Security Advisories (19)

CVE-2018-6797 (2018-04-17)

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.

CVE-2018-6913 (2018-04-17)

Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.

CVE-2020-12723 (2020-06-05)

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

CVE-2015-8608 (2017-02-07)

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.

CVE-2018-18314 (2018-12-07)

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-18313 (2018-12-07)

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

CVE-2018-18312 (2018-12-05)

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2015-8853 (2016-05-25)

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."

CVE-2023-47039 (2023-10-30)

Perl for Windows relies on the system path environment variable to find the shell (cmd.exe). When running an executable which uses Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. An attacker with limited privileges can exploit this behavior by placing cmd.exe in locations with weak permissions, such as C:\ProgramData. By doing so, when an administrator attempts to use this executable from these compromised locations, arbitrary code can be executed.

CVE-2023-47100

In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.

CVE-2025-40909 (2025-05-30)

Perl threads have a working directory race condition where file operations may target unintended paths. If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running. This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit. The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6

CVE-2016-1238 (2016-08-02)

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

CVE-2016-6185 (2016-08-02)

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.

CVE-2020-10878 (2020-06-05)

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

CVE-2020-10543 (2020-06-05)

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

CVE-2018-6798 (2018-04-17)

An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.

CVE-2018-18311 (2018-12-07)

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2017-12883 (2017-09-19)

Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\\N{U+...}' escape.

CVE-2017-12837 (2017-09-19)

Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\\N{}' escape and the case-insensitive modifier.

NAME

Scalar::Util - A selection of general-utility scalar subroutines

SYNOPSIS

use Scalar::Util qw(blessed dualvar isdual readonly refaddr reftype
                    tainted weaken isweak isvstring looks_like_number
                    set_prototype);
                    # and other useful utils appearing below

DESCRIPTION

Scalar::Util contains a selection of subroutines that people have expressed would be nice to have in the perl core, but the usage would not really be high enough to warrant the use of a keyword, and the size so small such that being individual extensions would be wasteful.

By default Scalar::Util does not export any subroutines.

FUNCTIONS FOR REFERENCES

The following functions all perform some useful activity on reference values.

blessed

my $pkg = blessed( $ref );

If $ref is a blessed reference the name of the package that it is blessed into is returned. Otherwise undef is returned.

$scalar = "foo";
$class  = blessed $scalar;           # undef

$ref    = [];
$class  = blessed $ref;              # undef

$obj    = bless [], "Foo";
$class  = blessed $obj;              # "Foo"

Take care when using this function simply as a truth test (such as in if(blessed $ref)...) because the package name "0" is defined yet false.

refaddr

my $addr = refaddr( $ref );

If $ref is reference the internal memory address of the referenced value is returned as a plain integer. Otherwise undef is returned.

$addr = refaddr "string";           # undef
$addr = refaddr \$var;              # eg 12345678
$addr = refaddr [];                 # eg 23456784

$obj  = bless {}, "Foo";
$addr = refaddr $obj;               # eg 88123488

reftype

my $type = reftype( $ref );

If $ref is a reference the basic Perl type of the variable referenced is returned as a plain string (such as ARRAY or HASH). Otherwise undef is returned.

$type = reftype "string";           # undef
$type = reftype \$var;              # SCALAR
$type = reftype [];                 # ARRAY

$obj  = bless {}, "Foo";
$type = reftype $obj;               # HASH

weaken

weaken( $ref );

The lvalue $ref will be turned into a weak reference. This means that it will not hold a reference count on the object it references. Also when the reference count on that object reaches zero, the reference will be set to undef. This function mutates the lvalue passed as its argument and returns no value.

This is useful for keeping copies of references, but you don't want to prevent the object being DESTROY-ed at its usual time.

{
  my $var;
  $ref = \$var;
  weaken($ref);                     # Make $ref a weak reference
}
# $ref is now undef

Note that if you take a copy of a scalar with a weakened reference, the copy will be a strong reference.

my $var;
my $foo = \$var;
weaken($foo);                       # Make $foo a weak reference
my $bar = $foo;                     # $bar is now a strong reference

This may be less obvious in other situations, such as grep(), for instance when grepping through a list of weakened references to objects that may have been destroyed already:

@object = grep { defined } @object;

This will indeed remove all references to destroyed objects, but the remaining references to objects will be strong, causing the remaining objects to never be destroyed because there is now always a strong reference to them in the @object array.

unweaken

unweaken( $ref );

Since version 1.36.

