Published: 13/04/2025 Updated: 15/04/2025

Heap Buffer Overflow in Perl Versions 5.33.1-5.41.10 via Transcription Operator

A heap buffer overflow vulnerability exists in Perl versions 5.34, 5.36, 5.38, 5.40, and development versions from 5.33.1 through 5.41.10. The issue occurs in the `S_do_trans_invmap` function when non-ASCII bytes are present in the left-hand-side of the `tr` operator, causing an overflow of the destination pointer `d`. A proof-of-concept demonstrates the vulnerability by creating a large string with a specific byte and performing a translation, which results in a segmentation fault. Researchers believe this vulnerability could potentially enable Denial of Service and possibly Code Execution attacks on vulnerable systems with insufficient protections.

======================================================================== CVE-2024-56406 CPAN Security Group ======================================================================== CVE ID: CVE-2024-56406 Distribution: perl Versions: from 5400 until 5402 from 5380 until ...

On 2025-04-13 16:47, Solar Designer wrote: [] Hi Alexander, Thank you for the feedback We only considered release branches for the affected versions To fix this, the CVE record has been updated to take into account development versions and release candidates: Versions: from 5410 through 54110 from 5390 before ...

Hi Stig, Thank you for handling this disclosure so well! On Sun, Apr 13, 2025 at 03:23:25PM +0200, Stig Palmquist wrote: Running this command on distro packages based on 5321 (like in EL9) does not segfault (produces no output), which is as expected for a version that didn't yet have the bug (and assuming no bug backport) As it was mentio ...

A compatibility-aware updater for Ubuntu systems. Uses LLMs to evaluate update safety and automate low-risk upgrades.

Wachturm Wachturm is an intelligent update manager for Ubuntu systems It uses a Large Language Model (LLM) to evaluate the compatibility risk of applying system package updates — prioritising system stability and operational continuity 🔍 What It Does Wachturm determines whether it's safe to apply system updates automatically based on changelog analysis It focu

Cloud, Automation & Security Assignment This project implements a complete solution for the technical home assignment, covering AWS/Kubernetes setup, DevOps automation, and security operations Overview The solution consists of: A Flask web application deployed to Kubernetes (EKS) An EC2 instance that: Runs Docker Uses a Python script to scan Docker images with Grype

CWE-122 CWE-787 https://nvd.nist.gov https://github.com/httpoz/wachturm https://seclists.org/oss-sec/2025/q2/48 https://www.first.org/epss https://github.com/Perl/perl5/commit/87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd.patch https://metacpan.org/release/SHAY/perl-5.38.4/changes https://metacpan.org/release/SHAY/perl-5.40.2/changes http://www.openwall.com/lists/oss-security/2025/04/13/3 http://www.openwall.com/lists/oss-security/2025/04/13/4 http://www.openwall.com/lists/oss-security/2025/04/13/5

CVE-2024-56406

Vulnerability Summary

Vulnerability Trend

Mailing Lists

Github Repositories

References

Vulmon Search

About

Products

Connect