Debian Perl vulnerabilities

CVE-2018-6798 [HIGH] CVE-2018-6798: perl - An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dep... An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure. Scope: local bookworm: resolved (fixed in 5.26.1-6) bullseye: resolved (fixed in 5.26.1-6) forky: resolved (fixed in 5.26.1-6) sid: resolved (fixed in 5.26.1-6) trixie: resolved (fixed in

CVE-2017-12883 [CRITICAL] CVE-2017-12883: perl - Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.... Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape. Scope: local bookworm: resolved (fixed in 5.26.0-8) bullseye: resolved (f

CVE-2017-12837 [HIGH] CVE-2017-12837: perl - Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 befo... Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier. Scope: local bookworm: resolved (fixed in 5.26.0-8) bullseye: resolved (fixed in 5.26.0-8) f

CVE-2017-6512 [MEDIUM] CVE-2017-6512: perl - Race condition in the rmtree and remove_tree functions in the File-Path module b... Race condition in the rmtree and remove_tree functions in the File-Path module before 2.13 for Perl allows attackers to set the mode on arbitrary files via vectors involving directory-permission loosening logic. Scope: local bookworm: resolved (fixed in 5.24.1-3) bullseye: resolved (fixed in 5.24.1-3) forky: resolved (fixed in 5.24.1-3) sid: resolved (fixed in 5.24.1-3

CVE-2017-12814 [CRITICAL] CVE-2017-12814: perl - Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in ... Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2016-2381 [HIGH] CVE-2016-2381: perl - Perl might allow context-dependent attackers to bypass the taint protection mech... Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp. Scope: local bookworm: resolved (fixed in 5.22.1-8) bullseye: resolved (fixed in 5.22.1-8) forky: resolved (fixed in 5.22.1-8) sid: resolved (fixed in 5.22.1-8) trixie: resolved (fixed in 5.22.1-8)

CVE-2016-1238 [HIGH] CVE-2016-1238: perl - (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archi... (1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/z

CVE-2016-6185 [HIGH] CVE-2016-6185: perl - The XSLoader::load method in XSLoader in Perl does not properly locate .so files... The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory. Scope: local bookworm: resolved (fixed in 5.22.2-2) bullseye: resolved (fixed in 5.22.2-2) forky: resolved (fixed in 5.22.2-2) sid: resolved (

CVE-2015-8607 [HIGH] CVE-2015-8607: perl - The canonpath function in the File::Spec module in PathTools before 3.62, as use... The canonpath function in the File::Spec module in PathTools before 3.62, as used in Perl, does not properly preserve the taint attribute of data, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string. Scope: local bookworm: resolved (fixed in 5.22.1-4) bullseye: resolved (fixed in 5.22.1-4) forky: resolved (fixed in

CVE-2015-8853 [HIGH] CVE-2015-8853: perl - The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c ... The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80." Scope: local bookworm: resolved (fixed in 5.22.1-1) bullseye: resolved (fixed in 5.22.1-1) forky: resolved (fixed in 5.22.1-1) sid: resolved

CVE-2015-8608 [CRITICAL] CVE-2015-8608: perl - The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attack... The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2014-4330 [LOW] CVE-2014-4330: perl - The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earli... The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function. Scope: local bookworm: resolved (fixed in 5.20.1-1) bullseye: re

CVE-2013-1437 [CRITICAL] CVE-2013-1437: libmodule-metadata-perl - Eval injection vulnerability in the Module-Metadata module before 1.000015 for P... Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code via the $Version value. Scope: local bookworm: resolved (fixed in 1.000015-1) bullseye: resolved (fixed in 1.000015-1) forky: resolved (fixed in 1.000015-1) sid: resolved (fixed in 1.000015-1) trixie: resolved (

CVE-2013-7422 [HIGH] CVE-2013-7422: perl - Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before... Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression. Scope: local bookworm: resolved (fixed in 5.20.0-1) bullseye

CVE-2013-1667 [HIGH] CVE-2013-1667: perl - The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attac... The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key. Scope: local bookworm: resolved (fixed in 5.14.2-19) bullseye: resolved (fixed in 5.14.2-19) forky: resolved (fixed in 5.14.2-19) sid: resolved (fixed in 5.14.2-19) trixie: resolved (fixed in 5.14.2-19)

CVE-2012-6329 [HIGH] CVE-2012-6329: perl - The _compile function in Maketext.pm in the Locale::Maketext implementation in P... The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrat

CVE-2012-5195 [HIGH] CVE-2012-5195: perl - Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12... Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator. Scope: local bookworm: resolved (fixed in 5.14.2-14) bullseye

CVE-2012-5526 [MEDIUM] CVE-2012-5526: libcgi-pm-perl - CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-... CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm. Scope: local bookworm: resolved (fixed in 3.61-2) bullseye: resolved (fixed in 3.61-2) forky: resolved (fixed in 3.61-2) sid: resolved (fixed

CVE-2011-4116 [LOW] CVE-2011-4116: perl - _is_safe in the File::Temp module for Perl does not properly handle symlinks. _is_safe in the File::Temp module for Perl does not properly handle symlinks. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2011-2939 [MEDIUM] CVE-2011-2939: libencode-perl - Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode m... Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 2.44-1) bullseye: resolve