Security Advisories (28)

CVE-2011-2728 (2012-12-21)

The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.

CVE-2020-12723 (2020-06-05)

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

CVE-2020-10878 (2020-06-05)

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

CVE-2020-10543 (2020-06-05)

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

CVE-2018-6913 (2018-04-17)

Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.

CVE-2018-18314 (2018-12-07)

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-18313 (2018-12-07)

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

CVE-2018-18312 (2018-12-05)

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-18311 (2018-12-07)

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2015-8853 (2016-05-25)

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."

CVE-2013-1667 (2013-03-14)

The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.

CVE-2010-4777 (2014-02-10)

The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.

CVE-2010-1158 (2010-04-20)

Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.

CVE-2009-3626 (2009-10-29)

Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.

CVE-2008-1927 (2008-04-24)

Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.

CVE-2005-3962 (2005-12-01)

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

CVE-2007-5116 (2007-11-07)

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.

CVE-2012-5195 (2012-12-18)

Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.

CVE-2016-2381 (2016-04-08)

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

CVE-2013-7422 (2015-08-16)

Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.

CVE-2011-1487 (2011-04-11)

The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.

CVE-2023-47100

In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.

CVE-2024-56406 (2025-04-13)

A heap buffer overflow vulnerability was discovered in Perl. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`. $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;' Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.

CVE-1999-0462 (1999-03-17)

suidperl in Linux Perl does not check the nosuid mount option on file systems, allowing local users to gain root access by placing a setuid script in a mountable file system, e.g. a CD-ROM or floppy disk.

http://www.securityfocus.com/bid/339

CVE-2000-0703 (2000-10-20)

suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.

CVE-2023-47039 (2023-10-30)

Perl for Windows relies on the system path environment variable to find the shell (cmd.exe). When running an executable which uses Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. An attacker with limited privileges can exploit this behavior by placing cmd.exe in locations with weak permissions, such as C:\ProgramData. By doing so, when an administrator attempts to use this executable from these compromised locations, arbitrary code can be executed.

CVE-2016-1238 (2016-08-02)

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

CVE-2015-8608 (2017-02-07)

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.

NAME

VMS::Stdio - standard I/O functions via VMS extensions

SYNOPSIS

use VMS::Stdio qw( &flush &getname &remove &rewind &setdef &sync &tmpnam &vmsopen &vmssysopen &waitfh &writeof ); setdef("new:[default.dir]"); $uniquename = tmpnam; $fh = vmsopen("my.file","rfm=var","alq=100",...) or die $!; $name = getname($fh); print $fh "Hello, world!\n"; flush($fh); sync($fh); rewind($fh); $line = <$fh>; undef $fh; # closes file $fh = vmssysopen("another.file", O_RDONLY | O_NDELAY, 0, "ctx=bin"); sysread($fh,$data,128); waitfh($fh); close($fh); remove("another.file"); writeof($pipefh); =head1 DESCRIPTION

This package gives Perl scripts access via VMS extensions to several C stdio operations not available through Perl's CORE I/O functions. The specific routines are described below. These functions are prototyped as unary operators, with the exception of vmsopen and vmssysopen, which can take any number of arguments, and tmpnam, which takes none.

All of the routines are available for export, though none are exported by default. All of the constants used by vmssysopen to specify access modes are exported by default. The routines are associated with the Exporter tag FUNCTIONS, and the constants are associated with the Exporter tag CONSTANTS, so you can more easily choose what you'd like to import:

# import constants, but not functions
use VMS::Stdio;  # same as use VMS::Stdio qw( :DEFAULT );
# import functions, but not constants
use VMS::Stdio qw( !:CONSTANTS :FUNCTIONS ); 
# import both
use VMS::Stdio qw( :CONSTANTS :FUNCTIONS ); 
# import neither
use VMS::Stdio ();

Of course, you can also choose to import specific functions by name, as usual.

This package ISA IO::File, so that you can call IO::File methods on the handles returned by vmsopen and vmssysopen. The IO::File package is not initialized, however, until you actually call a method that VMS::Stdio doesn't provide. This is doen to save startup time for users who don't wish to use the IO::File methods.

