/ 
perl5.005_04
River stage five • 12010 direct dependents • 33600 total dependents
Security Advisories (28)
CVE-2011-2728 (2012-12-21)

The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.

CVE-2020-12723 (2020-06-05)

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

CVE-2020-10878 (2020-06-05)

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

CVE-2020-10543 (2020-06-05)

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

CVE-2018-6913 (2018-04-17)

Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.

CVE-2018-18314 (2018-12-07)

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-18313 (2018-12-07)

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

CVE-2018-18312 (2018-12-05)

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-18311 (2018-12-07)

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2015-8853 (2016-05-25)

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."

CVE-2013-1667 (2013-03-14)

The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.

CVE-2010-4777 (2014-02-10)

The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.

CVE-2010-1158 (2010-04-20)

Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.

CVE-2009-3626 (2009-10-29)

Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.

CVE-2008-1927 (2008-04-24)

Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.

CVE-2005-3962 (2005-12-01)

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

CVE-2007-5116 (2007-11-07)

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.

CVE-2012-5195 (2012-12-18)

Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.

CVE-2016-2381 (2016-04-08)

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

CVE-2013-7422 (2015-08-16)

Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.

CVE-2011-1487 (2011-04-11)

The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.

CVE-2023-47039 (2023-10-30)

Perl for Windows relies on the system path environment variable to find the shell (cmd.exe). When running an executable which uses Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. An attacker with limited privileges can exploit this behavior by placing cmd.exe in locations with weak permissions, such as C:\ProgramData. By doing so, when an administrator attempts to use this executable from these compromised locations, arbitrary code can be executed.

CVE-2023-47100

In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.

CVE-2024-56406 (2025-04-13)

A heap buffer overflow vulnerability was discovered in Perl. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.    $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;'    Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.

CVE-1999-0462 (1999-03-17)

suidperl in Linux Perl does not check the nosuid mount option on file systems, allowing local users to gain root access by placing a setuid script in a mountable file system, e.g. a CD-ROM or floppy disk.

CVE-2000-0703 (2000-10-20)

suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.

CVE-2016-1238 (2016-08-02)

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

CVE-2015-8608 (2017-02-07)

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.

Changes for version 5.005_04

  • This section describes the differences between the 5.005_03 and

Changes for version 5.005_04

  • compatibility release.
  • Perl now compiles and runs under modern Unix systems, including those with recent Berkeley DB libraries or GCC 3. Additionally, it now runs under Mac OS X (10.3).
  • This also contains a security fix for a suidperl vulnerability. See http://www.cpan.org/src/5.0/sperl-2000-08-05/sperl-2000-08-05.txt for more information.
  • =head1 About the new versioning system
  • Perl is now developed on two tracks: a maintenance track that makes small, safe updates to released production versions with emphasis on compatibility; and a development track that pursues more aggressive evolution. Maintenance releases (which should be considered production quality) have subversion numbers that run from C<1> to C<49>, and development releases (which should be considered "alpha" quality) run from C<50> to C<99>.
  • Perl 5.005 is the combined product of the new dual-track development scheme.
  • =head1 Incompatible Changes
  • =head2 WARNING: This version is not binary compatible with Perl 5.004.
  • Starting with Perl 5.004_50 there were many deep and far-reaching changes to the language internals. If you have dynamically loaded extensions that you built under perl 5.003 or 5.004, you can continue to use them with 5.004, but you will need to rebuild and reinstall those extensions to use them 5.005. See L<INSTALL> for detailed instructions on how to upgrade.
  • =head2 Default installation structure has changed
  • The new Configure defaults are designed to allow a smooth upgrade from

