A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. The vulnerability manifests when non-ASCII bytes are present in the left-hand-side of the `tr` operator, causing `S_do_trans_invmap` to overflow the destination pointer `d`. This situation can lead to a segmentation fault, which can be demonstrated with the following command: $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;' It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.
The severity of this vulnerability is rated high, with a CVSS score of 8.4. Organizations should prioritize patching immediately to mitigate potential risks associated with this vulnerability.
As of now, there are no known exploits publicly available for this vulnerability, and it has not been classified as actively exploited in the wild. However, its high vulnerability score and potential impact on system integrity and availability necessitate immediate attention from security teams.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)