CVE-2026-7111

Source
https://cve.org/CVERecord?id=CVE-2026-7111
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-7111.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-7111
Downstream
Related
Published
2026-04-29T14:22:29.358Z
Modified
2026-07-15T01:48:57.863733083Z
Severity
  • 8.4 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption
Details

Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption.

The Parse, print, getline, and getlineall methods invoke registered callbacks (for example afterparse, beforeprint, or onerror) and cache the Perl argument stack pointer across the call. If a callback extends the argument stack enough to trigger a reallocation, the return value is written through the stale pointer into the freed buffer, and the caller reads the original $self argument as the return value instead.

Calling code that expects parsed data from getlineall receives the Text::CSVXS object in its place, leading to logic errors or crashes. Text::CSV_XS objects used without any registered callbacks are not affected.

Database specific
{
    "cwe_ids": [
        "CWE-416",
        "CWE-825"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/7xxx/CVE-2026-7111.json",
    "cna_assigner": "CPANSec"
}
References

Affected packages

Git / github.com/cpan-authors/text-csv_xs

Affected ranges

Type
GIT
Repo
https://github.com/cpan-authors/text-csv_xs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:hmbrand:text\\:\\:csv_xs:*:*:*:*:*:perl:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.62"
        }
    ],
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

0.*
0.33
0.34
0.35-Valloire
0.36
0.37
0.40
0.41
0.42
0.43
0.44
0.45
0.46
0.50
0.51
0.52
0.53
0.54
0.55
0.56
0.57
0.58
0.59
0.60
0.61
0.62
0.63
0.64
0.65
0.66
0.67
0.68
0.69
0.70
0.71
0.72
0.73
0.74
0.75
0.76
0.77
0.78
0.79
0.80
0.81
0.82
0.83
0.84
0.85
0.86
0.87
0.88
0.90
0.91
0.92
0.93
0.94
0.95
0.96
0.97
0.98
0.99
1.*
1.00
1.01
1.02
1.03
1.04
1.05
1.06
1.07
1.08
1.09
1.10
1.11
1.12
1.13
1.14
1.15
1.16
1.17
1.18
1.19
1.20
1.21
1.22
1.23
1.24
1.25
1.26
1.27
1.28
1.29
1.30
1.31
1.32
1.33
1.34
1.35
1.36
1.37
1.38
1.39
1.40
1.41
1.42
1.43
1.44
1.45
1.46
1.47
1.48
1.49
1.50
1.51
1.53
1.54
1.55
1.56
1.58
1.59
1.60
1.61

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-7111.json"