CVE-2026-8376
9.8 CRITICALPerl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds
Published: 2026-05-26 · Last updated: 2026-05-27
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-680
Affected products
| Vendor | Product |
|---|---|
| perl | perl |
Description
Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-9698 — DBI versions before 1.648 for Perl saved errors in a limited-sized buffer (9.8 CRITICAL)
- CVE-2026-10879 — DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders (9.8 CRITICAL)