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
• https://support.apple.com/kb/HT205031
• http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06
• http://www.securityfocus.com/bid/75704
• http://www.ubuntu.com/usn/USN-2916-1
• https://security.gentoo.org/glsa/201507-11

Reported: 2015-08-16

CVE-2015-8608

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.

• https://rt.perl.org/Public/Bug/Display.html?id=126755
• https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html
• http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html
• https://www.oracle.com/security-alerts/cpujul2020.html

Fixed version: >=5.22.2

Severity: critical

Reported: 2017-02-07