vulnerability
Red Hat: CVE-2024-56406: perl: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:L/AC:L/Au:N/C:P/I:P/A:C) | Apr 13, 2025 | Jul 9, 2025 | Jan 27, 2026 |
Severity
6
CVSS
(AV:L/AC:L/Au:N/C:P/I:P/A:C)
Published
Apr 13, 2025
Added
Jul 9, 2025
Modified
Jan 27, 2026
Description
A heap buffer overflow vulnerability was discovered in Perl.
Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10.
When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.
$ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;'
Segmentation fault (core dumped)
It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.
Solutions
no-fix-redhat-rpm-packageredhat-upgrade-perlredhat-upgrade-perl-attribute-handlersredhat-upgrade-perl-autoloaderredhat-upgrade-perl-autosplitredhat-upgrade-perl-autouseredhat-upgrade-perl-bredhat-upgrade-perl-b-debuginforedhat-upgrade-perl-baseredhat-upgrade-perl-benchmarkredhat-upgrade-perl-blibredhat-upgrade-perl-class-structredhat-upgrade-perl-config-extensionsredhat-upgrade-perl-dbm_filterredhat-upgrade-perl-debuggerredhat-upgrade-perl-debuginforedhat-upgrade-perl-debugsourceredhat-upgrade-perl-deprecateredhat-upgrade-perl-develredhat-upgrade-perl-devel-peekredhat-upgrade-perl-devel-peek-debuginforedhat-upgrade-perl-devel-selfstubberredhat-upgrade-perl-diagnosticsredhat-upgrade-perl-dirhandleredhat-upgrade-perl-docredhat-upgrade-perl-dumpvalueredhat-upgrade-perl-dynaloaderredhat-upgrade-perl-encoding-warningsredhat-upgrade-perl-englishredhat-upgrade-perl-errnoredhat-upgrade-perl-extutils-constantredhat-upgrade-perl-extutils-embedredhat-upgrade-perl-extutils-miniperlredhat-upgrade-perl-fcntlredhat-upgrade-perl-fcntl-debuginforedhat-upgrade-perl-fieldsredhat-upgrade-perl-file-basenameredhat-upgrade-perl-file-compareredhat-upgrade-perl-file-copyredhat-upgrade-perl-file-dosglobredhat-upgrade-perl-file-dosglob-debuginforedhat-upgrade-perl-file-findredhat-upgrade-perl-file-statredhat-upgrade-perl-filecacheredhat-upgrade-perl-filehandleredhat-upgrade-perl-filetestredhat-upgrade-perl-findbinredhat-upgrade-perl-gdbm_fileredhat-upgrade-perl-gdbm_file-debuginforedhat-upgrade-perl-getopt-stdredhat-upgrade-perl-hash-utilredhat-upgrade-perl-hash-util-debuginforedhat-upgrade-perl-hash-util-fieldhashredhat-upgrade-perl-hash-util-fieldhash-debuginforedhat-upgrade-perl-i18n-collateredhat-upgrade-perl-i18n-langinforedhat-upgrade-perl-i18n-langinfo-debuginforedhat-upgrade-perl-i18n-langtagsredhat-upgrade-perl-ifredhat-upgrade-perl-interpreterredhat-upgrade-perl-interpreter-debuginforedhat-upgrade-perl-ioredhat-upgrade-perl-io-debuginforedhat-upgrade-perl-ipc-open3redhat-upgrade-perl-lessredhat-upgrade-perl-libredhat-upgrade-perl-libnetcfgredhat-upgrade-perl-libsredhat-upgrade-perl-libs-debuginforedhat-upgrade-perl-localeredhat-upgrade-perl-locale-maketext-simpleredhat-upgrade-perl-macrosredhat-upgrade-perl-math-complexredhat-upgrade-perl-memoizeredhat-upgrade-perl-meta-notationredhat-upgrade-perl-module-loadedredhat-upgrade-perl-mroredhat-upgrade-perl-mro-debuginforedhat-upgrade-perl-ndbm_fileredhat-upgrade-perl-ndbm_file-debuginforedhat-upgrade-perl-netredhat-upgrade-perl-nextredhat-upgrade-perl-odbm_fileredhat-upgrade-perl-odbm_file-debuginforedhat-upgrade-perl-opcoderedhat-upgrade-perl-opcode-debuginforedhat-upgrade-perl-openredhat-upgrade-perl-overloadredhat-upgrade-perl-overloadingredhat-upgrade-perl-phredhat-upgrade-perl-pod-functionsredhat-upgrade-perl-pod-htmlredhat-upgrade-perl-posixredhat-upgrade-perl-posix-debuginforedhat-upgrade-perl-saferedhat-upgrade-perl-search-dictredhat-upgrade-perl-selectsaverredhat-upgrade-perl-selfloaderredhat-upgrade-perl-sigtrapredhat-upgrade-perl-sortredhat-upgrade-perl-subsredhat-upgrade-perl-symbolredhat-upgrade-perl-sys-hostnameredhat-upgrade-perl-sys-hostname-debuginforedhat-upgrade-perl-term-completeredhat-upgrade-perl-term-readlineredhat-upgrade-perl-testredhat-upgrade-perl-text-abbrevredhat-upgrade-perl-threadredhat-upgrade-perl-thread-semaphoreredhat-upgrade-perl-tieredhat-upgrade-perl-tie-fileredhat-upgrade-perl-tie-memoizeredhat-upgrade-perl-timeredhat-upgrade-perl-time-pieceredhat-upgrade-perl-time-piece-debuginforedhat-upgrade-perl-unicode-ucdredhat-upgrade-perl-user-pwentredhat-upgrade-perl-utilsredhat-upgrade-perl-varsredhat-upgrade-perl-vmsish
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.