Security Advisories (2)

CVE-2026-4176 (2026-03-29)

Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compress::Raw::Zlib. Compress::Raw::Zlib is included in the Perl package as a dual-life core module, and is vulnerable to CVE-2026-3381 due to a vendored version of zlib which has several vulnerabilities, including CVE-2026-27171. The bundled Compress::Raw::Zlib was updated to version 2.221 in Perl blead commit c75ae9cc164205e1b6d6dbd57bd2c65c8593fe94.

CVE-2026-8376 (2026-05-25)

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.

https://github.com/Perl/perl5/commit/5e7f119eb2bb1181be908701f22bf7068e722f1c.patch

NAME

TAP::Parser::SourceHandler::RawTAP - Stream output from raw TAP in a scalar/array ref.

VERSION

Version 3.50

SYNOPSIS

use TAP::Parser::Source;
use TAP::Parser::SourceHandler::RawTAP;

my $source = TAP::Parser::Source->new->raw( \"1..1\nok 1\n" );
$source->assemble_meta;

my $class = 'TAP::Parser::SourceHandler::RawTAP';
my $vote  = $class->can_handle( $source );
my $iter  = $class->make_iterator( $source );

DESCRIPTION

This is a raw TAP output TAP::Parser::SourceHandler - it has 2 jobs:

1. Figure out if the TAP::Parser::Source it's given is raw TAP output ("can_handle").

2. Creates an iterator for raw TAP output ("make_iterator").

Unless you're writing a plugin or subclassing TAP::Parser, you probably won't need to use this module directly.

METHODS

Class Methods

`can_handle`

my $vote = $class->can_handle( $source );

Only votes if $source is an array, or a scalar with newlines. Casts the following votes:

0.9  if it's a scalar with '..' in it
0.7  if it's a scalar with 'ok' in it
0.3  if it's just a scalar with newlines
0.5  if it's an array

`make_iterator`

my $iterator = $class->make_iterator( $source );

Returns a new TAP::Parser::Iterator::Array for the source. $source->raw must be an array ref, or a scalar ref.

croaks on error.

SUBCLASSING

Please see "SUBCLASSING" in TAP::Parser for a subclassing overview.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

VERSION

SYNOPSIS

DESCRIPTION

METHODS

Class Methods

can_handle

make_iterator

SUBCLASSING

SEE ALSO

Module Install Instructions

Keyboard Shortcuts

`can_handle`

`make_iterator`