Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:7500

Опубликовано: 03 окт. 2025
Источник: rocky
Оценка: Important

Описание

Important: perl security update

Perl is a high-level programming language that is commonly used for system administration utilities and web programming.

Security Fix(es):

  • perl: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes (CVE-2024-56406)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 10

НаименованиеАрхитектураРелизRPM
perlx86_64512.1.el10_0perl-5.40.2-512.1.el10_0.x86_64.rpm
perl-Attribute-Handlersnoarch512.1.el10_0perl-Attribute-Handlers-1.03-512.1.el10_0.noarch.rpm
perl-AutoLoadernoarch512.1.el10_0perl-AutoLoader-5.74-512.1.el10_0.noarch.rpm
perl-AutoSplitnoarch512.1.el10_0perl-AutoSplit-5.74-512.1.el10_0.noarch.rpm
perl-autousenoarch512.1.el10_0perl-autouse-1.11-512.1.el10_0.noarch.rpm
perl-Bx86_64512.1.el10_0perl-B-1.89-512.1.el10_0.x86_64.rpm
perl-basenoarch512.1.el10_0perl-base-2.27-512.1.el10_0.noarch.rpm
perl-Benchmarknoarch512.1.el10_0perl-Benchmark-1.25-512.1.el10_0.noarch.rpm
perl-blibnoarch512.1.el10_0perl-blib-1.07-512.1.el10_0.noarch.rpm
perl-Class-Structnoarch512.1.el10_0perl-Class-Struct-0.68-512.1.el10_0.noarch.rpm

Показывать по

Связанные CVE

CVE-2024-56406

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2024-56406

CVSS3: 8.4
ubuntu
7 месяцев назад

A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`. $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;' Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.

redhat логотип

CVE-2024-56406

CVSS3: 7.3
redhat
7 месяцев назад

A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.    $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;'    Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.

nvd логотип

CVE-2024-56406

CVSS3: 8.4
nvd
7 месяцев назад

A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.    $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;'    Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.

msrc логотип

CVE-2024-56406

CVSS3: 8.6
msrc
7 месяцев назад

Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes

debian логотип

CVE-2024-56406

CVSS3: 8.4
debian
7 месяцев назад

A heap buffer overflow vulnerability was discovered in Perl. Release ...