Security Advisories (1)

CVE-2026-8376 (2026-05-25)

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.

https://github.com/Perl/perl5/commit/5e7f119eb2bb1181be908701f22bf7068e722f1c.patch

NAME

pod/buildtoc - Generate table of contents

DESCRIPTION

This program generates a table of contents for the documentation included in the Perl core distribution. This table of contents takes two forms:

1 pod/perltoc.pod: A file in Perl's Plain Old Documentation (POD) format found in the pod/ directory in the core distribution. Once Perl is installed, this file becomes accessible system-wide via perldoc perltoc.
2 pod/roffitall: A shell script originally written by Tom Christiansen and Raphael Manfredi, also found in the pod/ directory, which can be used to translate Perl documentation into man pages.

USAGE

This program will typically not need to be called directly by a user. Rather, it is one of the last commands invoked during make test_prep:

./perl -Ilib -I. -f pod/buildtoc -q

The only command-line switch is -q|--quiet, which quiets some non-critical warnings.

Diagnosing Problems

This program requires Porting/pod_lib.pl and makes use of several subroutines found in that file: get_pod_metadata() and pods_to_install() in particular. Consequently, any warnings or exceptions you see when this program is running may be being passed through from those subroutines. You may have to (a) examine those subroutines and/or (b) run that program from the command-line to fully understand what is causing such warnings or exceptions.

AUTHORS and MAINTENANCE

This program was introduced into the Perl 5 core distribution by Andy Dougherty, based on earlier work by Tom Christiansen. It is maintained by the Perl 5 Porters.

To install less, copy and paste the appropriate command in to your terminal.

cpanm

cpanm less

CPAN shell

perl -MCPAN -e shell
install less

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

DESCRIPTION

USAGE

Diagnosing Problems

AUTHORS and MAINTENANCE

Module Install Instructions

Keyboard Shortcuts