/ 
perl5.004
River stage five • 12010 direct dependents • 33600 total dependents
Security Advisories (29)
CVE-2011-2728 (2012-12-21)

The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.

CVE-2020-12723 (2020-06-05)

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

CVE-2020-10878 (2020-06-05)

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

CVE-2020-10543 (2020-06-05)

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

CVE-2018-6913 (2018-04-17)

Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.

CVE-2018-18314 (2018-12-07)

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-18313 (2018-12-07)

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

CVE-2018-18312 (2018-12-05)

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-18311 (2018-12-07)

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2015-8853 (2016-05-25)

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."

CVE-2013-1667 (2013-03-14)

The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.

CVE-2010-4777 (2014-02-10)

The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.

CVE-2010-1158 (2010-04-20)

Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.

CVE-2009-3626 (2009-10-29)

Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.

CVE-2008-1927 (2008-04-24)

Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.

CVE-2005-3962 (2005-12-01)

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

CVE-2007-5116 (2007-11-07)

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.

CVE-2012-5195 (2012-12-18)

Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.

CVE-2016-2381 (2016-04-08)

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

CVE-2013-7422 (2015-08-16)

Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.

CVE-2011-1487 (2011-04-11)

The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.

CVE-1999-1386 (1999-12-31)

Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.

CVE-2023-47039 (2023-10-30)

Perl for Windows relies on the system path environment variable to find the shell (cmd.exe). When running an executable which uses Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. An attacker with limited privileges can exploit this behavior by placing cmd.exe in locations with weak permissions, such as C:\ProgramData. By doing so, when an administrator attempts to use this executable from these compromised locations, arbitrary code can be executed.

CVE-2023-47100

In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.

CVE-2024-56406 (2025-04-13)

A heap buffer overflow vulnerability was discovered in Perl. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.    $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;'    Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.

CVE-1999-0462 (1999-03-17)

suidperl in Linux Perl does not check the nosuid mount option on file systems, allowing local users to gain root access by placing a setuid script in a mountable file system, e.g. a CD-ROM or floppy disk.

CVE-2000-0703 (2000-10-20)

suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.

CVE-2016-1238 (2016-08-02)

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

CVE-2015-8608 (2017-02-07)

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.

Documentation

Install
Pumpkin
Notes on handling the Perl Patch Pumpkin
Config
access Perl configuration information
installhtml
converts a collection of POD pages to HTML format.
xsubpp
compiler to convert Perl XS code into C code
perlplan9
Plan 9-specific documentation for Perl
perl
Practical Extraction and Report Language
perlapio
perl's IO abstraction interface.
perlbook
Perl book information
perlbot
Bag'o Object Tricks (the BOT)
perlcall
Perl calling conventions from C
perldata
Perl data types
perldebug
Perl debugging
perldelta
what's new for perl5.004
perldiag
various Perl diagnostics
perldsc
Perl Data Structures Cookbook
perlembed
how to embed perl in your C program
perlfaq
frequently asked questions about Perl ($Date: 1997/04/24 22:46:06 $)
perlfaq1
General Questions About Perl ($Revision: 1.12 $, $Date: 1997/04/24 22:43:34 $)
perlfaq2
Obtaining and Learning about Perl ($Revision: 1.16 $, $Date: 1997/04/23 18:04:09 $)
perlfaq3
Programming Tools ($Revision: 1.22 $, $Date: 1997/04/24 22:43:42 $)
perlfaq4
Data Manipulation ($Revision: 1.19 $, $Date: 1997/04/24 22:43:57 $)
perlfaq5
Files and Formats ($Revision: 1.22 $, $Date: 1997/04/24 22:44:02 $)
perlfaq6
Regexps ($Revision: 1.17 $, $Date: 1997/04/24 22:44:10 $)
perlfaq7
Perl Language Issues ($Revision: 1.18 $, $Date: 1997/04/24 22:44:14 $)
perlfaq8
System Interaction ($Revision: 1.21 $, $Date: 1997/04/24 22:44:19 $)
perlfaq9
Networking ($Revision: 1.16 $, $Date: 1997/04/23 18:12:06 $)
perlform
Perl formats
perlfunc
Perl builtin functions
perlguts
Perl's Internal Functions
perlipc
Perl interprocess communication (signals, fifos, pipes, safe subprocesses, sockets, and semaphores)
perllocale
Perl locale handling (internationalization and localization)
perlLoL
Manipulating Lists of Lists in Perl
perlmod
Perl modules (packages and symbol tables)
perlmodlib
constructing new Perl modules and finding existing ones
perlobj
Perl objects
perlop
Perl operators and precedence
perlpod
plain old documentation
perlre
Perl regular expressions
perlref
Perl references and nested data structures
perlrun
how to execute the Perl interpreter
perlsec
Perl security
perlstyle
Perl style guide
perlsub
Perl subroutines
perlsyn
Perl syntax
perltie
how to hide an object class in a simple variable
perltoc
perl documentation table of contents
perltoot
Tom's object-oriented tutorial for perl
perltrap
Perl traps for the unwary
perlvar
Perl predefined variables
perlxs
XS language reference manual
perlXStut
Tutorial for XSUBs
pod2html
convert .pod files to .html files
pod2man
translate embedded Perl pod directives into man pages
h2ph
convert .h C header files to .ph Perl header files
h2xs
convert .h C header files to Perl extensions
perlbug
how to submit bug reports on Perl
perldoc
Look up Perl documentation in pod format.
pl2pm
Rough tool to translate Perl4 .pl files to Perl5 .pm modules.
perlvms
VMS-specific documentation for Perl
a2p
Awk to Perl translator
s2p
Sed to Perl translator

