/ 
perl-5.9.3
/ lib/Locale/Currency.pod
Security Advisories (24)
CVE-2011-2728 (2012-12-21)

The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.

CVE-2020-12723 (2020-06-05)

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

CVE-2020-10878 (2020-06-05)

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

CVE-2020-10543 (2020-06-05)

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

CVE-2018-6913 (2018-04-17)

Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.

CVE-2018-18314 (2018-12-07)

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-18313 (2018-12-07)

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

CVE-2018-18312 (2018-12-05)

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-18311 (2018-12-07)

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2015-8853 (2016-05-25)

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."

CVE-2013-1667 (2013-03-14)

The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.

CVE-2010-4777 (2014-02-10)

The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.

CVE-2010-1158 (2010-04-20)

Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.

CVE-2009-3626 (2009-10-29)

Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.

CVE-2005-3962 (2005-12-01)

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

CVE-2012-5195 (2012-12-18)

Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.

CVE-2016-2381 (2016-04-08)

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

CVE-2013-7422 (2015-08-16)

Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.

CVE-2011-1487 (2011-04-11)

The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.

CVE-2023-47100

In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.

CVE-2024-56406 (2025-04-13)

A heap buffer overflow vulnerability was discovered in Perl. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.    $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;'    Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.

CVE-2023-47039 (2023-10-30)

Perl for Windows relies on the system path environment variable to find the shell (cmd.exe). When running an executable which uses Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. An attacker with limited privileges can exploit this behavior by placing cmd.exe in locations with weak permissions, such as C:\ProgramData. By doing so, when an administrator attempts to use this executable from these compromised locations, arbitrary code can be executed.

CVE-2016-1238 (2016-08-02)

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

CVE-2015-8608 (2017-02-07)

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.

NAME

Locale::Currency - ISO three letter codes for currency identification (ISO 4217)

SYNOPSIS

use Locale::Currency;

$curr = code2currency('usd');     # $curr gets 'US Dollar'
$code = currency2code('Euro');    # $code gets 'eur'

@codes   = all_currency_codes();
@names   = all_currency_names();

DESCRIPTION

The Locale::Currency module provides access to the ISO three-letter codes for identifying currencies and funds, as defined in ISO 4217. You can either access the codes via the "conversion routines" (described below), or with the two functions which return lists of all currency codes or all currency names.

There are two special codes defined by the standard which aren't understood by this module:

XTS

Specifically reserved for testing purposes.

XXX

For transactions where no currency is involved.

CONVERSION ROUTINES

There are two conversion routines: code2currency() and currency2code().

code2currency()

This function takes a three letter currency code and returns a string which contains the name of the currency identified. If the code is not a valid currency code, as defined by ISO 4217, then undef will be returned.

$curr = code2currency($code);
currency2code()

This function takes a currency name and returns the corresponding three letter currency code, if such exists. If the argument could not be identified as a currency name, then undef will be returned.

$code = currency2code('French Franc');

The case of the currency name is not important. See the section "KNOWN BUGS AND LIMITATIONS" below.

QUERY ROUTINES

There are two function which can be used to obtain a list of all currency codes, or all currency names:

all_currency_codes()

Returns a list of all three-letter currency codes. The codes are guaranteed to be all lower-case, and not in any particular order.

all_currency_names()

Returns a list of all currency names for which there is a corresponding three-letter currency code. The names are capitalised, and not returned in any particular order.

EXAMPLES

The following example illustrates use of the code2currency() function. The user is prompted for a currency code, and then told the corresponding currency name:

$| = 1;    # turn off buffering

print "Enter currency code: ";
chop($code = <STDIN>);
$curr = code2currency($code);
if (defined $curr)
{
    print "$code = $curr\n";
}
else
{
    print "'$code' is not a valid currency code!\n";
}

KNOWN BUGS AND LIMITATIONS

  • In the current implementation, all data is read in when the module is loaded, and then held in memory. A lazy implementation would be more memory friendly.

  • This module also includes the special codes which are not for a currency, such as Gold, Platinum, etc. This might cause a problem if you're using this module to display a list of currencies. Let Neil know if this does cause a problem, and we can do something about it.

  • ISO 4217 also defines a numeric code for each currency. Currency codes are not currently supported by this module, in the same way Locale::Country supports multiple codesets.

  • There are three cases where there is more than one code for the same currency name. Kwacha has two codes: mwk for Malawi, and zmk for Zambia. The Russian Ruble has two codes: rub and rur. The Belarussian Ruble has two codes: byr and byb. The currency2code() function only returns one code, so you might not get back the code you expected.

SEE ALSO

Locale::Country

ISO codes for identification of country (ISO 3166).

Locale::Script

ISO codes for identification of written scripts (ISO 15924).

ISO 4217:1995

Code for the representation of currencies and funds.

http://www.bsi-global.com/iso4217currency

Official web page for the ISO 4217 maintenance agency. This has the latest list of codes, in MS Word format. Boo.

AUTHOR

Michael Hennecke <hennecke@rz.uni-karlsruhe.de> and Neil Bowers <neil@bowers.com>

COPYRIGHT

Copyright (C) 2002-2004, Neil Bowers.

Copyright (c) 2001 Michael Hennecke and Canon Research Centre Europe (CRE).

This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.