PT-2026-57822 · Perl · Perl
Published
2026-07-13
·
Updated
2026-07-14
·
CVE-2026-13221
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Perl versions prior to 5.44
Description
Incorrect regular expression matches occur when an alternation of more than 65535 fixed string branches is compiled into a trie in
Perl study chunk. A trie is a specialized tree-like data structure used for efficient retrieval of keys. In this case, the delta between the first branch and the shared tail is stored in a 16-bit field; when the branch count exceeds 65535, this field overflows, causing the match decision table to be truncated without warning. This leads to false positive matches and false negative matches, which can result in incorrect access or filtering decisions.Recommendations
Update to a version later than 5.43.9.
Fix
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Perl