Modules

DB_File
Perl5 access to Berkeley DB
DynaLoader
Dynamically load C libraries into Perl code
Fcntl
load the C Fcntl.h defines
GDBM_File
Perl5 access to the gdbm library.
IO
load various IO modules
IO::File
supply object methods for filehandles
IO::Handle
supply object methods for I/O handles
IO::Pipe
supply object methods for pipes
IO::Seekable
supply seek based methods for I/O objects
IO::Select
OO interface to the select system call
IO::Socket
Object interface to socket communications
NDBM_File
Tied access to ndbm files
ODBM_File
Tied access to odbm files
Opcode
Disable named opcodes when compiling perl code
Safe
Compile and execute code in restricted compartments
ops
Perl pragma to restrict unsafe operations when compiling
POSIX
Perl interface to IEEE Std 1003.1
SDBM_File
Tied access to sdbm files
AnyDBM_File
provide framework for multiple DBMs
AutoLoader
load subroutines only on demand
AutoSplit
split a package for autoloading
Benchmark
benchmark running times of code
Bundle::CPAN
A bundle to play with all the other modules on CPAN
CGI
Simple Common Gateway Interface Class
CGI::Apache
Make things work with CGI.pm against Perl-Apache API
CGI::Carp
CGI routines for writing to the HTTPD (or other) error log
CGI::Fast
CGI Interface for Fast CGI
CGI::Push
Simple Interface to Server Push
CGI::Switch
Try more than one constructors and return the first object available
CPAN
query, download and build perl modules from CPAN sites
CPAN::FirstTime
Utility for CPAN::Config file Initialization
CPAN::Nox
Wrapper around CPAN.pm without using any XS module
Carp
warn of errors (from perspective of caller)
Class::Struct
declare struct-like datatypes as Perl classes
Cwd
get pathname of current working directory
Devel::SelfStubber
generate stubs for a SelfLoading module
DirHandle
supply object methods for directory handles
English
use nice English (or awk) names for ugly punctuation variables
Env
perl module that imports environment variables
Exporter
Implements default import method for modules
ExtUtils::Command
utilities to replace common UNIX commands in Makefiles etc.
ExtUtils::Embed
Utilities for embedding Perl in C/C++ applications
ExtUtils::Install
install files from here to there
ExtUtils::Liblist
determine libraries to use and how to use them
ExtUtils::MM_OS2
methods to override UN*X behaviour in ExtUtils::MakeMaker
ExtUtils::MM_Unix
methods used by ExtUtils::MakeMaker
ExtUtils::MM_VMS
methods to override UN*X behaviour in ExtUtils::MakeMaker
ExtUtils::MM_Win32
methods to override UN*X behaviour in ExtUtils::MakeMaker
ExtUtils::MakeMaker
create an extension Makefile
ExtUtils::Manifest
utilities to write and check a MANIFEST file
ExtUtils::Mkbootstrap
make a bootstrap file for use by DynaLoader
ExtUtils::Mksymlists
write linker options files for dynamic extension
ExtUtils::testlib
add blib/* directories to @INC
File::Basename
split a pathname into pieces
File::CheckTree
run many filetest checks on a tree
File::Compare
Compare files or filehandles
File::Copy
Copy files or filehandles
File::Find
traverse a file tree
File::Path
create or remove a series of directories
File::stat
by-name interface to Perl's built-in stat() functions
FileCache
keep more files open than the system permits
FileHandle
supply object methods for filehandles
FindBin
Locate directory of original perl script
Getopt::Long
extended processing of command line options