Documentation

Porting/patching.pod
Appropriate format for patches to the perl source tree
Porting/pumpkin.pod
Notes on handling the Perl Patch Pumpkin
plan9/perlplan9.pod
Plan 9-specific documentation for Perl
pod/Win32.pod
Interfaces to some Win32 API Functions
pod/perl.pod
Practical Extraction and Report Language
pod/perl5004delta.pod
what's new for perl5.004
pod/perlapio.pod
perl's IO abstraction interface.
pod/perlbook.pod
Perl book information
pod/perlbot.pod
Bag'o Object Tricks (the BOT)
pod/perlcall.pod
Perl calling conventions from C
pod/perldata.pod
Perl data types
pod/perldebug.pod
Perl debugging
pod/perldelta.pod
what's new for perl5.005
pod/perldiag.pod
various Perl diagnostics
pod/perldsc.pod
Perl Data Structures Cookbook
pod/perlembed.pod
how to embed perl in your C program
pod/perlfaq.pod
frequently asked questions about Perl ($Date: 1999/01/08 05:54:52 $)
pod/perlfaq1.pod
General Questions About Perl ($Revision: 1.20 $, $Date: 1999/01/08 04:22:09 $)
pod/perlfaq2.pod
Obtaining and Learning about Perl ($Revision: 1.30 $, $Date: 1998/12/29 19:43:32 $)
pod/perlfaq3.pod
Programming Tools ($Revision: 1.33 $, $Date: 1998/12/29 20:12:12 $)
pod/perlfaq4.pod
Data Manipulation ($Revision: 1.40 $, $Date: 1999/01/08 04:26:39 $)
pod/perlfaq5.pod
Files and Formats ($Revision: 1.34 $, $Date: 1999/01/08 05:46:13 $)
pod/perlfaq6.pod
Regexps ($Revision: 1.25 $, $Date: 1999/01/08 04:50:47 $)
pod/perlfaq7.pod
Perl Language Issues ($Revision: 1.24 $, $Date: 1999/01/08 05:32:11 $)
pod/perlfaq8.pod
System Interaction ($Revision: 1.36 $, $Date: 1999/01/08 05:36:34 $)
pod/perlfaq9.pod
Networking ($Revision: 1.24 $, $Date: 1999/01/08 05:39:48 $)
pod/perlform.pod
Perl formats
pod/perlfunc.pod
Perl builtin functions
pod/perlguts.pod
Perl's Internal Functions
pod/perlhist.pod
the Perl history records
pod/perlipc.pod
Perl interprocess communication (signals, fifos, pipes, safe subprocesses, sockets, and semaphores)
pod/perllocale.pod
Perl locale handling (internationalization and localization)
pod/perllol.pod
Manipulating Lists of Lists in Perl
pod/perlmod.pod
Perl modules (packages and symbol tables)
pod/perlmodinstall.pod
Installing CPAN Modules
pod/perlmodlib.pod
constructing new Perl modules and finding existing ones
pod/perlobj.pod
Perl objects
pod/perlop.pod
Perl operators and precedence
pod/perlopentut.pod
tutorial on opening things in Perl
pod/perlpod.pod
plain old documentation
pod/perlport.pod
Writing portable Perl
pod/perlre.pod
Perl regular expressions
pod/perlref.pod
Perl references and nested data structures
pod/perlreftut.pod
Mark's very short tutorial about references
pod/perlrun.pod
how to execute the Perl interpreter
pod/perlsec.pod
Perl security
pod/perlstyle.pod
Perl style guide
pod/perlsub.pod
Perl subroutines
pod/perlsyn.pod
Perl syntax
pod/perlthrtut.pod
tutorial on threads in Perl
pod/perltie.pod
how to hide an object class in a simple variable
pod/perltoc.pod
perl documentation table of contents
pod/perltoot.pod
Tom's object-oriented tutorial for perl
pod/perltrap.pod
Perl traps for the unwary
pod/perlvar.pod
Perl predefined variables
pod/perlxs.pod
XS language reference manual
pod/perlxstut.pod
Tutorial for XSUBs
vms/perlvms.pod
VMS-specific documentation for Perl
x2p/a2p.pod
Awk to Perl translator

Modules

lib/CGI.pm
Simple Common Gateway Interface Class
lib/CPAN.pm
query, download and build perl modules from CPAN sites
lib/Cwd.pm
get pathname of current working directory
lib/ExtUtils/Command.pm
utilities to replace common UNIX commands in Makefiles etc.
lib/ExtUtils/Install.pm
install files from here to there
lib/ExtUtils/Installed.pm
Inventory management of installed modules
lib/ExtUtils/Liblist.pm
determine libraries to use and how to use them
lib/ExtUtils/MM_OS2.pm
methods to override UN*X behaviour in ExtUtils::MakeMaker
lib/ExtUtils/MM_Unix.pm
methods used by ExtUtils::MakeMaker
lib/ExtUtils/MM_VMS.pm
methods to override UN*X behaviour in ExtUtils::MakeMaker
lib/ExtUtils/MM_Win32.pm
methods to override UN*X behaviour in ExtUtils::MakeMaker
lib/ExtUtils/MakeMaker.pm
create an extension Makefile
lib/ExtUtils/Manifest.pm
utilities to write and check a MANIFEST file
lib/ExtUtils/Mkbootstrap.pm
make a bootstrap file for use by DynaLoader
lib/ExtUtils/Mksymlists.pm
write linker options files for dynamic extension
lib/ExtUtils/Packlist.pm
manage .packlist files
lib/ExtUtils/testlib.pm
add blib/* directories to @INC
lib/File/Spec.pm
portably perform operations on file names
lib/Getopt/Long.pm
extended processing of command line options
lib/Math/BigFloat.pm
Arbitrary length float math package
lib/Math/BigInt.pm
Arbitrary size integer math package
lib/Net/Ping.pm
check a remote host for reachability
lib/Pod/Html.pm
module to convert pod files to HTML
lib/Pod/Text.pm
convert POD data to formatted ASCII text
lib/Term/Cap.pm
Perl termcap interface
lib/Test.pm
provides a simple framework for writing test scripts
lib/Test/Harness.pm
run perl standard test scripts with statistics
lib/Text/Tabs.pm
expand and unexpand tabs per the unix expand(1) and unexpand(1)
lib/Text/Wrap.pm
line wrapping to form simple paragraphs
lib/Time/Local.pm
efficiently compute time from local and GMT time

