CVE-2024-56406
ADVISORY - ubuntuSummary
A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the tr operator, S_do_trans_invmap can overflow the destination pointer d. $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;' Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2024-56406
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/Amedium| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| ubuntu/perl | deb | ubuntu | 22.04 | <5.34.0-3ubuntu1.4 | 5.34.0-3ubuntu1.4 |
| ubuntu/perl | deb | ubuntu | 25.04 | <5.40.1-2ubuntu0.1 | 5.40.1-2ubuntu0.1 |
| ubuntu/perl | deb | ubuntu | 24.10 | <5.38.2-5ubuntu0.1 | 5.38.2-5ubuntu0.1 |
| ubuntu/perl | deb | ubuntu | 24.04 | <5.38.2-3.2ubuntu0.1 | 5.38.2-3.2ubuntu0.1 |
Severity and metrics
No CVSS data available from this advisory.
NIST
CVSS SCORE
8.6highAlpine
CREATED
UPDATED
ADVISORY IDCVE-2024-56406
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Debian
CREATED
UPDATED
ADVISORY IDCVE-2024-56406
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AlowRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2024-56406
EXPLOITABILITY SCORE
2.5
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.3highPhoton
CREATED
UPDATED
ADVISORY ID
CVE-2024-56406
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-