/ 
perl-5.12.5
⭐ Starred 2013
/ perldoc
Security Advisories (21)
CVE-2011-2728 (2012-12-21)

The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.

CVE-2020-12723 (2020-06-05)

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

CVE-2020-10878 (2020-06-05)

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

CVE-2020-10543 (2020-06-05)

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

CVE-2018-6913 (2018-04-17)

Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.

CVE-2018-18314 (2018-12-07)

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-18313 (2018-12-07)

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

CVE-2018-18312 (2018-12-05)

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-18311 (2018-12-07)

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2015-8853 (2016-05-25)

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."

CVE-2013-1667 (2013-03-14)

The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.

CVE-2010-4777 (2014-02-10)

The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.

CVE-2012-5195 (2012-12-18)

Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.

CVE-2016-2381 (2016-04-08)

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

CVE-2013-7422 (2015-08-16)

Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.

CVE-2011-1487 (2011-04-11)

The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.

CVE-2023-47100

In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.

CVE-2024-56406 (2025-04-13)

A heap buffer overflow vulnerability was discovered in Perl. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.    $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;'    Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.

CVE-2023-47039 (2023-10-30)

Perl for Windows relies on the system path environment variable to find the shell (cmd.exe). When running an executable which uses Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. An attacker with limited privileges can exploit this behavior by placing cmd.exe in locations with weak permissions, such as C:\ProgramData. By doing so, when an administrator attempts to use this executable from these compromised locations, arbitrary code can be executed.

CVE-2016-1238 (2016-08-02)

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

CVE-2015-8608 (2017-02-07)

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.

NAME

perldoc - Look up Perl documentation in Pod format.

SYNOPSIS

perldoc [-h] [-D] [-t] [-u] [-m] [-l] [-F] [-i] [-V] [-T] [-r] [-ddestination_file] [-oformatname] [-MFormatterClassName] [-wformatteroption:value] [-nnroff-replacement] [-X] [-L language_code] PageName|ModuleName|ProgramName

perldoc -f BuiltinFunction

perldoc -L it -f BuiltinFunction

perldoc -q FAQ Keyword

perldoc -L fr -q FAQ Keyword

perldoc -v PerlVariable

See below for more description of the switches.

DESCRIPTION

perldoc looks up a piece of documentation in .pod format that is embedded in the perl installation tree or in a perl script, and displays it via pod2man | nroff -man | $PAGER. (In addition, if running under HP-UX, col -x will be used.) This is primarily used for the documentation for the perl library modules.

Your system may also have man pages installed for those modules, in which case you can probably just use the man(1) command.

If you are looking for a table of contents to the Perl library modules documentation, see the perltoc page.

OPTIONS

-h

Prints out a brief help message.

-D

Describes search for the item in detail.

-t

Display docs using plain text converter, instead of nroff. This may be faster, but it probably won't look as nice.

-u

Skip the real Pod formatting, and just show the raw Pod source (Unformatted)

-m module

Display the entire module: both code and unformatted pod documentation. This may be useful if the docs don't explain a function in the detail you need, and you'd like to inspect the code directly; perldoc will find the file for you and simply hand it off for display.

-l

Display only the file name of the module found.

-F

Consider arguments as file names; no search in directories will be performed.

-f perlfunc

The -f option followed by the name of a perl built in function will extract the documentation of this function from perlfunc.

Example:

perldoc -f sprintf
-q perlfaq-search-regexp

The -q option takes a regular expression as an argument. It will search the question headings in perlfaq[1-9] and print the entries matching the regular expression.

Example:

perldoc -q shuffle
-v perlvar

The -v option followed by the name of a Perl predefined variable will extract the documentation of this variable from perlvar.

Examples:

perldoc -v '$"'
perldoc -v @+
perldoc -v DATA
-T

This specifies that the output is not to be sent to a pager, but is to be sent right to STDOUT.

-d destination-filename

This specifies that the output is to be sent neither to a pager nor to STDOUT, but is to be saved to the specified filename. Example: perldoc -oLaTeX -dtextwrapdocs.tex Text::Wrap

-o output-formatname

This specifies that you want Perldoc to try using a Pod-formatting class for the output format that you specify. For example: -oman. This is actually just a wrapper around the -M switch; using -oformatname just looks for a loadable class by adding that format name (with different capitalizations) to the end of different classname prefixes.

