PT-2026-43159 · Perl+2 · Perl+2
Timothy Legge
·
Published
2026-04-24
·
Updated
2026-07-02
·
CVE-2026-8376
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Perl versions prior to 5.43.11
Description
A heap buffer overflow occurs on 32-bit builds when compiling regular expressions containing a repeated fixed string. The issue resides in the
Perl study chunk() function within regcomp study.c, which validates the size of the joined substring buffer using characters instead of bytes. When a quantified fixed substring has a large minimum count, the byte length calculation mincount * l can overflow SSize t, resulting in an undersized SvGROW allocation. This causes subsequent copy operations to write past the end of the buffer. An attacker can trigger this condition by providing a specially crafted regular expression for compilation.Recommendations
Update to version 5.43.11 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linuxmint
Perl
Ubuntu