PT-2026-57823 · Perl · Perl

Published

2026-07-13

·

Updated

2026-07-13

·

CVE-2026-57432

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions Perl versions prior to 5.43.11
Description An integer overflow exists in the S measure struct() function. This occurs because the function calculates the total size by adding each item's size multiplied by its repeat count without performing an overflow check. A large repeat count in a pack or unpack template can cause the signed SSize t total to wrap to a negative value. Consequently, the @, X, and x position codes use a signed length comparison that allows the buffer pointer to advance out of bounds. If a template is derived from untrusted input, this can result in an out-of-bounds heap read, allowing memory to be read past the buffer and returned to the caller.
Recommendations Update Perl to version 5.43.11 or later.

Out of bounds Read

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-57432

Affected Products

Perl