For example, -oLaTeX currently tries all of the following classes: Pod::Perldoc::ToLaTeX Pod::Perldoc::Tolatex Pod::Perldoc::ToLatex Pod::Perldoc::ToLATEX Pod::Simple::LaTeX Pod::Simple::latex Pod::Simple::Latex Pod::Simple::LATEX Pod::LaTeX Pod::latex Pod::Latex Pod::LATEX.

-M module-name

This specifies the module that you want to try using for formatting the pod. The class must at least provide a parse_from_file method. For example: perldoc -MPod::Perldoc::ToChecker.

You can specify several classes to try by joining them with commas or semicolons, as in -MTk::SuperPod;Tk::Pod.

-w option:value or -w option

This specifies an option to call the formatter with. For example, -w textsize:15 will call $formatter->textsize(15) on the formatter object before it is used to format the object. For this to be valid, the formatter class must provide such a method, and the value you pass should be valid. (So if textsize expects an integer, and you do -w textsize:big, expect trouble.)

You can use -w optionname (without a value) as shorthand for -w optionname:TRUE. This is presumably useful in cases of on/off features like: -w page_numbering.

You can use a "=" instead of the ":", as in: -w textsize=15. This might be more (or less) convenient, depending on what shell you use.

-X

Use an index if it is present. The -X option looks for an entry whose basename matches the name given on the command line in the file $Config{archlib}/pod.idx. The pod.idx file should contain fully qualified filenames, one per line.

-L language_code

This allows to specify the language code for desired language translation. If POD2::<language_code> package doesn't exist (or isn't installed in your system), the switch will be ignored. All available translation packages should be found under the POD2:: namespace. See POD2::IT (or POD2::FR) in order to see how to create and integrate new localized POD2::* pod documentation packages in Pod::Perldoc.

PageName|ModuleName|ProgramName

The item you want to look up. Nested modules (such as File::Basename) are specified either as File::Basename or File/Basename. You may also give a descriptive name of a page, such as perlfunc.

For simple names like 'foo', when the normal search fails to find a matching page, a search with the "perl" prefix is tried as well. So "perldoc intro" is enough to find/render "perlintro.pod".

-n some-formatter

Specify replacement for nroff

-r

Recursive search.

-i

Ignore case.

-V

Displays the version of perldoc you're running.

SECURITY

Because perldoc does not run properly tainted, and is known to have security issues, when run as the superuser it will attempt to drop privileges by setting the effective and real IDs to nobody's or nouser's account, or -2 if unavailable. If it cannot relinquish its privileges, it will not run.

ENVIRONMENT

Any switches in the PERLDOC environment variable will be used before the command line arguments.

Useful values for PERLDOC include -oman, -otext, -otk, -ortf, -oxml, and so on, depending on what modules you have on hand; or exactly specify the formatter class with -MPod::Perldoc::ToMan or the like.

perldoc also searches directories specified by the PERL5LIB (or PERLLIB if PERL5LIB is not defined) and PATH environment variables. (The latter is so that embedded pods for executables, such as perldoc itself, are available.)

perldoc will use, in order of preference, the pager defined in PERLDOC_PAGER, MANPAGER, or PAGER before trying to find a pager on its own. (MANPAGER is not used if perldoc was told to display plain text or unformatted pod.)

One useful value for PERLDOC_PAGER is less -+C -E.

Having PERLDOCDEBUG set to a positive integer will make perldoc emit even more descriptive output than the -v switch does; the higher the number, the more it emits.

CHANGES

Up to 3.14_05, the switch -v was used to produce verbose messages of perldoc operation, which is now enabled by -D.

SEE ALSO

perlpod, Pod::Perldoc

AUTHOR

Current maintainer: Adriano R. Ferreira <ferreira@cpan.org>

Past contributors are: Sean M. Burke <sburke@cpan.org>, Kenneth Albanowski <kjahds@kjahds.com>, Andy Dougherty <doughera@lafcol.lafayette.edu>, and many others.