Vulnerabilities > Perl > Perl > 5.22.4

DATE CVE VULNERABILITY TITLE RISK
2018-04-17 CVE-2018-6913 Out-of-bounds Write vulnerability in multiple products
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
network
low complexity
debian perl canonical CWE-787
7.5
7.5
2018-04-17 CVE-2018-6798 Out-of-bounds Read vulnerability in multiple products
An issue was discovered in Perl 5.22 through 5.26.
network
low complexity
debian perl canonical redhat CWE-125
5.0
5.0
2018-04-17 CVE-2018-6797 Out-of-bounds Write vulnerability in multiple products
An issue was discovered in Perl 5.18 through 5.26.
network
low complexity
debian perl canonical redhat CWE-787
7.5
7.5
2017-09-28 CVE-2017-12814 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Perl
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.
network
low complexity
perl microsoft CWE-119
7.5
7.5
2017-09-19 CVE-2017-12883 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Perl
Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.
network
low complexity
perl CWE-119
6.4
6.4
2017-09-19 CVE-2017-12837 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Perl
Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.
network
low complexity
perl CWE-119
5.0
5.0
2016-05-25 CVE-2015-8853 Improper Input Validation vulnerability in multiple products
The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."
network
low complexity
fedoraproject perl CWE-20
5.0
5.0
2016-04-08 CVE-2016-2381 Improper Input Validation vulnerability in multiple products
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
network
low complexity
perl debian oracle opensuse canonical CWE-20
5.0
5.0