CVE-2024-56406

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-56406

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-56406.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-56406

Related

Published

2025-04-13T14:15:14Z

Modified

2025-04-18T18:52:51.483915Z

Summary

[none]

Details

A heap buffer overflow vulnerability was discovered in Perl.

Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10.

When there are non-ASCII bytes in the left-hand-side of the tr operator, S_do_trans_invmap can overflow the destination pointer d.

$ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;' Segmentation fault (core dumped)

It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.

References

Affected packages

Alpine:v3.18 / perl

Package

Name: perl
Purl: pkg:apk/alpine/perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.36.2-r1

Affected versions

5.*

5.10.0-r0

5.10.0-r1

5.10.1-r0

5.10.1-r1

5.10.1-r2

5.12.1-r0

5.12.2-r0

5.12.2-r1

5.12.3-r0

5.14.0-r0

5.14.1-r0

5.14.2-r0

5.14.2-r1

5.16.0-r0

5.16.1-r0

5.16.2-r0

5.16.3-r0

5.18.0-r0

5.18.1-r0

5.18.2-r0

5.20.0-r0

5.20.1-r0

5.20.2-r0

5.20.2-r1

5.22.0-r0

5.22.1-r0

5.22.2-r0

5.24.0-r0

5.24.0-r1

5.24.0-r2

5.24.1-r0

5.24.1-r1

5.24.1-r2

5.26.0-r0

5.26.1-r0

5.26.1-r1

5.26.2-r0

5.26.2-r1

5.26.3-r0

5.28.1-r0

5.28.2-r0

5.28.2-r1

5.30.0-r0

5.30.0-r1

5.30.0-r2

5.30.1-r0

5.30.2-r0

5.30.3-r0

5.30.3-r1

5.30.3-r2

5.32.0-r0

5.32.1-r0

5.34.0-r0

5.34.0-r1

5.34.1-r0

5.36.0-r0

5.36.0-r1

5.36.0-r2

5.36.0-r3

5.36.1-r0

5.36.1-r1

5.36.1-r2

5.36.2-r0

Alpine:v3.19 / perl

Package

Name: perl
Purl: pkg:apk/alpine/perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.38.3-r1

Affected versions

5.*

5.10.0-r0

5.10.0-r1

5.10.1-r0

5.10.1-r1

5.10.1-r2

5.12.1-r0

5.12.2-r0

5.12.2-r1

5.12.3-r0

5.14.0-r0

5.14.1-r0

5.14.2-r0

5.14.2-r1

5.16.0-r0

5.16.1-r0

5.16.2-r0

5.16.3-r0

5.18.0-r0

5.18.1-r0

5.18.2-r0

5.20.0-r0

5.20.1-r0

5.20.2-r0

5.20.2-r1

5.22.0-r0

5.22.1-r0

5.22.2-r0

5.24.0-r0

5.24.0-r1

5.24.0-r2

5.24.1-r0

5.24.1-r1

5.24.1-r2

5.26.0-r0

5.26.1-r0

5.26.1-r1

5.26.2-r0

5.26.2-r1

5.26.3-r0

5.28.1-r0

5.28.2-r0

5.28.2-r1

5.30.0-r0

5.30.0-r1

5.30.0-r2

5.30.1-r0

5.30.2-r0

5.30.3-r0

5.30.3-r1

5.30.3-r2

5.32.0-r0

5.32.1-r0

5.34.0-r0

5.34.0-r1

5.34.1-r0

5.36.0-r0

5.36.0-r1

5.36.0-r2

5.36.0-r3

5.36.1-r0

5.36.1-r1

5.36.1-r2

5.36.1-r3

5.38.0-r0

5.38.1-r0

5.38.2-r0

5.38.3-r0

Alpine:v3.20 / perl

Package

Name: perl
Purl: pkg:apk/alpine/perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.38.3-r1

Affected versions

5.*

5.10.0-r0

5.10.0-r1

5.10.1-r0

5.10.1-r1

5.10.1-r2

5.12.1-r0

5.12.2-r0

5.12.2-r1

5.12.3-r0

5.14.0-r0

5.14.1-r0

5.14.2-r0

5.14.2-r1

5.16.0-r0

5.16.1-r0

5.16.2-r0

5.16.3-r0

5.18.0-r0

5.18.1-r0

5.18.2-r0

5.20.0-r0

5.20.1-r0

5.20.2-r0

5.20.2-r1

5.22.0-r0

5.22.1-r0

5.22.2-r0

5.24.0-r0

5.24.0-r1

5.24.0-r2

5.24.1-r0

5.24.1-r1

5.24.1-r2

5.26.0-r0

5.26.1-r0

5.26.1-r1

5.26.2-r0

5.26.2-r1

5.26.3-r0

5.28.1-r0

5.28.2-r0

5.28.2-r1

5.30.0-r0

5.30.0-r1

5.30.0-r2

5.30.1-r0

5.30.2-r0

5.30.3-r0

5.30.3-r1

5.30.3-r2

5.32.0-r0

5.32.1-r0

5.34.0-r0

5.34.0-r1

5.34.1-r0

5.36.0-r0

5.36.0-r1

5.36.0-r2

5.36.0-r3

5.36.1-r0

5.36.1-r1

5.36.1-r2

5.36.1-r3

5.38.0-r0

5.38.1-r0

5.38.2-r0

5.38.3-r0

Alpine:v3.21 / perl

Package

Name: perl
Purl: pkg:apk/alpine/perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.40.1-r1