Getopt::Std
Process single-character switches with switch clustering
I18N::Collate
compare 8-bit scalar data according to the current locale
Math::BigFloat
Arbitrary length float math package
Math::BigInt
Arbitrary size integer math package
Math::Complex
complex numbers and associated mathematical functions
Math::Trig
trigonometric functions
Net::Ping
check a remote host for reachability
Net::hostent
by-name interface to Perl's built-in gethost*() functions
Net::netent
by-name interface to Perl's built-in getnet*() functions
Net::protoent
by-name interface to Perl's built-in getproto*() functions
Net::servent
by-name interface to Perl's built-in getserv*() functions
Pod::Html
module to convert pod files to HTML
Pod::Text
convert POD data to formatted ASCII text
SelectSaver
save and restore selected file handle
SelfLoader
load functions only on demand
Shell
run shell commands transparently within perl
Symbol
manipulate Perl symbols and their names
Sys::Hostname
Try every conceivable way to get hostname
Term::Cap
Perl termcap interface
Term::Complete
Perl word completion module
Term::ReadLine
Perl interface to various readline packages. If no real package is found, substitutes stubs instead of basic functions.
Test::Harness
run perl standard test scripts with statistics
Text::Abbrev
create an abbreviation table from a list
Text::ParseWords
parse text into an array of tokens
Text::Soundex
Implementation of the Soundex Algorithm as Described by Knuth
Text::Tabs
expand and unexpand tabs per the unix expand(1) and unexpand(1)
Text::Wrap
line wrapping to form simple paragraphs
Tie::RefHash
use references as hash keys
Tie::SubstrHash
Fixed-table-size, fixed-key-length hashing
Time::Local
efficiently compute time from local and GMT time
Time::gmtime
by-name interface to Perl's built-in gmtime() function
Time::localtime
by-name interface to Perl's built-in localtime() function
Time::tm
internal object used by Time::gmtime and Time::localtime
UNIVERSAL
base class for ALL classes (blessed references)
User::grent
by-name interface to Perl's built-in getgr*() functions
User::pwent
by-name interface to Perl's built-in getpw*() functions
autouse
postpone load of modules until a function is used
blib
Use MakeMaker's uninstalled version of a package
constant
Perl pragma to declare constants
diagnostics
Perl compiler pragma to force verbose warning diagnostics
integer
Perl pragma to compute arithmetic in integer instead of double
less
perl pragma to request less of something from the compiler
lib
manipulate @INC at compile time
locale
Perl pragma to use and avoid POSIX locales for built-in operations
overload
Package for overloading perl operations
sigtrap
Perl pragma to enable simple signal handling
strict
Perl pragma to restrict unsafe constructs
subs
Perl pragma to predeclare sub names
vars
Perl pragma to predeclare global variable names
OS2::ExtAttr
Perl access to extended attributes.
OS2::PrfDB
Perl extension for access to OS/2 setting database.
OS2::Process
exports constants for system() call on OS2.
OS2::REXX
access to DLLs with REXX calling convention and REXX runtime.
VMS::DCLsym
Perl extension to manipulate DCL symbols
VMS::Filespec
convert between VMS and Unix file specification syntax
VMS::Stdio
ExtUtils::XSSymSet
keep sets of symbol names palatable to the VMS linker
vmsish
Perl pragma to control VMS-specific language features

