PT-2026-60504 · Codechild · Html::Bare
CVE-2026-57073
·
Published
2026-07-16
·
Updated
2026-07-16
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
HTML::Bare versions through 0.04 for Perl have an unbounded character lookahead.
The parserc parse function attempts to check for multicharacter strings such as "<![CDATA" or element terminators such as ">" without checking that the offsets are within the buffer.
Truncated strings such as "<a/" can trigger an out-of-bounds read.
Note that the latest version available on CPAN is version 0.02. Newer versions are available on the git repository.
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Html::Bare