Search for packages
| purl | pkg:deb/ubuntu/perl@5.26.2-4 |
| Next non-vulnerable version | 5.30.0-9ubuntu0.2 |
| Latest non-vulnerable version | 5.30.0-9ubuntu0.2 |
| Risk | 4.0 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-j9vg-x3e1-aaah
Aliases: CVE-2020-10543 |
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. |
Affected by 0 other vulnerabilities. |
|
VCID-ns93-adpj-aaap
Aliases: CVE-2020-12723 |
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. |
Affected by 0 other vulnerabilities. |
|
VCID-sk12-259u-aaaf
Aliases: CVE-2020-10878 |
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. |
Affected by 0 other vulnerabilities. |
|
VCID-x6nw-5wtg-aaaa
Aliases: CVE-2021-36770 |
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|