CVE-2026-57432
N/A
N/A
Summary
Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack.
S_measure_struct adds each item's size times its repeat count to a running total with no overflow check, so a large repeat count in a pack or unpack template wraps the signed SSize_t total negative. The @, X, and x position codes then guard their moves with a signed length comparison that passes when the length is negative, advancing the buffer pointer out of bounds.
A template derived from untrusted input can read heap memory past the buffer and return it to the caller.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SHAY | perl | 0 <= 5.43.10 | affected |
Weaknesses
- CWE-190: CWE-190 Integer Overflow or Wraparound
- CWE-125: CWE-125 Out-of-bounds Read
ADP Enrichment
CVE Program Container
Additional References
References
- https://github.com/Perl/perl5/commit/5f7eb6bbbe0510964e3fb1d6bb691e5445913e55.patch
- https://github.com/Perl/perl5/commit/40754edc72dd3e513d758153c0e2f0215897740e.patch
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.