PT-2026-57823 · Perl · Perl
Published
2026-07-13
·
Updated
2026-07-13
·
CVE-2026-57432
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
Perl versions prior to 5.43.11
Description
An integer overflow exists in the
S measure struct() function. This occurs because the function calculates the total size by adding each item's size multiplied by its repeat count without performing an overflow check. A large repeat count in a pack or unpack template can cause the signed SSize t total to wrap to a negative value. Consequently, the @, X, and x position codes use a signed length comparison that allows the buffer pointer to advance out of bounds. If a template is derived from untrusted input, this can result in an out-of-bounds heap read, allowing memory to be read past the buffer and returned to the caller.Recommendations
Update Perl to version 5.43.11 or later.
Out of bounds Read
Integer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Perl