CVE-2026-12087
Socket versions before 2.041 for Perl have an out-of-bounds heap read
Published: 2026-06-15 · Last updated: 2026-06-16
Severity and scoring
- CWE
- CWE-125, CWE-805
Description
Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-byte field, so a valid multiaddr lets a source of any length pass the check, and the source is then copied into the 4-byte imr_sourceaddr field with a fixed-size copy. A source shorter than 4 bytes is not rejected, and the copy reads up to 3 bytes past the end of its buffer. Calling pack_ip_mreq_source() with a source value shorter than 4 bytes copies adjacent heap memory into the returned packed structure.
Source: NVD
References
Related CVEs
Same CWE
- CVE-2026-1767 — A flaw was found in the GNOME localsearch (previously known as tracker-miners) MP3 Extractor `tracker-extract-mp3` component (5.6 MEDIUM)
- CVE-2026-1766 — A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor, specifically within the tracker-extract-mp3 com... (5.6 MEDIUM)
- CVE-2026-1765 — A flaw was found in the `tracker-extract-mp3` component of GNOME localsearch (previously known as tracker-miners) (5.6 MEDIUM)
- CVE-2026-1764 — A flaw was found in GNOME localsearch (previously known as tracker-miners) MP3 Extractor (5.6 MEDIUM)
- CVE-2026-53704 — A flaw was found in GStreamer's RealMedia demuxer in the gst-plugins-ugly package (7.1 HIGH)