Nathan Mills

**Name of the Vulnerable Software and Affected Versions** Vim versions 9.1.0011 through 9.2.0136 **Description** Vim, a command line text editor, has an issue where its NFA regex compiler can experience a segmentation fault. This occurs when the compiler encounters a character range containing a combining character as the endpoint (for example, [0-0u05bb]). The compiler incorrectly processes the composing bytes of the character, corrupting the NFA postfix stack and leading to a NULL pointer dereference in the `nfa max width()` function when estimating match width for look-behind assertions. This dereference happens without a NULL check, causing the segmentation fault. **Recommendations** Update Vim to version 9.2.0137 or later.

**Name of the Vulnerable Software and Affected Versions** Perl versions 5.33.1 through 5.41.10 Perl versions 5.34, 5.36, 5.38, and 5.40 **Description** A heap buffer overflow vulnerability was discovered in Perl. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S do trans invmap` can overflow the destination pointer `d`. This vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses. It is estimated that over 1.4 million services may be affected. **Recommendations** For Perl versions 5.33.1 through 5.41.10, update to a version that includes the fix, such as 5.40.2 or 5.38.4. For Perl versions 5.34, 5.36, 5.38, and 5.40, update to a version that includes the fix, such as 5.40.2 or 5.38.4. As a temporary workaround, consider disabling the `tr` operator or restricting its use until a patch is available. Restrict access to the `S do trans invmap` function to minimize the risk of exploitation. Avoid using non-ASCII bytes in the left-hand-side of the `tr` operator until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** perl versions 5.30.0 through 5.38.0 **Description** The issue is related to a buffer overflow in dynamic memory due to improper handling of crafted regular expressions. This can allow a remote attacker to control the buffer overflow, potentially leading to a denial of service or execution of arbitrary code. The vulnerability occurs when perl compiles a manipulated regular expression, enabling an attacker to control the byte buffer overflow in a heap-allocated buffer. **Recommendations** For perl versions 5.30.0 through 5.38.0, update to a version that contains a fix for this issue. As a temporary workaround, consider restricting the use of crafted regular expressions until a patch is available. Avoid using specially crafted regular expression inputs that could exploit this vulnerability to write to unallocated space. At the moment, there is no information about a newer version that contains a fix for this vulnerability.