DEBIAN-CVE-2024-56406

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2024-56406

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-56406.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2024-56406

Upstream

CVE-2024-56406

Published

2025-04-13T14:15:14Z

Modified

2025-09-30T05:19:55.063121Z

Summary

[none]

Details

A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the tr operator, S_do_trans_invmap can overflow the destination pointer d. $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;' Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.

References

https://security-tracker.debian.org/tracker/CVE-2024-56406

Affected packages

Debian:12 / perl

Package

Name: perl
Purl: pkg:deb/debian/perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.36.0-7+deb12u2

Affected versions

5.*

5.36.0-7

5.36.0-7+deb12u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / perl

Package

Name: perl
Purl: pkg:deb/debian/perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.40.1-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / perl

Package

Name: perl
Purl: pkg:deb/debian/perl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

5.40.1-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}