CVE-2026-8829

Source
https://cve.org/CVERecord?id=CVE-2026-8829
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8829.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-8829
Downstream
Related
Published
2026-06-04T02:03:46.702Z
Modified
2026-07-08T08:12:41.206637836Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities
Details

HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities.

The XS routine backing HTML::Entities::decodeentities cached a pointer (repl) into the entity-value SV returned by hvfetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and that value contained its own key as an entity reference, a later call to growgap() reallocated the SV's PV buffer and freed the backing allocation that repl still pointed into. The subsequent copy loop read repl_len bytes from the freed allocation.

The read may disclose adjacent heap contents into the destination SV.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/8xxx/CVE-2026-8829.json",
    "cna_assigner": "CPANSec",
    "cwe_ids": [
        "CWE-416"
    ]
}
References

Affected packages

Git / github.com/libwww-perl/html-parser

Affected ranges

Type
GIT
Repo
https://github.com/libwww-perl/html-parser
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "cpe": "cpe:2.3:a:oalders:html\\:\\:entities:*:*:*:*:*:perl:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.84"
        }
    ]
}

Affected versions

3.*
3.57
3.58
3.59
3.60
3.61
3.62
3.63
3.64
3.65
3.66
3.67
3.68
3.69
3.70
3.71
3.72
3.73
3.74
3.75
3.76
3.77
3.78
3.79
3.80
3.81
3.82
3.83
Other
B11
B12
B13
B6
LWP_5_00
LWP_5_05
LWP_5_17
LWP_5_18
LWP_5_22
R19_90
R2_14
R2_16
R2_17
R2_18
R2_19
R2_20
R2_21
R2_22
R2_23
R2_24
R2_25
R2_99_01
R2_99_02
R2_99_03
R2_99_04
R2_99_05
R2_99_06
R2_99_07
R2_99_08
R2_99_09
R2_99_10
R2_99_11
R2_99_12
R2_99_13
R2_99_14
R2_99_15
R2_99_16
R2_99_17
R2_99_90
R2_99_91
R2_99_92
R2_99_93
R2_99_94
R2_99_95
R2_99_96
R3_00
R3_01
R3_02
R3_03
R3_04
R3_05
R3_06
R3_07
R3_08
R3_09
R3_10
R3_11
R3_12
R3_13
R3_14
R3_15
R3_16
R3_17
R3_18
R3_19
R3_19_91
R3_19_92
R3_19_93
R3_19_94
R3_20
R3_21
R3_22
R3_23
R3_24
R3_25
R3_26
R3_27
R3_28
R3_29
R3_30
R3_31
R3_32
R3_33
R3_34
R3_35
R3_36
R3_37
R3_38
R3_39_90
R3_39_91
R3_39_92
R3_40
R3_42
R3_43
R3_44
R3_45
R3_46
R3_47
R3_48
R3_49
R3_50
R3_51
R3_52
R3_53
R3_54
R3_55
R3_56

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-8829.json"