Affected versions

5.*

5.10.0-r0

5.10.0-r1

5.10.1-r0

5.10.1-r1

5.10.1-r2

5.12.1-r0

5.12.2-r0

5.12.2-r1

5.12.3-r0

5.14.0-r0

5.14.1-r0

5.14.2-r0

5.14.2-r1

5.16.0-r0

5.16.1-r0

5.16.2-r0

5.16.3-r0

5.18.0-r0

5.18.1-r0

5.18.2-r0

5.20.0-r0

5.20.1-r0

5.20.2-r0

5.20.2-r1

5.22.0-r0

5.22.1-r0

5.22.2-r0

5.24.0-r0

5.24.0-r1

5.24.0-r2

5.24.1-r0

5.24.1-r1

5.24.1-r2

5.26.0-r0

5.26.1-r0

5.26.1-r1

5.26.2-r0

5.26.2-r1

5.26.3-r0

5.28.1-r0

5.28.2-r0

5.28.2-r1

5.30.0-r0

5.30.0-r1

5.30.0-r2

5.30.1-r0

5.30.2-r0

5.30.3-r0

5.30.3-r1

5.30.3-r2

5.32.0-r0

5.32.1-r0

5.34.0-r0

5.34.0-r1

5.34.1-r0

5.36.0-r0

5.36.0-r1

5.36.0-r2

5.36.0-r3

5.36.1-r0

5.36.1-r1

5.36.1-r2

5.36.1-r3

5.38.0-r0

5.38.1-r0

5.38.2-r0

5.40.0-r0

5.40.0-r1

5.40.0-r2

5.40.0-r3

5.40.1-r0

Debian:12 / perl

Package

Name: perl
Purl: pkg:deb/debian/perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.36.0-7+deb12u2

Affected versions

5.*

5.36.0-7

5.36.0-7+deb12u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / perl

Package

Name: perl
Purl: pkg:deb/debian/perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.40.1-3

Affected versions

5.*

5.36.0-7

5.36.0-8

5.36.0-9

5.36.0-10

5.38.0~rc2-1

5.38.0-1

5.38.0-2

5.38.2-1

5.38.2-2

5.38.2-3

5.38.2-3.1

5.38.2-3.2

5.38.2-3.2+hurd.1

5.38.2-4

5.38.2-5

5.40.0~rc1-1

5.40.0-1

5.40.0-2

5.40.0-3

5.40.0-4

5.40.0-5

5.40.0-6

5.40.0-7

5.40.0-8

5.40.1-1

5.40.1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/perl/perl5

Affected ranges

Type: GIT
Repo: https://github.com/perl/perl5
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd

Affected versions

Other

GitLive-blead

perl-5a2

perl-5a9

if-0.*

if-0.0602

if-0.0603

if-0.0604

if-0.0605

perl-1.*

perl-1.0

perl-2.*

perl-2.0

perl-3.*

perl-3.000

perl-3.044

perl-4.*

perl-4.0.00

perl-4.0.36

perl-5.*

perl-5.000

perl-5.000o

perl-5.001

perl-5.001n

perl-5.002

perl-5.002_01

perl-5.003

perl-5.003_01

perl-5.003_02

perl-5.003_03

perl-5.003_04

perl-5.003_05

perl-5.003_07

perl-5.003_08

perl-5.003_09

perl-5.003_10

perl-5.003_11

perl-5.003_12

perl-5.003_13

perl-5.003_14

perl-5.003_15

perl-5.003_16

perl-5.003_17

perl-5.003_18

perl-5.003_19

perl-5.003_20

perl-5.003_21

perl-5.003_22

perl-5.003_23

perl-5.003_24

perl-5.003_25

perl-5.003_26

perl-5.003_27

perl-5.003_28

perl-5.003_90

perl-5.003_91

perl-5.003_92

perl-5.003_93

perl-5.003_94

perl-5.003_95

perl-5.003_96

perl-5.003_97

perl-5.003_97a

perl-5.003_97b

perl-5.003_97c

perl-5.003_97d

perl-5.003_97e

perl-5.003_97f

perl-5.003_97g

perl-5.003_97h

perl-5.003_97i

perl-5.003_97j

perl-5.003_98

perl-5.003_99

perl-5.003_99a

perl-5.004

perl-5.004_01

perl-5.004_02

perl-5.004_03

perl-5.004_04

perl-5.005

perl-5.005_01

perl-5.005_02

perl-5.6.0

perl-5.7.0

perl-5.7.1

perl-5.7.2

perl-5.7.3

perl-5.8.0

perl-5.9.0

perl-5.9.1

perl-5.9.2

perl-5.9.3

perl-5.9.4

perl-5.9.5

v5.*

v5.10.0

v5.11.0

v5.11.1

v5.11.2

v5.11.3

v5.11.4

v5.11.5

v5.12.0

v5.12.0-RC0

v5.12.0-RC1

v5.12.0-RC2

v5.12.0-RC3

v5.12.0-RC4

v5.12.0-RC5

v5.13.0

v5.13.1

v5.13.10

v5.13.11

v5.13.2

v5.13.3

v5.13.4

v5.13.5

v5.13.6

v5.13.7

v5.13.8

v5.13.9

v5.14.0

v5.14.0-RC1

v5.14.0-RC2

v5.14.0-RC3

v5.15.0

v5.15.1

v5.15.2

v5.15.3

v5.15.4

v5.15.5

v5.15.6

v5.15.7

v5.15.8

v5.15.9

v5.16.0

v5.16.0-RC1

v5.16.0-RC2

v5.17.0

v5.17.1

v5.17.10

v5.17.11

v5.17.2

v5.17.3

v5.17.4

v5.17.5

v5.17.6

v5.17.7

v5.17.7.0

v5.17.8

v5.17.9

v5.18.0

v5.18.0-RC1

v5.18.0-RC2

v5.18.0-RC3

v5.18.0-RC4

v5.19.0

v5.19.1

v5.19.10

v5.19.11

v5.19.2

v5.19.3

v5.19.4

v5.19.5

v5.19.6

v5.19.7

v5.19.8

v5.19.9

v5.20.0

v5.20.0-RC1

v5.21.0

v5.21.1

v5.21.10

v5.21.11

v5.21.2

v5.21.3

v5.21.4

v5.21.5

v5.21.6

v5.21.7

v5.21.8

v5.21.9

v5.22.0

v5.22.0-RC1

v5.22.0-RC2

v5.23.0

v5.23.1

v5.23.2

v5.23.3

v5.23.4

v5.23.5

v5.23.6

v5.23.7

v5.23.8

v5.23.9

v5.24.0

v5.24.0-RC1

v5.24.0-RC2

v5.24.0-RC3

v5.24.0-RC4

v5.24.0-RC5

v5.25.0

v5.25.1

v5.25.10

v5.25.11

v5.25.12

v5.25.2

v5.25.3

v5.25.4

v5.25.5

v5.25.6

v5.25.7

v5.25.8

v5.25.9

v5.26.0

v5.26.0-RC1

v5.26.0-RC2

v5.27.0

v5.27.1

v5.27.10

v5.27.11

v5.27.2

v5.27.3

v5.27.4

v5.27.5

v5.27.6

v5.27.7

v5.27.8

v5.27.9

v5.28.0

v5.28.0-RC1

v5.28.0-RC2

v5.28.0-RC3

v5.28.0-RC4

v5.29.0

v5.29.1

v5.29.10

v5.29.2

v5.29.3

v5.29.4

v5.29.5

v5.29.6

v5.29.7

v5.29.8

v5.29.9

v5.30.0

v5.30.0-RC1

v5.30.0-RC2

v5.31.0

v5.31.1

v5.31.10

v5.31.11

v5.31.2

v5.31.3

v5.31.4

v5.31.5

v5.31.6

v5.31.7

v5.31.8

v5.31.9

v5.32.0

v5.32.0-RC0

v5.32.0-RC1

v5.33.0

v5.33.1

v5.33.2

v5.33.3

v5.33.4

v5.33.5

v5.33.6

v5.33.7

v5.33.8

v5.33.9

v5.34.0

v5.34.0-RC1

v5.34.0-RC2

v5.35.0

v5.35.1

v5.35.10

v5.35.11

v5.35.2

v5.35.3

v5.35.4

v5.35.5

v5.35.6

v5.35.7

v5.35.8

v5.35.9

v5.36.0

v5.36.0-RC1

v5.36.0-RC3

v5.37.0

v5.37.1

v5.37.10

v5.37.11

v5.37.2

v5.37.3

v5.37.4

v5.37.5

v5.37.6

v5.37.7

v5.37.8

v5.37.9

v5.38.0

v5.38.0-RC1

v5.38.0-RC2

v5.39.0

v5.39.1

v5.39.10

v5.39.2

v5.39.3

v5.39.4

v5.39.5

v5.39.6

v5.39.7

v5.39.8

v5.39.9

v5.40.0

v5.40.0-RC1

v5.40.0-RC2

v5.41.0

v5.41.1

v5.41.10

v5.41.2

v5.41.3

v5.41.4

v5.41.5

v5.41.6

v5.41.7

v5.41.8

v5.41.9