Note: In order to conform to naming conventions for Perl extensions and functions, the name of this package has been changed to VMS::Stdio as of Perl 5.002, and the names of some routines have been changed. Calls to the old VMS::stdio routines will generate a warning, and will be routed to the equivalent VMS::Stdio function. This compatibility interface will be removed in a future release of this extension, so please update your code to use the new routines.

flush

This function causes the contents of stdio buffers for the specified file handle to be flushed. If undef is used as the argument to flush, all currently open file handles are flushed. Like the CRTL fflush() routine, it does not flush any underlying RMS buffers for the file, so the data may not be flushed all the way to the disk. flush returns a true value if successful, and undef if not.

getname

The getname function returns the file specification associated with a Perl I/O handle. If an error occurs, it returns undef.

remove

This function deletes the file named in its argument, returning a true value if successful and undef if not. It differs from the CORE Perl function unlink in that it does not try to reset file protection if the original protection does not give you delete access to the file (cf. perlvms). In other words, remove is equivalent to

unlink($file) if VMS::Filespec::candelete($file);

rewind

rewind resets the current position of the specified file handle to the beginning of the file. It's really just a convenience method equivalent in effect to seek($fh,0,0). It returns a true value if successful, and undef if it fails.

setdef

This function sets the default device and directory for the process. It is identical to the built-in chdir() operator, except that the change persists after Perl exits. It returns a true value on success, and undef if it encounters and error.

sync

This function flushes buffered data for the specified file handle from stdio and RMS buffers all the way to disk. If successful, it returns a true value; otherwise, it returns undef.

tmpnam

The tmpnam function returns a unique string which can be used as a filename when creating temporary files. If, for some reason, it is unable to generate a name, it returns undef.

vmsopen

The vmsopen function enables you to specify optional RMS arguments to the VMS CRTL when opening a file. Its operation is similar to the built-in Perl open function (see perlfunc for a complete description), but it will only open normal files; it cannot open pipes or duplicate existing I/O handles. Up to 8 optional arguments may follow the file name. These arguments should be strings which specify optional file characteristics as allowed by the CRTL. (See the CRTL reference manual description of creat() and fopen() for details.) If successful, vmsopen returns a VMS::Stdio file handle; if an error occurs, it returns undef.

You can use the file handle returned by vmsopen just as you would any other Perl file handle. The class VMS::Stdio ISA IO::File, so you can call IO::File methods using the handle returned by vmsopen. However, useing VMS::Stdio does not automatically use IO::File; you must do so explicitly in your program if you want to call IO::File methods. This is done to avoid the overhead of initializing the IO::File package in programs which intend to use the handle returned by vmsopen as a normal Perl file handle only. When the scalar containing a VMS::Stdio file handle is overwritten, undefd, or goes out of scope, the associated file is closed automatically.

vmssysopen

This function bears the same relationship to the CORE function sysopen as vmsopen does to open. Its first three arguments are the name, access flags, and permissions for the file. Like vmsopen, it takes up to 8 additional string arguments which specify file characteristics. Its return value is identical to that of vmsopen.

The symbolic constants for the mode argument are exported by VMS::Stdio by default, and are also exported by the Fcntl package.

waitfh

This function causes Perl to wait for the completion of an I/O operation on the file handle specified as its argument. It is used with handles opened for asynchronous I/O, and performs its task by calling the CRTL routine fwait().

writeof

This function writes an EOF to a file handle, if the device driver supports this operation. Its primary use is to send an EOF to a subprocess through a pipe opened for writing without closing the pipe. It returns a true value if successful, and undef if it encounters an error.

REVISION

This document was last revised on 10-Dec-1996, for Perl 5.004.

1 POD Error

The following errors were encountered while parsing the POD:

Around line 251:: You forgot a '=back' before '=head1'

To install lib, copy and paste the appropriate command in to your terminal.

cpanm

cpanm lib

CPAN shell

perl -MCPAN -e shell
install lib

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

SYNOPSIS

REVISION

Module Install Instructions

Keyboard Shortcuts