Provides

AnyDBM_File
in lib/AnyDBM_File.pm
AutoLoader
in lib/AutoLoader.pm
AutoSplit
in lib/AutoSplit.pm
B
in ext/B/B.pm
B::Asmdata
in ext/B/B/Asmdata.pm
B::Assembler
in ext/B/B/Assembler.pm
B::Bblock
in ext/B/B/Bblock.pm
B::Bytecode
in ext/B/B/Bytecode.pm
B::C
in ext/B/B/C.pm
B::CC
in ext/B/B/CC.pm
B::Debug
in ext/B/B/Debug.pm
B::Deparse
in ext/B/B/Deparse.pm
B::Disassembler
in ext/B/B/Disassembler.pm
B::Disassembler::BytecodeStream
in ext/B/B/Disassembler.pm
B::Lint
in ext/B/B/Lint.pm
B::OBJECT
in ext/B/B.pm
B::Pseudoreg
in ext/B/B/CC.pm
B::Section
in ext/B/B.pm
B::Shadow
in ext/B/B/CC.pm
B::Showlex
in ext/B/B/Showlex.pm
B::Stackobj
in ext/B/B/Stackobj.pm
B::Terse
in ext/B/B/Terse.pm
B::Xref
in ext/B/B/Xref.pm
Benchmark
in lib/Benchmark.pm
Carp
in lib/Carp.pm
Class::Struct
in lib/Class/Struct.pm
Class::Struct::Tie_ISA
in lib/Class/Struct.pm
Devel::SelfStubber
in lib/Devel/SelfStubber.pm
DirHandle
in lib/DirHandle.pm
Dumpvalue
in lib/Dumpvalue.pm
English
in lib/English.pm
Env
in lib/Env.pm
Exporter
in lib/Exporter.pm
ExtUtils::Embed
in lib/ExtUtils/Embed.pm
ExtUtils::XSSymSet
in vms/ext/XSSymSet.pm
Fatal
in lib/Fatal.pm
Fcntl
in ext/Fcntl/Fcntl.pm
File::Basename
in lib/File/Basename.pm
File::CheckTree
in lib/File/CheckTree.pm
File::Compare
in lib/File/Compare.pm
File::Copy
in lib/File/Copy.pm
File::DosGlob
in lib/File/DosGlob.pm
File::Find
in lib/File/Find.pm
File::Path
in lib/File/Path.pm
File::stat
in lib/File/stat.pm
FileCache
in lib/FileCache.pm
FileHandle
in lib/FileHandle.pm
FindBin
in lib/FindBin.pm
GDBM_File
in ext/GDBM_File/GDBM_File.pm
Getopt::Std
in lib/Getopt/Std.pm
I18N::Collate
in lib/I18N/Collate.pm
IO
in ext/IO/IO.pm
IO::File
in ext/IO/lib/IO/File.pm
IO::Handle
in ext/IO/lib/IO/Handle.pm
IO::Pipe
in ext/IO/lib/IO/Pipe.pm
IO::Pipe::End
in ext/IO/lib/IO/Pipe.pm
IO::Seekable
in ext/IO/lib/IO/Seekable.pm
IO::Select
in ext/IO/lib/IO/Select.pm
IO::Socket
in ext/IO/lib/IO/Socket.pm
IO::Socket::INET
in ext/IO/lib/IO/Socket.pm
IO::Socket::UNIX
in ext/IO/lib/IO/Socket.pm
IPC::Msg
in ext/IPC/SysV/Msg.pm
IPC::Msg::stat
in ext/IPC/SysV/Msg.pm
IPC::Open2
in lib/IPC/Open2.pm
IPC::Open3
in lib/IPC/Open3.pm
IPC::Semaphore
in ext/IPC/SysV/Semaphore.pm
IPC::Semaphore::stat
in ext/IPC/SysV/Semaphore.pm
IPC::SysV
in ext/IPC/SysV/SysV.pm
Math::Complex
in lib/Math/Complex.pm
Math::Trig
in lib/Math/Trig.pm
NDBM_File
in ext/NDBM_File/NDBM_File.pm
Net::hostent
in lib/Net/hostent.pm
Net::netent
in lib/Net/netent.pm
Net::protoent
in lib/Net/protoent.pm
Net::servent
in lib/Net/servent.pm
O
in ext/B/O.pm
