
CVE-2025-40909 – Perl threads have a working directory race condition where file operations may target unintended paths
https://notcve.org/view.php?id=CVE-2025-40909
30 May 2025 — Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced ... • https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-426: Untrusted Search Path •

CVE-2024-56406 – Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes
https://notcve.org/view.php?id=CVE-2024-56406
13 Apr 2025 — A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`. $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;' Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on pl... • https://github.com/Perl/perl5/commit/87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd.patch • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVE-2023-47039 – Perl: perl for windows binary hijacking vulnerability
https://notcve.org/view.php?id=CVE-2023-47039
02 Jan 2024 — A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permis... • https://access.redhat.com/security/cve/CVE-2023-47039 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVE-2023-47100
https://notcve.org/view.php?id=CVE-2023-47100
02 Dec 2023 — In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0. En Perl anterior a 5.38.2, S_parse_uniprop_string en regcomp.c puede escribir en espacio no asignado porque un nombre de propiedad asociado con una construcción de expresión regular \p{...} está mal manejado. La primera versión afectada es la 5.30.0. • https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010 • CWE-755: Improper Handling of Exceptional Conditions •

CVE-2023-47038 – Perl: write past buffer end via illegal user-defined unicode property
https://notcve.org/view.php?id=CVE-2023-47038
27 Nov 2023 — A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer. Se encontró una vulnerabilidad en Perl. Este problema ocurre cuando Perl compila una expresión regular manipulada, lo que puede permitir que un atacante controle el desbordamiento de búfer de bytes en un búfer asignado en el almacenamiento dinámico. It was discovered that Perl incorrectly hand... • https://access.redhat.com/errata/RHSA-2024:2228 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •

CVE-2022-48522 – Ubuntu Security Notice USN-6517-1
https://notcve.org/view.php?id=CVE-2022-48522
22 Aug 2023 — In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation. En Perl 5.34.0, la función S_find_uninit_var en sv.c tiene un bloqueo basado en pila que puede conducir a la ejecución remota de código o a la escalada de privilegios locales. It was discovered that Perl incorrectly handled printing certain warning messages. An attacker could possibly use this issue to cause Perl to consume resources, leading to a denial of service... • https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345 • CWE-787: Out-of-bounds Write •

CVE-2023-31484 – perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS
https://notcve.org/view.php?id=CVE-2023-31484
28 Apr 2023 — CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. A flaw was found in Perl's CPAN, which doesn't check TLS certificates when downloading content. This happens due to `verify_SSL` missing when suing the `HTTP::Tiny` library during the connection. This may allow an attacker to inject into the network path and perform a Man-In-The-Middle attack, causing confidentiality or integrity issues. USN-6112-1 fixed vulnerabilities in Perl. • http://www.openwall.com/lists/oss-security/2023/04/29/1 • CWE-295: Improper Certificate Validation •

CVE-2023-31486 – http-tiny: insecure TLS cert default
https://notcve.org/view.php?id=CVE-2023-31486
28 Apr 2023 — HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates. A vulnerability was found in Tiny, where a Perl core module and standalone CPAN package, does not verify TLS certificates by default. Users need to explicitly enable certificate verification with the verify_SSL=>1 flag to ensure secure HTTPS connections. This oversight can potentially expose applications to man-in-the-middle (MIT... • http://www.openwall.com/lists/oss-security/2023/04/29/1 • CWE-295: Improper Certificate Validation CWE-1188: Initialization of a Resource with an Insecure Default •

CVE-2021-36770 – Gentoo Linux Security Advisory 202411-09
https://notcve.org/view.php?id=CVE-2021-36770
10 Aug 2021 — Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value. Encode.pm, distribuido en Perl versiones hasta 5.34.0, permite a usuarios loc... • https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9 • CWE-427: Uncontrolled Search Path Element •

CVE-2020-12723 – perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS
https://notcve.org/view.php?id=CVE-2020-12723
05 Jun 2020 — regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. En el archivo regcomp.c en Perl versiones anteriores a 5.30.3, permite un desbordamiento del búfer por medio de una expresión regular diseñada debido a llamadas recursivas de la función S_study_chunk ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use... • http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-185: Incorrect Regular Expression •