Security Advisories (1)

CVE-2026-8376 (2026-05-25)

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.

https://github.com/Perl/perl5/commit/5e7f119eb2bb1181be908701f22bf7068e722f1c.patch

NAME

PerlIO::encoding - encoding layer

SYNOPSIS

use PerlIO::encoding;

open($f, "<:encoding(foo)", "infoo");
open($f, ">:encoding(bar)", "outbar");

use Encode qw(:fallbacks);
$PerlIO::encoding::fallback = FB_PERLQQ;

DESCRIPTION

This PerlIO layer opens a filehandle with a transparent encoding filter.

On input, it converts the bytes expected to be in the specified character set and encoding to Perl string data (Unicode and Perl's internal Unicode encoding, UTF-8). On output, it converts Perl string data into the specified character set and encoding.

When the layer is pushed, the current value of $PerlIO::encoding::fallback is saved and used as the CHECK argument when calling the Encode methods encode() and decode().

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

SYNOPSIS

DESCRIPTION

SEE ALSO

Module Install Instructions

Keyboard Shortcuts