Provides

CGI::Apache::MultipartBuffer
in lib/CGI/Apache.pm
CPAN::Author
in lib/CPAN.pm
CPAN::Bundle
in lib/CPAN.pm
CPAN::CacheMgr
in lib/CPAN.pm
CPAN::Complete
in lib/CPAN.pm
CPAN::Config
in lib/CPAN.pm
CPAN::Debug
in lib/CPAN.pm
CPAN::Distribution
in lib/CPAN.pm
CPAN::Eval
in lib/CPAN.pm
CPAN::FTP
in lib/CPAN.pm
CPAN::FTP::netrc
in lib/CPAN.pm
CPAN::Index
in lib/CPAN.pm
CPAN::InfoObj
in lib/CPAN.pm
CPAN::Mirrored::By
in lib/CPAN/FirstTime.pm
CPAN::Module
in lib/CPAN.pm
CPAN::Shell
in lib/CPAN.pm
Class::Struct::Tie_ISA
in lib/Class/Struct.pm
DB_File::BTREEINFO
in ext/DB_File/DB_File.pm
DB_File::HASHINFO
in ext/DB_File/DB_File.pm
DB_File::RECNOINFO
in ext/DB_File/DB_File.pm
DynaLoader
in lib/ExtUtils/Mkbootstrap.pm
ExtUtils::Install::Warn
in lib/ExtUtils/Install.pm
ExtUtils::Liblist
in lib/ExtUtils/MakeMaker.pm
IO::Pipe::End
in ext/IO/lib/IO/Pipe.pm
IO::Socket::INET
in ext/IO/lib/IO/Socket.pm
IO::Socket::UNIX
in ext/IO/lib/IO/Socket.pm
IPC::Open2
in lib/IPC/Open2.pm
IPC::Open3
in lib/IPC/Open3.pm
MM
in lib/ExtUtils/MakeMaker.pm
MY
in lib/ExtUtils/MakeMaker.pm
MultipartBuffer
in lib/CGI.pm
OS2::PrfDB::Hini
in os2/OS2/PrfDB/PrfDB.pm
OS2::PrfDB::Sub
in os2/OS2/PrfDB/PrfDB.pm
OS2::REXX::_ARRAY
in os2/OS2/REXX/REXX.pm
OS2::REXX::_HASH
in os2/OS2/REXX/REXX.pm
OS2::REXX::_SCALAR
in os2/OS2/REXX/REXX.pm
POSIX::SigAction
in ext/POSIX/POSIX.pm
Pod::Functions
in lib/Pod/Functions.pm
Search::Dict
in lib/Search/Dict.pm
Socket
in ext/Socket/Socket.pm
Sys::Syslog
in lib/Sys/Syslog.pm
TempFile
in lib/CGI.pm
Term::ReadLine::Stub
in lib/Term/ReadLine.pm
Term::ReadLine::TermCap
in lib/Term/ReadLine.pm
Term::ReadLine::Tk
in lib/Term/ReadLine.pm
Tie::Hash
in lib/Tie/Hash.pm
Tie::Scalar
in lib/Tie/Scalar.pm
Tie::StdHash
in lib/Tie/Hash.pm
Tie::StdScalar
in lib/Tie/Scalar.pm
VMS::stdio
in vms/ext/Stdio/Stdio.pm

Examples

Other files