Security Advisories (22)

CVE-2011-2728 (2012-12-21)

The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.

CVE-2020-12723 (2020-06-05)

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

CVE-2020-10878 (2020-06-05)

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

CVE-2020-10543 (2020-06-05)

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

CVE-2018-6913 (2018-04-17)

Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.

CVE-2018-18314 (2018-12-07)

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-18313 (2018-12-07)

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

CVE-2018-18312 (2018-12-05)

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-18311 (2018-12-07)

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2015-8853 (2016-05-25)

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."

CVE-2013-1667 (2013-03-14)

The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.

CVE-2011-0761 (2011-05-13)

Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call.

CVE-2010-4777 (2014-02-10)

The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.

CVE-2012-5195 (2012-12-18)

Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.

CVE-2016-2381 (2016-04-08)

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

CVE-2013-7422 (2015-08-16)

Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.

CVE-2011-1487 (2011-04-11)

The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.

CVE-2023-47039 (2023-10-30)

Perl for Windows relies on the system path environment variable to find the shell (cmd.exe). When running an executable which uses Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. An attacker with limited privileges can exploit this behavior by placing cmd.exe in locations with weak permissions, such as C:\ProgramData. By doing so, when an administrator attempts to use this executable from these compromised locations, arbitrary code can be executed.

CVE-2023-47100

In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.

CVE-2024-56406 (2025-04-13)

A heap buffer overflow vulnerability was discovered in Perl. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`. $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;' Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.

CVE-2016-1238 (2016-08-02)

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

CVE-2015-8608 (2017-02-07)

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.

NAME

dprofpp - display perl profile data

SYNOPSIS

dprofpp [-a|-z|-l|-v|-U] [-d] [-s|-r|-u] [-q] [-F] [-I|-E] [-O cnt] [-A] [-R] [-S] [-g subroutine] [-G <regexp> [-P]] [-f <regexp>] [profile]

dprofpp -T [-F] [-g subroutine] [profile]

dprofpp -t [-F] [-g subroutine] [profile]

dprofpp -G <regexp> [-P] [profile]

dprofpp -p script [-Q] [other opts]

dprofpp -V [profile]

DESCRIPTION

The dprofpp command interprets profile data produced by a profiler, such as the Devel::DProf profiler. Dprofpp will read the file tmon.out and display the 15 subroutines which are using the most time. By default the times for each subroutine are given exclusive of the times of their child subroutines.

To profile a Perl script run the perl interpreter with the -d switch. So to profile script test.pl with Devel::DProf use the following:

$ perl5 -d:DProf test.pl

Then run dprofpp to analyze the profile. The output of dprofpp depends on the flags to the program and the version of Perl you're using.

$ dprofpp -u
Total Elapsed Time =    1.67 Seconds
	 User Time =    0.61 Seconds
Exclusive Times
%Time Seconds     #Calls sec/call Name
 52.4   0.320          2   0.1600 main::foo
 45.9   0.280        200   0.0014 main::bar
 0.00   0.000          1   0.0000 DynaLoader::import
 0.00   0.000          1   0.0000 main::baz

The dprofpp tool can also run the profiler before analyzing the profile data. The above two commands can be executed with one dprofpp command.

$ dprofpp -u -p test.pl

Consult "PROFILE FORMAT" in Devel::DProf for a description of the raw profile.

OUTPUT

Columns are:

%Time: Percentage of time spent in this routine.
#Calls: Number of calls to this routine.
sec/call: Average number of seconds per call to this routine.
Name: Name of routine.
CumulS: Time (in seconds) spent in this routine and routines called from it.
ExclSec: Time (in seconds) spent in this routine (not including those called from it).
Csec/c: Average time (in seconds) spent in each call of this routine (including those called from it).

OPTIONS

-a

Sort alphabetically by subroutine names.

-d

Reverse whatever sort is used

-A

Count timing for autoloaded subroutine as timing for *::AUTOLOAD. Otherwise the time to autoload it is counted as time of the subroutine itself (there is no way to separate autoload time from run time).

This is going to be irrelevant with newer Perls. They will inform Devel::DProf when the AUTOLOAD switches to actual subroutine, so a separate statistics for AUTOLOAD will be collected no matter whether this option is set.

-R

Count anonymous subroutines defined in the same package separately.

-E

(default) Display all subroutine times exclusive of child subroutine times.

-F

Force the generation of fake exit timestamps if dprofpp reports that the profile is garbled. This is only useful if dprofpp determines that the profile is garbled due to missing exit timestamps. You're on your own if you do this. Consult the BUGS section.

-I

Display all subroutine times inclusive of child subroutine times.

-l

Sort by number of calls to the subroutines. This may help identify candidates for inlining.

-O cnt

Show only cnt subroutines. The default is 15.

-p script

Tells dprofpp that it should profile the given script and then interpret its profile data. See -Q.

-Q

Used with -p to tell dprofpp to quit after profiling the script, without interpreting the data.

-q

Do not display column headers.

-r

Display elapsed real times rather than user+system times.

-s

Display system times rather than user+system times.

-T

Display subroutine call tree to stdout. Subroutine statistics are not displayed.

-t

Display subroutine call tree to stdout. Subroutine statistics are not displayed. When a function is called multiple consecutive times at the same calling level then it is displayed once with a repeat count.

-S

Display merged subroutine call tree to stdout. Statistics are displayed for each branch of the tree.

When a function is called multiple (not necessarily consecutive) times in the same branch then all these calls go into one branch of the next level. A repeat count is output together with combined inclusive, exclusive and kids time.

Branches are sorted with regard to inclusive time.

-U

Do not sort. Display in the order found in the raw profile.

-u

Display user times rather than user+system times.

-V

Print dprofpp's version number and exit. If a raw profile is found then its XS_VERSION variable will be displayed, too.

-v

Sort by average time spent in subroutines during each call. This may help identify candidates for inlining.

-z

(default) Sort by amount of user+system time used. The first few lines should show you which subroutines are using the most time.

-g subroutine

Ignore subroutines except subroutine and whatever is called from it.

-G <regexp>

Aggregate "Group" all calls matching the pattern together. For example this can be used to group all calls of a set of packages

-G "(package1::)|(package2::)|(package3::)"

or to group subroutines by name:

-G "getNum"

-P

Used with -G to aggregate "Pull" together all calls that did not match -G.

-f <regexp>

Filter all calls matching the pattern.

-h

Display brief help and exit.

-H

Display long help and exit.

ENVIRONMENT

The environment variable DPROFPP_OPTS can be set to a string containing options for dprofpp. You might use this if you prefer -I over -E or if you want -F on all the time.

This was added fairly lazily, so there are some undesirable side effects. Options on the commandline should override options in DPROFPP_OPTS--but don't count on that in this version.

BUGS

Applications which call _exit() or exec() from within a subroutine will leave an incomplete profile. See the -F option.

Any bugs in Devel::DProf, or any profiler generating the profile data, could be visible here. See "BUGS" in Devel::DProf.

Mail bug reports and feature requests to the perl5-porters mailing list at <perl5-porters@perl.org>. Bug reports should include the output of the -V option.

FILES

dprofpp		- profile processor
tmon.out	- raw profile

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)