The lvalue REF will be turned from a weak reference back into a normal (strong) reference again. This function mutates the lvalue passed as its argument and returns no value. This undoes the action performed by "weaken".

This function is slightly neater and more convenient than the otherwise-equivalent code

my $tmp = $REF;
undef $REF;
$REF = $tmp;

(because in particular, simply assigning a weak reference back to itself does not work to unweaken it; $REF = $REF does not work).

isweak

my $weak = isweak( $ref );

Returns true if $ref is a weak reference.

$ref  = \$foo;
$weak = isweak($ref);               # false
weaken($ref);
$weak = isweak($ref);               # true

NOTE: Copying a weak reference creates a normal, strong, reference.

$copy = $ref;
$weak = isweak($copy);              # false

OTHER FUNCTIONS

dualvar

my $var = dualvar( $num, $string );

Returns a scalar that has the value $num in a numeric context and the value $string in a string context.

$foo = dualvar 10, "Hello";
$num = $foo + 2;                    # 12
$str = $foo . " world";             # Hello world

isdual

my $dual = isdual( $var );

Since version 1.26.

If $var is a scalar that has both numeric and string values, the result is true.

$foo = dualvar 86, "Nix";
$dual = isdual($foo);               # true

Note that a scalar can be made to have both string and numeric content through numeric operations:

$foo = "10";
$dual = isdual($foo);               # false
$bar = $foo + 0;
$dual = isdual($foo);               # true

Note that although $! appears to be dual-valued variable, it is actually implemented using a tied scalar:

$! = 1;
print("$!\n");                      # "Operation not permitted"
$dual = isdual($!);                 # false

You can capture its numeric and string content using:

$err = dualvar $!, $!;
$dual = isdual($err);               # true

isvstring

my $vstring = isvstring( $var );

If $var is a scalar which was coded as a vstring the result is true.

$vs   = v49.46.48;
$fmt  = isvstring($vs) ? "%vd" : "%s"; #true
printf($fmt,$vs);

looks_like_number

my $isnum = looks_like_number( $var );

Returns true if perl thinks $var is a number. See "looks_like_number" in perlapi.

openhandle

my $fh = openhandle( $fh );

Returns $fh itself if $fh may be used as a filehandle and is open, or is is a tied handle. Otherwise undef is returned.

$fh = openhandle(*STDIN);           # \*STDIN
$fh = openhandle(\*STDIN);          # \*STDIN
$fh = openhandle(*NOTOPEN);         # undef
$fh = openhandle("scalar");         # undef

readonly

my $ro = readonly( $var );

Returns true if $var is readonly.

sub foo { readonly($_[0]) }

$readonly = foo($bar);              # false
$readonly = foo(0);                 # true

set_prototype

my $code = set_prototype( $code, $prototype );

Sets the prototype of the function given by the $code reference, or deletes it if $prototype is undef. Returns the $code reference itself.

set_prototype \&foo, '$$';

tainted

my $t = tainted( $var );

Return true if $var is tainted.

$taint = tainted("constant");       # false
$taint = tainted($ENV{PWD});        # true if running under -T

DIAGNOSTICS

Module use may give one of the following errors during import.

Weak references are not implemented in the version of perl

The version of perl that you are using does not implement weak references, to use "isweak" or "weaken" you will need to use a newer release of perl.

Vstrings are not implemented in the version of perl

The version of perl that you are using does not implement Vstrings, to use "isvstring" you will need to use a newer release of perl.

NAME is only available with the XS version of Scalar::Util

Scalar::Util contains both perl and C implementations of many of its functions so that those without access to a C compiler may still use it. However some of the functions are only available when a C compiler was available to compile the XS version of the extension.

At present that list is: weaken, isweak, dualvar, isvstring, set_prototype

KNOWN BUGS

There is a bug in perl5.6.0 with UV's that are >= 1<<31. This will show up as tests 8 and 9 of dualvar.t failing

COPYRIGHT

Additionally "weaken" and "isweak" which are

Copyright (C) 2004, 2008 Matthijs van Duin. All rights reserved. Copyright (C) 2014 cPanel Inc. All rights reserved. This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

To install less, copy and paste the appropriate command in to your terminal.

cpanm

cpanm less

CPAN shell

perl -MCPAN -e shell
install less

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)