PT-2026-56275 · Cpan · String::Util

Scott Baker

·

Published

2026-07-07

·

Updated

2026-07-08

·

CVE-2026-14895

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions String::Util versions prior to 1.36
Description String::Util for Perl is susceptible to a regular expression denial of service. The trim() and rtrim() functions use a regular expression to strip trailing whitespace. Because the s* pattern matches greedily and the $ anchor fails when a non-whitespace character follows the whitespace, the regex engine performs quadratic backtracking on long whitespace runs. An attacker providing untrusted input containing a long sequence of whitespace to these functions can cause CPU exhaustion.
Recommendations Update String::Util to version 1.36 or later. As a temporary workaround, restrict the use of the trim() and rtrim() functions when processing untrusted input.

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-14895

Affected Products

String::Util