Security Advisories (2)

CVE-2024-56406 (2025-04-13)

A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`. $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;' Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.

CVE-2025-40909 (2025-05-30)

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6

NAME

ptargrep - Apply pattern matching to the contents of files in a tar archive

SYNOPSIS

ptargrep [options] <pattern> <tar file> ...

Options:

 --basename|-b     ignore directory paths from archive
 --ignore-case|-i  do case-insensitive pattern matching
 --list-only|-l    list matching filenames rather than extracting matches
 --verbose|-v      write debugging message to STDERR
 --help|-?         detailed help message

DESCRIPTION

This utility allows you to apply pattern matching to the contents of files contained in a tar archive. You might use this to identify all files in an archive which contain lines matching the specified pattern and either print out the pathnames or extract the files.

The pattern will be used as a Perl regular expression (as opposed to a simple grep regex).

Multiple tar archive filenames can be specified - they will each be processed in turn.

OPTIONS

--basename (alias -b): When matching files are extracted, ignore the directory path from the archive and write to the current directory using the basename of the file from the archive. Beware: if two matching files in the archive have the same basename, the second file extracted will overwrite the first.
--ignore-case (alias -i): Make pattern matching case-insensitive.
--list-only (alias -l): Print the pathname of each matching file from the archive to STDOUT. Without this option, the default behaviour is to extract each matching file.
--verbose (alias -v): Log debugging info to STDERR.
--help (alias -?): Display this documentation.

COPYRIGHT

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

To install less, copy and paste the appropriate command in to your terminal.

cpanm

cpanm less

CPAN shell

perl -MCPAN -e shell
install less

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

SYNOPSIS

DESCRIPTION

OPTIONS

COPYRIGHT

Module Install Instructions

Keyboard Shortcuts