National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product: cpe:/a:perl:perl
There are 42 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2018-18314

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

Published: December 07, 2018; 04:29:00 PM -05:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-18313

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

Published: December 07, 2018; 04:29:00 PM -05:00
V3.0: 9.1 CRITICAL
    V2: 6.4 MEDIUM
CVE-2018-18311

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

Published: December 07, 2018; 04:29:00 PM -05:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-18312

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

Published: December 05, 2018; 05:29:00 PM -05:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-12015

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

Published: June 07, 2018; 09:29:00 AM -04:00
V3.0: 7.5 HIGH
    V2: 6.4 MEDIUM
CVE-2018-6913

Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.

Published: April 17, 2018; 04:29:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-6798

An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.

Published: April 17, 2018; 04:29:00 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2018-6797

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.

Published: April 17, 2018; 04:29:00 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2017-12814

Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.

Published: September 27, 2017; 09:29:01 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2017-12883

Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.

Published: September 19, 2017; 02:29:00 PM -04:00
V3.0: 9.1 CRITICAL
    V2: 6.4 MEDIUM
CVE-2017-12837

Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.

Published: September 19, 2017; 02:29:00 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2015-8608

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.

Published: February 07, 2017; 10:59:00 AM -05:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2016-1246

Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.

Published: October 05, 2016; 12:59:00 PM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2016-6185

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.

Published: August 02, 2016; 10:59:02 AM -04:00
V3.0: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2016-1238

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

Published: August 02, 2016; 10:59:00 AM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2015-8853

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."

Published: May 25, 2016; 11:59:01 AM -04:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2016-2381

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

Published: April 08, 2016; 11:59:05 AM -04:00
V3.0: 6.5 MEDIUM
    V2: 5.0 MEDIUM
CVE-2013-7422

Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.

Published: August 16, 2015; 07:59:00 PM -04:00
    V2: 7.5 HIGH
CVE-2014-4330

The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.

Published: September 30, 2014; 12:55:06 PM -04:00
    V2: 2.1 LOW
CVE-2010-4777

The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.

Published: February 10, 2014; 01:15:08 PM -05:00
    V2: 4.3 MEDIUM