Back to overview

CVE-2026-12087

Description
Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-byte field, so a valid multiaddr lets a source of any length pass the check, and the source is then copied into the 4-byte imr_sourceaddr field with a fixed-size copy. A source shorter than 4 bytes is not rejected, and the copy reads up to 3 bytes past the end of its buffer. Calling pack_ip_mreq_source() with a source value shorter than 4 bytes copies adjacent heap memory into the returned packed structure.

Metadata

CVE ID
CVE-2026-12087
State
PUBLISHED
Assigner
CPANSec
Reserved
2026-06-12 13:29 UTC
Published
2026-06-15 21:11 UTC
Last updated
2026-06-15 23:33 UTC
Primary CWE
CWE-125
CWE-125 Out-of-bounds Read
Vendor / Product
PEVANS / Socket
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
PEVANS Socket 0 < 2.041
Weakness (CWE)
CWESourceDescription
CWE-125 cna CWE-125 Out-of-bounds Read
CWE-805 cna CWE-805 Buffer Access with Incorrect Length Value
References (2)
Back to overview