CVE-2026-8376

CVE-2026-8376

Name

CVE-2026-8376

Description

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
9b29abf9-4ab0-4765-b253-1875cd9b441e	https://github.com/Perl/perl5/commit/5e7f119eb2bb1181be908701f22bf7068e722f1c.patch
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2026/05/26/1

Type

URI

9b29abf9-4ab0-4765-b253-1875cd9b441e

https://github.com/Perl/perl5/commit/5e7f119eb2bb1181be908701f22bf7068e722f1c.patch

af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2026/05/26/1

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:perl:perl::::::::`	perl	>= None	<= 5.43.10

CPE URI

Source package

Min version

Max version

cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*

perl

>= None

<= 5.43.10

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
perl	edge-main	5.42.2-r0	None	possibly vulnerable
perl	edge-main	5.42.1-r0	None	possibly vulnerable
perl	edge-main	5.42.0_rc3-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
perl	edge-main	5.42.0_rc2-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
perl	edge-main	5.42.0-r1	None	possibly vulnerable
perl	edge-main	5.42.0-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
perl	edge-main	5.40.2-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
perl	edge-main	5.40.1-r1	Celeste <cielesti@protonmail.com>	possibly vulnerable
perl	edge-main	5.40.1-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
perl	edge-main	5.40.0-r3	Celeste <cielesti@protonmail.com>	possibly vulnerable
perl	edge-main	5.38.1-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
perl	edge-main	5.34.0-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
perl	edge-main	5.30.3-r0	None	possibly vulnerable
perl	edge-main	5.26.3-r0	None	possibly vulnerable
perl	edge-main	5.26.2-r1	None	possibly vulnerable
perl	edge-main	5.26.2-r0	None	possibly vulnerable
perl	edge-main	5.26.1-r0	None	possibly vulnerable
perl	3.23-main	5.42.2-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
perl	3.23-main	5.42.1-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
perl	3.23-main	5.42.0-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
perl	3.22-main	5.40.4-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
perl	3.22-main	5.40.3-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
perl	3.22-main	5.40.2-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
perl	3.22-main	5.40.1-r1	None	possibly vulnerable
perl	3.22-main	5.38.1-r0	None	possibly vulnerable
perl	3.22-main	5.34.0-r1	None	possibly vulnerable
perl	3.22-main	5.30.3-r0	None	possibly vulnerable
perl	3.22-main	5.26.3-r0	None	possibly vulnerable
perl	3.22-main	5.26.2-r1	None	possibly vulnerable
perl	3.22-main	5.26.2-r0	None	possibly vulnerable
perl	3.22-main	5.26.1-r0	None	possibly vulnerable
perl	3.21-main	5.40.4-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
perl	3.21-main	5.40.3-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
perl	3.21-main	5.40.1-r1	Celeste <cielesti@protonmail.com>	possibly vulnerable
perl	3.21-main	5.40.1-r0	Celeste <cielesti@protonmail.com>	possibly vulnerable
perl	3.21-main	5.40.0-r3	Celeste <cielesti@protonmail.com>	possibly vulnerable
perl	3.21-main	5.38.1-r0	None	possibly vulnerable
perl	3.21-main	5.34.0-r1	None	possibly vulnerable
perl	3.21-main	5.30.3-r0	None	possibly vulnerable
perl	3.21-main	5.26.3-r0	None	possibly vulnerable
perl	3.21-main	5.26.2-r1	None	possibly vulnerable
perl	3.21-main	5.26.2-r0	None	possibly vulnerable
perl	3.21-main	5.26.1-r0	None	possibly vulnerable
perl	3.20-main	5.38.5-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
perl	3.20-main	5.38.3-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
perl	3.20-main	5.38.3-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
perl	3.20-main	5.38.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
perl	3.20-main	5.38.1-r0	None	possibly vulnerable
perl	3.20-main	5.34.0-r1	None	possibly vulnerable
perl	3.20-main	5.30.3-r0	None	possibly vulnerable
perl	3.20-main	5.26.3-r0	None	possibly vulnerable
perl	3.20-main	5.26.2-r1	None	possibly vulnerable
perl	3.20-main	5.26.2-r0	None	possibly vulnerable
perl	3.20-main	5.26.1-r0	None	possibly vulnerable
perl	3.19-main	5.38.5-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
perl	3.19-main	5.38.3-r1	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
perl	3.19-main	5.38.3-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
perl	3.19-main	5.38.2-r0	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
perl	3.19-main	5.38.1-r0	None	possibly vulnerable
perl	3.19-main	5.34.0-r1	None	possibly vulnerable
perl	3.19-main	5.30.3-r0	None	possibly vulnerable
perl	3.19-main	5.26.3-r0	None	possibly vulnerable
perl	3.19-main	5.26.2-r1	None	possibly vulnerable
perl	3.19-main	5.26.2-r0	None	possibly vulnerable
perl	3.19-main	5.26.1-r0	None	possibly vulnerable

Source package

Branch

Version

Maintainer

Status

References

Match rules

Vulnerable and fixed packages