threat
engine
.sh
Back
·
··:··
Home
/
Product
/
perl
Product
perl
67 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-4176
>= 5.9.4 and < 5.40.4
Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version
9.8
CRITICAL
CVE-2024-56406
>= 5.33.1 and < 5.38.4
A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including
8.4
HIGH
CVE-2023-47039
< 5.32.1
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variabl
7.8
HIGH
CVE-2023-47038
>= 5.30.0 and <= 5.38.0
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl,
7.0
HIGH
CVE-2022-48522
all versions
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privile
9.8
CRITICAL
CVE-2023-31486
< 5.38.0
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configurati
8.1
HIGH
CVE-2023-31484
< 5.38.0
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
8.1
HIGH
CVE-2020-16156
all versions
CPAN 2.28 allows Signature Verification Bypass.
7.8
HIGH
CVE-2019-20919
< 1.643
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the c
4.7
MEDIUM
CVE-2014-10402
<= 1.643
An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those s
6.1
MEDIUM
CVE-2020-14393
< 1.643
A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 charact
7.1
HIGH
CVE-2020-14392
< 1.643
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_lo
5.5
MEDIUM
CVE-2014-10401
< 1.632
An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those sp
6.1
MEDIUM
CVE-2013-7491
< 1.628
An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a n
5.3
MEDIUM
CVE-2013-7490
< 1.632
An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory
5.3
MEDIUM
CVE-2020-12723
< 5.30.3
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls
7.5
HIGH
CVE-2020-10878
< 5.30.3
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular
8.6
HIGH
CVE-2020-10543
< 5.30.3
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an i
8.2
HIGH
CVE-2018-18314
< 5.26.3
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
9.8
CRITICAL
CVE-2018-18313
< 5.26.3
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from
9.1
CRITICAL
CVE-2018-18311
< 5.26.3
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write ope
9.8
CRITICAL
CVE-2018-18312
< 5.26.3
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write ope
9.8
CRITICAL
CVE-2018-12015
<= 5.26.2
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and
7.5
HIGH
CVE-2018-6913
< 5.26.2
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code
9.8
CRITICAL
CVE-2018-6798
>= 5.22 and <= 5.26
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based b
7.5
HIGH
CVE-2018-6797
>= 5.18 and <= 5.26
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with contr
9.8
CRITICAL
CVE-2017-12814
<= 5.24.2
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC
9.8
CRITICAL
CVE-2017-12883
<= 5.24.2
Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remot
9.1
CRITICAL
CVE-2017-12837
<= 5.24.2
Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows
7.5
HIGH
CVE-2015-8608
all versions
The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds re
9.8
CRITICAL
CVE-2016-6185
>= 5.23.0 and < 5.24.1
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow l
7.8
HIGH
CVE-2016-1238
all versions
(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (
7.8
HIGH
CVE-2015-8853
<= 5.23.9
The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent atta
7.5
HIGH
CVE-2016-2381
< 5.23.9
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment
7.5
HIGH
CVE-2013-7422
all versions
Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-depend
CVE-2013-7329
<= 4.50
The CGI::Application module before 4.50_50 and 4.50_51 for Perl, when run modes are not specified, allows remote attackers to obta
CVE-2014-4330
<= 5.20.1
The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a
CVE-2010-4777
all versions
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled,
CVE-2013-1667
all versions
The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumpt
CVE-2012-6329
<= 5.16.2
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backsla
CVE-2011-2728
<= 5.14.1
The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of serv
CVE-2012-5195
all versions
Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x
CVE-2012-1151
<= 2.18.1
Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow r
CVE-2011-2939
<= 5.14.2
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6,
CVE-2011-0761
all versions
Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by le
CVE-2011-1487
all versions
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5
CVE-2010-1158
all versions
Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (s
CVE-2009-3626
all versions
Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large
CVE-2008-5303
all versions
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to delete arbitrar
CVE-2008-5302
all versions
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users t
CVE-2008-2827
all versions
The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows l
CVE-2008-1927
all versions
Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and cra
CVE-2007-5116
all versions
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependen
CVE-2005-4278
<= 5.8.6
Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privil
CVE-2005-3962
all versions
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite
CVE-2005-0448
all versions
Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries
CVE-2005-0155
all versions
The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files
CVE-2004-0976
all versions
Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to ove
CVE-2005-0156
all versions
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to exec
CVE-2004-2286
all versions
Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possib
CVE-2004-0452
all versions
Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world,
CVE-2004-0377
<= 5.8.3
Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or
CVE-2003-1365
all versions
The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does not correctly remove special characters including (1) "\" (b
CVE-2003-0900
all versions
Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attacke
CVE-2000-0703
all versions
suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which al
CVE-1999-1386
<= 5.004_04
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary
5.5
MEDIUM
CVE-1999-0034
all versions
Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin