Search for packages
| purl | pkg:deb/ubuntu/perl@5.18.1-4build1 |
| Next non-vulnerable version | 5.30.0-9ubuntu0.2 |
| Latest non-vulnerable version | 5.30.0-9ubuntu0.2 |
| Risk | 4.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-7w1f-hvwz-aaad
Aliases: CVE-2013-7422 |
Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression. |
Affected by 18 other vulnerabilities. |
|
VCID-9xrd-cjuq-aaar
Aliases: CVE-2018-18314 |
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations. |
Affected by 16 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-9zrq-ua73-aaab
Aliases: CVE-2018-6798 |
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure. |
Affected by 10 other vulnerabilities. |
|
VCID-epzc-jbyc-aaaj
Aliases: CVE-2016-2381 |
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. |
Affected by 18 other vulnerabilities. Affected by 18 other vulnerabilities. |
|
VCID-f25f-r3pr-aaaj
Aliases: CVE-2016-6185 |
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory. |
Affected by 15 other vulnerabilities. Affected by 10 other vulnerabilities. |
|
VCID-feh5-kr1b-aaas
Aliases: CVE-2018-6797 |
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written. |
Affected by 10 other vulnerabilities. |
|
VCID-gm28-pvhz-aaap
Aliases: CVE-2015-8607 |
The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. |
Affected by 21 other vulnerabilities. |
|
VCID-gxwj-pauu-aaab
Aliases: CVE-2018-12015 |
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. |
Affected by 16 other vulnerabilities. Affected by 8 other vulnerabilities. |
|
VCID-hj5k-3r77-aaah
Aliases: CVE-2016-1238 |
(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory. |
Affected by 9 other vulnerabilities. |
|
VCID-j9vg-x3e1-aaah
Aliases: CVE-2020-10543 |
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. |
Affected by 0 other vulnerabilities. |
|
VCID-jzw2-ex7e-aaar
Aliases: CVE-2015-8853 |
The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80." |
Affected by 15 other vulnerabilities. Affected by 17 other vulnerabilities. |
|
VCID-nj9u-9t22-aaah
Aliases: CVE-2018-18313 |
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. |
Affected by 17 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-ns93-adpj-aaap
Aliases: CVE-2020-12723 |
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. |
Affected by 0 other vulnerabilities. |
|
VCID-qyke-2pcv-aaac
Aliases: CVE-2017-12837 |
Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier. |
Affected by 17 other vulnerabilities. Affected by 15 other vulnerabilities. |
|
VCID-sk12-259u-aaaf
Aliases: CVE-2020-10878 |
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. |
Affected by 0 other vulnerabilities. |
|
VCID-t2za-x4m7-aaae
Aliases: CVE-2018-18311 |
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. |
Affected by 17 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-tzz4-cwn6-aaab
Aliases: CVE-2014-4330 |
The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function. |
Affected by 18 other vulnerabilities. |
|
VCID-uebz-3mp3-aaaj
Aliases: CVE-2017-6512 |
Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. |
Affected by 15 other vulnerabilities. Affected by 10 other vulnerabilities. |
|
VCID-uqwt-sjy8-aaae
Aliases: CVE-2018-18312 |
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. |
Affected by 16 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-x6nw-5wtg-aaaa
Aliases: CVE-2021-36770 |
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value. |
Affected by 0 other vulnerabilities. |
|
VCID-y2x8-vwzs-aaaf
Aliases: CVE-2018-6913 |
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count. |
Affected by 15 other vulnerabilities. Affected by 10 other vulnerabilities. |
|
VCID-zvnn-5q6n-aaaj
Aliases: CVE-2017-12883 |
Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape. |
Affected by 17 other vulnerabilities. Affected by 15 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|