pkg:Debian/perl
104 total CVEsCRITICAL17HIGH30MEDIUM5LOW1
✅ Check your installed version
All known vulnerabilities
- from 0, < 5.28.0-3
- CRITICAL9.8CVE-2026-8376Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds.from 0
- CRITICAL9.8CVE-2026-4176Perl versions from 5.9.4 before 5.40.4-RC1, from 5.41.0 before 5.42.2-RC1, from 5.43.0 before 5.43.9 contain a vulnerable version of Compre…from 0, < 5.10.0-21
- CRITICAL9.8CVE-2022-48522In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escala…from 0, < 5.36.0-4
- CRITICAL9.8CVE-2013-1437Eval injection vulnerability in the Module-Metadata module before 1.000015 for Perl allows remote attackers to execute arbitrary Perl code…from 0, < 5.18.1-2
- CRITICAL9.8CVE-2018-18314Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.from 0, < 5.28.0-3
- from 0, < 5.24.1-3+deb9u5
- from 0, < 5.20.2-3+deb8u12
- from 0, < 5.28.1-1
- CRITICAL9.8CVE-2018-18312Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.from 0, < 5.28.1-1
- from 0, < 5.20.2-3+deb8u10
- from 0, < 5.14.2-21+deb7u6
- from 0, < 5.26.1-6
- from 0, < 5.26.1-6
- CRITICAL9.1CVE-2026-42496Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory.from 0
- CRITICAL9.1CVE-2018-18313Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process m…from 0, < 5.28.0-3
- CRITICAL9.1CVE-2017-12883Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attacke…from 0, < 5.26.0-8
- HIGH8.6CVE-2020-10878Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation.from 0, < 5.30.3-1
- from 0, < 5.36.0-7+deb12u2
- from 0, < 5.36.0-7+deb12u2
- HIGH8.2CVE-2020-10543Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer ov…from 0, < 5.30.3-1
- HIGH8.1CVE-2023-31486HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where…from 0
- HIGH8.1CVE-2023-31484CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.from 0, < 5.32.1-4+deb11u4
- from 0, < 5.32.1-4+deb11u3
- from 0, < 5.32.1-4+deb11u4
- from 0, < 5.32.1-4+deb11u4
- HIGH7.8CVE-2021-36770Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in…from 0, < 5.32.1-4+deb11u1
- HIGH7.8CVE-2016-6185The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local user…from 0, < 5.22.2-2
- from 0, < 5.22.2-3
- from 0, < 5.20.2-3+deb8u6
- from 0, < 5.14.2-21+deb7u4
- HIGH7.5CVE-2026-48959IO::Uncompress::Unzip versions before 2.220 for Perl allow CPU exhaustion via per-byte read loop in fastForward.from 0
- HIGH7.5CVE-2026-9538Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header.from 0
- HIGH7.5CVE-2026-42497Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory.from 0
- HIGH7.5CVE-2020-12723regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.from 0, < 5.30.3-1
- from 0, < 5.26.2-6
- from 0, < 5.20.2-3+deb8u11
- from 0, < 5.26.1-6
- from 0, < 5.20.2-3+deb8u9
- from 0, < 5.26.0-8
- HIGH7.5CVE-2015-8853The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to…from 0, < 5.22.1-1
- from 0, < 5.14.2-21+deb7u3
- from 0, < 5.22.1-8
- HIGH7.3CVE-2026-48962IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob.from 0
- HIGH7.3CVE-2026-48961IO::Compress versions from 2.207 before 2.220 for Perl ship a zipdetails CLI tool that crashes with undefined subroutine on Info-ZIP Unix E…from 0
- from 0, < 5.22.1-4
- from 0, < 5.20.2-3+deb8u2
- MEDIUM5.9CVE-2025-40909Perl threads have a working directory race condition where file operations may target unintended paths.from 0, < 5.32.1-4+deb11u5
- from 0, < 5.14.2-21+deb7u5
- from 0, < 5.20.2-3+deb8u7
- from 0, < 5.24.1-3
- MEDIUM5.5CVE-2025-15649IO::Uncompress::Unzip versions before 2.215 for Perl propagate uncaught exception when parsing zip header with malformed DOS date.from 0
- from 0
- —CVE-2013-7422Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attac…from 0, < 5.20.0-1
- —CVE-2014-4330The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of…from 0, < 5.20.1-1
- —CVE-2010-4777The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows c…from 0, < 5.20.1-1
- from 0, < 5.14.2-19
- from 0, < 5.10.1-17squeeze6
- —CVE-2012-6329The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and…from 0, < 5.14.2-16
- —CVE-2011-2728The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (cras…from 0, < 5.14.2-1
- from 0, < 5.14.2-14
- from 0, < 5.10.1-17squeeze4
- from 0, < 5.14.2-16
- —CVE-2011-3597Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via…from 0, < 5.12.4-6
- —CVE-2011-2939Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might all…from 0, < 5.12.4-4
- —CVE-2011-0761Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging…from 0, < 5.12.0-1
- from 0, < 5.10.0-19lenny4
- from 0, < 5.10.1-20
- —CVE-2010-4411Unspecified vulnerability in CGI.pm 3.50 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response spl…from 0, < 5.10.1-17
- —CVE-2010-4410CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows rem…from 0, < 5.10.1-17
- —CVE-2010-2761The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME…from 0, < 5.10.1-17
- —CVE-2010-1168The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo…from 0, < 5.10.1-13
- from 0, < 5.12.3-1
- from 0, < 5.10.0-19lenny5
- —CVE-2009-3626Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid…from 0, < 5.10.1-6
- —CVE-2009-1391Off-by-one error in the inflate function in Zlib.xs in Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, SpamAssassin, and p…from 0, < 5.10.0-23
- —CVE-2008-5303Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files v…from 0, < 5.10.0-18
- —CVE-2008-5302Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create…from 0, < 5.10.0-18
- from 0, < 5.10.0-10+lenny1
- from 0, < 5.10.0-11
- from 0, < 5.10.0-1
- from 0, < 5.8.8-7etch3
- from 0, < 5.8.8-11.1+lenny1
- from 0, < 5.8.8-12
- from 0, < 5.8.4-8sarge6
- —CVE-2007-4829Directory traversal vulnerability in the Archive::Tar Perl module 1.36 and earlier allows user-assisted remote attackers to overwrite arbit…from 0, < 5.10.0-19
- from 0, < 5.8.7-9
- from 0, < 5.8.4-8sarge3
- from 0, < 5.6.1-8.9
- from 0, < 5.8.4-7
- —CVE-2005-0155The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the P…from 0, < 5.8.4-6
- —CVE-2004-0976Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite fi…from 0, < 5.8.4-4
- —CVE-2005-0156Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbit…from 0, < 5.8.4-6
- from 0, < 5.8.8-7etch5
- from 0, < 5.8.4-5
- from 0, < 5.6.1-8.8
- from 0, < 5.6.1-8.6
- from 0, < 5.8.3-3
- —CVE-2003-0900Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to pre…from 0, < 5.8.2
- from 0, < 5.8.0-19
- from 0, < 5.6.1-8.3
- from 0, < 5.6.1-8.2
- from 0, < 5.8.0-14
- —CVE-2002-0703An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could produce incorrect MD5 checksums for UTF-8 data, which could pre…from 0, < 5.8.0-7