Componentpedia / Listings / perl / 5.29.4

Last update: 04/06/2025

perl

🐪 The Perl programming language

Version: 5.29.4 registry icon
Safety score
-190
Check your open source dependency risks. Get immediate insight about security, stability and licensing risks.
De-risk your app now
Security Risks of Known Vulnerabilities
CVE-2021-23885
Threat level: HIGH | CVSS score: 8.8

Privilege escalation vulnerability in McAfee Web Gateway (MWG) prior to 9.2.8 allows an authenticated user to gain elevated privileges through the User Interface and execute commands on the appliance via incorrect improper neutralization of user input in the troubleshooting page.


CVE-2020-10543
CWE-787
Threat level: HIGH | CVSS score: 8.2

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.


CVE-2020-12723
CWE-120
Threat level: HIGH | CVSS score: 7.5

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.


CVE-2017-1000366
CWE-119
Threat level: HIGH | CVSS score: 7.8

glibc contains a vulnerability that allows specially crafted LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias, potentially resulting in arbitrary code execution. Please note that additional hardening changes have been made to glibc to prevent manipulation of stack and heap memory but these issues are not directly exploitable, as such they have not been given a CVE. This affects glibc 2.25 and earlier.


CVE-2019-6454
CWE-787
Threat level: MEDIUM | CVSS score: 5.5

An issue was discovered in sd-bus in systemd 239. bus_process_object() in libsystemd/sd-bus/bus-objects.c allocates a variable-length stack buffer for temporarily storing the object path of incoming D-Bus messages. An unprivileged local user can exploit this by sending a specially crafted message to PID1, causing the stack pointer to jump over the stack guard pages into an unmapped memory region and trigger a denial of service (systemd PID1 crash and kernel panic).


CVE-2020-10878
CWE-190
Threat level: HIGH | CVSS score: 8.6

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.


CVE-2016-1762
CWE-119
Threat level: HIGH | CVSS score: 8.1

The xmlNextChar function in libxml2 before 2.9.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted XML document.


CVE-2023-31484
CWE-295
Threat level: HIGH | CVSS score: 8.1

CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.


CVE-2016-4448
CWE-134
Threat level: CRITICAL | CVSS score: 9.8

Format string vulnerability in libxml2 before 2.9.4 allows attackers to have unspecified impact via format string specifiers in unknown vectors.


Please note that this component is affected by 4 other vulnerabilities
1 Critical  |  1 High  |  2 Medium  |  0 Low  |  1 Suggest

All versions of this component are vulnerable.

Scan your application codebase with Meterian to see all known vulnerabilities in your open source software dependencies.


Stability

Stay updated with the latest patches and releases. Plan your sofware desisgn. Avoid common known vulnerabilities fixed by the open source community

Latest patch release:   5.29.10

Latest minor release:   5.41.13

Latest major release:   --

Licensing

Maintain your licence declarations and avoid unwanted licences to protect your IP the way you intended.

Artistic-1.0   -   Artistic License 1.0

Not a wildcard

Not proprietary

OSI Compliant

GPL-1.0-or-later   -   GNU General Public License v1.0 or later

Not a wildcard

Not proprietary

OSI Compliant