Search for packages
| purl | pkg:deb/ubuntu/perl@5.22.1-9ubuntu0.3 |
| Next non-vulnerable version | 5.30.0-9ubuntu0.2 |
| Latest non-vulnerable version | 5.30.0-9ubuntu0.2 |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-9xrd-cjuq-aaar
Aliases: CVE-2018-18314 |
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. |
Affected by 4 other vulnerabilities. |
|
VCID-gxwj-pauu-aaab
Aliases: CVE-2018-12015 |
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. |
Affected by 8 other vulnerabilities. |
|
VCID-hj5k-3r77-aaah
Aliases: CVE-2016-1238 |
(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory. |
Affected by 9 other vulnerabilities. |
|
VCID-j9vg-x3e1-aaah
Aliases: CVE-2020-10543 |
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. |
Affected by 0 other vulnerabilities. |
|
VCID-nj9u-9t22-aaah
Aliases: CVE-2018-18313 |
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. |
Affected by 4 other vulnerabilities. |
|
VCID-ns93-adpj-aaap
Aliases: CVE-2020-12723 |
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. |
Affected by 0 other vulnerabilities. |
|
VCID-sk12-259u-aaaf
Aliases: CVE-2020-10878 |
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. |
Affected by 0 other vulnerabilities. |
|
VCID-t2za-x4m7-aaae
Aliases: CVE-2018-18311 |
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. |
Affected by 4 other vulnerabilities. |
|
VCID-uqwt-sjy8-aaae
Aliases: CVE-2018-18312 |
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. |
Affected by 4 other vulnerabilities. |
|
VCID-x6nw-5wtg-aaaa
Aliases: CVE-2021-36770 |
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-9zrq-ua73-aaab | An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure. |
CVE-2018-6798
|
| VCID-f25f-r3pr-aaaj | The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory. |
CVE-2016-6185
|
| VCID-feh5-kr1b-aaas | An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written. |
CVE-2018-6797
|
| VCID-uebz-3mp3-aaaj | Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. |
CVE-2017-6512
|
| VCID-y2x8-vwzs-aaaf | Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count. |
CVE-2018-6913
|
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|