Sign In

CVE-2024-56406

ADVISORY - nist

Summary

A heap buffer overflow vulnerability was discovered in Perl.

Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10.

When there are non-ASCII bytes in the left-hand-side of the tr operator, S_do_trans_invmap can overflow the destination pointer d.

   $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;'    Segmentation fault (core dumped)

It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.

EPSS Score: 0.00175 (0.397)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-122

Heap-based Buffer Overflow

CWE-787

Out-of-bounds Write

ADVISORY - redhat

(CWE-122|CWE-787)

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2024-56406
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-122CWE-787

CVSS SCORE

8.6high

Alpine

CREATED

UPDATED

ADVISORY IDCVE-2024-56406
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

UPDATED

ADVISORY IDCVE-2024-56406
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2024-56406
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2024-56406
EXPLOITABILITY SCORE

2.5

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
(CWE-122|CWE-787)

CVSS SCORE

7.3high

Photon

CREATED

UPDATED

ADVISORY ID

CVE-2024-56406

EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

8.6high