PT-2026-60504 · Codechild · Html::Bare

CVE-2026-57073

·

Published

2026-07-16

·

Updated

2026-07-16

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
HTML::Bare versions through 0.04 for Perl have an unbounded character lookahead.
The parserc parse function attempts to check for multicharacter strings such as "<![CDATA" or element terminators such as ">" without checking that the offsets are within the buffer.
Truncated strings such as "<a/" can trigger an out-of-bounds read.
Note that the latest version available on CPAN is version 0.02. Newer versions are available on the git repository.

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-57073

Affected Products

Html::Bare