CVE-2026-57074
N/A
N/A
Summary
XML::Bare versions through 0.53 for Perl have an unbounded character lookahead.
The parserc_parse function attempts to check for multicharacter strings such as "<![CDATA" or element terminators such as ">" without checking that the offsets are within the buffer.
Truncated strings such as "<a/" can trigger an out-of-bounds read.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| CODECHILD | XML::Bare | 0 <= 0.53 | affected |
Weaknesses
- CWE-125: CWE-125 Out-of-bounds Read
Workarounds
Apply the patch.
ADP Enrichment
CVE Program Container
Additional References
References
- https://github.com/nanoscopic/perl-XML-Bare/pull/1
- https://security.metacpan.org/patches/X/XML-Bare/0.53/CVE-2026-57074-r1.patch
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.