{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-56406", "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "state": "PUBLISHED", "assignerShortName": "CPANSec", "dateReserved": "2024-12-23T02:07:38.152Z", "datePublished": "2025-04-13T13:16:09.841Z", "dateUpdated": "2025-04-13T22:02:35.643Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://cpan.org/modules", "defaultStatus": "unaffected", "packageName": "perl", "product": "perl", "programFiles": ["op.c"], "programRoutines": [{"name": "S_pmtrans"}, {"name": "tr"}], "repo": "https://github.com/Perl/perl5/", "vendor": "perl", "versions": [{"lessThanOrEqual": "5.41.10", "status": "affected", "version": "5.41.0", "versionType": "custom"}, {"lessThan": "5.40.2-RC1", "status": "affected", "version": "5.39.0", "versionType": "custom"}, {"lessThan": "5.38.4-RC1", "status": "affected", "version": "5.33.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Nathan Mills"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "A heap buffer overflow vulnerability was discovered in Perl. <br><br>Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10.<br><br>When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.<br><br><tt>&nbsp; &nbsp;$ perl -e '$_ = \"\\x{FF}\" x 1000000; tr/\\xFF/\\x{100}/;' <br>&nbsp; &nbsp;Segmentation fault (core dumped)</tt><br><br>It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.<br><br>"}], "value": "A heap buffer overflow vulnerability was discovered in Perl. \n\nRelease branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10.\n\nWhen there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.\n\n\u00a0 \u00a0$ perl -e '$_ = \"\\x{FF}\" x 1000000; tr/\\xFF/\\x{100}/;' \n\u00a0 \u00a0Segmentation fault (core dumped)\n\nIt is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-787", "description": "CWE-787 Out-of-bounds Write", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "shortName": "CPANSec", "dateUpdated": "2025-04-13T19:29:56.569Z"}, "references": [{"tags": ["patch"], "url": "https://github.com/Perl/perl5/commit/87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd.patch"}, {"tags": ["release-notes"], "url": "https://metacpan.org/release/SHAY/perl-5.38.4/changes"}, {"tags": ["release-notes"], "url": "https://metacpan.org/release/SHAY/perl-5.40.2/changes"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Users should update perl to 5.40.2 or 5.38.4, or apply the upstream patch provided in the References section.<br><br>"}], "value": "Users should update perl to 5.40.2 or 5.38.4, or apply the upstream patch provided in the References section."}], "source": {"discovery": "UNKNOWN"}, "title": "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2025/04/13/3"}, {"url": "http://www.openwall.com/lists/oss-security/2025/04/13/4"}, {"url": "http://www.openwall.com/lists/oss-security/2025/04/13/5"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-04-13T22:02:35.643Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A heap buffer overflow vulnerability was discovered in Perl. \n\nRelease branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10.\n\nWhen there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.\n\n\u00a0 \u00a0$ perl -e '$_ = \"\\x{FF}\" x 1000000; tr/\\xFF/\\x{100}/;' \n\u00a0 \u00a0Segmentation fault (core dumped)\n\nIt is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses."}], "id": "CVE-2024-56406", "lastModified": "2025-04-13T22:15:12.767", "metrics": {}, "published": "2025-04-13T14:15:14.527", "references": [{"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "url": "https://github.com/Perl/perl5/commit/87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd.patch"}, {"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "url": "https://metacpan.org/release/SHAY/perl-5.38.4/changes"}, {"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "url": "https://metacpan.org/release/SHAY/perl-5.40.2/changes"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2025/04/13/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2025/04/13/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2025/04/13/5"}], "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}, {"lang": "en", "value": "CWE-787"}], "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "type": "Secondary"}]}

{"bugzilla": {"description": "perl: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes", "id": "2359290", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2359290"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "status": "draft"}, "cwe": "(CWE-122|CWE-787)", "details": ["A flaw was found in Perl. This vulnerability allows a heap buffer overflow, which can lead to denial of service and potential remote code execution on platforms that lack sufficient defenses via specially crafted input to the tr/// transliteration operator containing non-ASCII bytes on the left-hand side."], "name": "CVE-2024-56406", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "perl", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "perl", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "perl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "perl:5.32/perl", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "perl", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-04-13T13:16:09Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-56406\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-56406\nhttps://github.com/Perl/perl5/commit/87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd.patch\nhttps://metacpan.org/release/SHAY/perl-5.38.4/changes\nhttps://metacpan.org/release/SHAY/perl-5.40.2/changes"], "threat_severity": "Important"}