{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-12087", "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "state": "PUBLISHED", "assignerShortName": "CPANSec", "dateReserved": "2026-06-12T13:29:50.478Z", "datePublished": "2026-06-15T21:11:09.876Z", "dateUpdated": "2026-06-16T15:59:27.883Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://cpan.org/modules", "defaultStatus": "unaffected", "packageName": "Socket", "product": "Socket", "programFiles": ["Socket.xs"], "programRoutines": [{"name": "pack_ip_mreq_source"}], "vendor": "PEVANS", "versions": [{"lessThan": "2.041", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Socket versions before 2.041 for Perl have an out-of-bounds heap read.\n\nIn Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-byte field, so a valid multiaddr lets a source of any length pass the check, and the source is then copied into the 4-byte imr_sourceaddr field with a fixed-size copy. A source shorter than 4 bytes is not rejected, and the copy reads up to 3 bytes past the end of its buffer.\n\nCalling pack_ip_mreq_source() with a source value shorter than 4 bytes copies adjacent heap memory into the returned packed structure."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-805", "description": "CWE-805 Buffer Access with Incorrect Length Value", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "shortName": "CPANSec", "dateUpdated": "2026-06-15T21:11:09.876Z"}, "references": [{"tags": ["release-notes"], "url": "https://metacpan.org/release/PEVANS/Socket-2.041/changes"}, {"tags": ["patch"], "url": "https://github.com/Perl/perl5/commit/de19a0b0ad1900fef976c5c1400bd8f11ec6c6cb.patch"}], "solutions": [{"lang": "en", "value": "Upgrade to version 2.041 or later."}], "source": {"discovery": "UNKNOWN"}, "title": "Socket versions before 2.041 for Perl have an out-of-bounds heap read", "x_generator": {"engine": "cpansec-cna-tool 0.1"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/06/15/10"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-06-15T23:33:50.725Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-06-16T15:43:23.064154Z", "id": "CVE-2026-12087", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-16T15:59:27.883Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-12087", "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "state": "PUBLISHED", "assignerShortName": "CPANSec", "dateReserved": "2026-06-12T13:29:50.478Z", "datePublished": "2026-06-15T21:11:09.876Z", "dateUpdated": "2026-06-16T15:59:27.883Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://cpan.org/modules", "defaultStatus": "unaffected", "packageName": "Socket", "product": "Socket", "programFiles": ["Socket.xs"], "programRoutines": [{"name": "pack_ip_mreq_source"}], "vendor": "PEVANS", "versions": [{"lessThan": "2.041", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Socket versions before 2.041 for Perl have an out-of-bounds heap read.\n\nIn Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-byte field, so a valid multiaddr lets a source of any length pass the check, and the source is then copied into the 4-byte imr_sourceaddr field with a fixed-size copy. A source shorter than 4 bytes is not rejected, and the copy reads up to 3 bytes past the end of its buffer.\n\nCalling pack_ip_mreq_source() with a source value shorter than 4 bytes copies adjacent heap memory into the returned packed structure."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-125", "description": "CWE-125 Out-of-bounds Read", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-805", "description": "CWE-805 Buffer Access with Incorrect Length Value", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "shortName": "CPANSec", "dateUpdated": "2026-06-15T21:11:09.876Z"}, "references": [{"tags": ["release-notes"], "url": "https://metacpan.org/release/PEVANS/Socket-2.041/changes"}, {"tags": ["patch"], "url": "https://github.com/Perl/perl5/commit/de19a0b0ad1900fef976c5c1400bd8f11ec6c6cb.patch"}], "solutions": [{"lang": "en", "value": "Upgrade to version 2.041 or later."}], "source": {"discovery": "UNKNOWN"}, "title": "Socket versions before 2.041 for Perl have an out-of-bounds heap read", "x_generator": {"engine": "cpansec-cna-tool 0.1"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/06/15/10"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-06-15T23:33:50.725Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-12087", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-16T15:43:23.064154Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-16T15:57:29.629Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Socket versions before 2.041 for Perl have an out-of-bounds heap read.\n\nIn Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-byte field, so a valid multiaddr lets a source of any length pass the check, and the source is then copied into the 4-byte imr_sourceaddr field with a fixed-size copy. A source shorter than 4 bytes is not rejected, and the copy reads up to 3 bytes past the end of its buffer.\n\nCalling pack_ip_mreq_source() with a source value shorter than 4 bytes copies adjacent heap memory into the returned packed structure."}], "id": "CVE-2026-12087", "lastModified": "2026-06-16T15:41:12.897", "metrics": {}, "published": "2026-06-15T22:16:16.197", "references": [{"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "url": "https://github.com/Perl/perl5/commit/de19a0b0ad1900fef976c5c1400bd8f11ec6c6cb.patch"}, {"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "url": "https://metacpan.org/release/PEVANS/Socket-2.041/changes"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2026/06/15/10"}], "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-805"}], "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "type": "Secondary"}]}

{"bugzilla": {"description": "perl-Socket: perl-Socket: Information Disclosure due to Out-of-Bounds Read", "id": "2489066", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2489066"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "status": "draft"}, "cwe": "CWE-125", "details": ["A flaw was found in the `perl-Socket` component. The `pack_ip_mreq_source()` function, which handles network socket operations, contains an out-of-bounds heap read vulnerability. An attacker providing a specially crafted input can cause the system to read beyond the intended memory buffer, potentially leading to information disclosure from adjacent memory regions."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-12087", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "perl-Socket", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "perl-Socket6", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "perl-Socket6", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "perl-Socket", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "perl-Socket6", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "perl-Socket", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "perl-Socket6", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "perl-Socket", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "perl-Socket6", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:hummingbird:1", "fix_state": "Under investigation", "package_name": "perl-Socket", "product_name": "Red Hat Hardened Images"}], "public_date": "2026-06-15T21:11:09Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-12087\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-12087\nhttps://github.com/Perl/perl5/commit/de19a0b0ad1900fef976c5c1400bd8f11ec6c6cb.patch\nhttps://metacpan.org/release/PEVANS/Socket-2.041/changes"], "statement": "A flaw was found in the Perl Socket module's pack_ip_mreq_source() function. An incorrect length validation may allow an out-of-bounds heap read, potentially exposing up to a few bytes of adjacent memory. Successful exploitation requires an application to call the affected function with attacker-controlled input, which limits the practical impact to information disclosure.", "threat_severity": "Moderate"}

{}