ODBM_File
in ext/ODBM_File/ODBM_File.pm
OS2::ExtAttr
in os2/OS2/ExtAttr/ExtAttr.pm
OS2::PrfDB
in os2/OS2/PrfDB/PrfDB.pm
OS2::PrfDB::Hini
in os2/OS2/PrfDB/PrfDB.pm
OS2::PrfDB::Sub
in os2/OS2/PrfDB/PrfDB.pm
OS2::Process
in os2/OS2/Process/Process.pm
OS2::REXX
in os2/OS2/REXX/REXX.pm
OS2::REXX::_ARRAY
in os2/OS2/REXX/REXX.pm
OS2::REXX::_HASH
in os2/OS2/REXX/REXX.pm
OS2::REXX::_SCALAR
in os2/OS2/REXX/REXX.pm
Opcode
in ext/Opcode/Opcode.pm
POSIX
in ext/POSIX/POSIX.pm
POSIX::SigAction
in ext/POSIX/POSIX.pm
Pod::Functions
in lib/Pod/Functions.pm
SDBM_File
in ext/SDBM_File/SDBM_File.pm
Safe
in ext/Opcode/Safe.pm
Search::Dict
in lib/Search/Dict.pm
SelectSaver
in lib/SelectSaver.pm
SelfLoader
in lib/SelfLoader.pm
Shell
in lib/Shell.pm
Socket
in ext/Socket/Socket.pm
Symbol
in lib/Symbol.pm
Sys::Hostname
in lib/Sys/Hostname.pm
Sys::Syslog
in lib/Sys/Syslog.pm
Term::Complete
in lib/Term/Complete.pm
Term::ReadLine
in lib/Term/ReadLine.pm
Term::ReadLine::Stub
in lib/Term/ReadLine.pm
Term::ReadLine::TermCap
in lib/Term/ReadLine.pm
Term::ReadLine::Tk
in lib/Term/ReadLine.pm
Text::Abbrev
in lib/Text/Abbrev.pm
Text::ParseWords
in lib/Text/ParseWords.pm
Text::Soundex
in lib/Text/Soundex.pm
Thread
in ext/Thread/Thread.pm
Thread::Queue
in ext/Thread/Thread/Queue.pm
Thread::Semaphore
in ext/Thread/Thread/Semaphore.pm
Thread::Signal
in ext/Thread/Thread/Signal.pm
Thread::Specific
in ext/Thread/Thread/Specific.pm
Tie::Array
in lib/Tie/Array.pm
Tie::Handle
in lib/Tie/Handle.pm
Tie::Hash
in lib/Tie/Hash.pm
Tie::RefHash
in lib/Tie/RefHash.pm
Tie::Scalar
in lib/Tie/Scalar.pm
Tie::StdArray
in lib/Tie/Array.pm
Tie::StdHash
in lib/Tie/Hash.pm
Tie::StdScalar
in lib/Tie/Scalar.pm
Tie::SubstrHash
in lib/Tie/SubstrHash.pm
Time::gmtime
in lib/Time/gmtime.pm
Time::localtime
in lib/Time/localtime.pm
Time::tm
in lib/Time/tm.pm
UNIVERSAL
in lib/UNIVERSAL.pm
User::grent
in lib/User/grent.pm
User::pwent
in lib/User/pwent.pm
VMS::DCLsym
in vms/ext/DCLsym/DCLsym.pm
VMS::Filespec
in vms/ext/Filespec.pm
VMS::Stdio
in vms/ext/Stdio/Stdio.pm
VMS::stdio
in vms/ext/Stdio/Stdio.pm
attrs
in ext/attrs/attrs.pm
autouse
in lib/autouse.pm
base
in lib/base.pm
blib
in lib/blib.pm
constant
in lib/constant.pm
diagnostics
in lib/diagnostics.pm
fields
in lib/fields.pm
integer
in lib/integer.pm
less
in lib/less.pm
lib
in lib/lib.pm
locale
in lib/locale.pm
ops
in ext/Opcode/ops.pm
overload
in lib/overload.pm
re
in ext/re/re.pm
sigtrap
in lib/sigtrap.pm
strict
in lib/strict.pm
subs
in lib/subs.pm
vars
in lib/vars.pm
vmsish
in vms/ext/vmsish.pm

Examples

Other files