Back to overview

CVE-2026-57432

Description
Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack. S_measure_struct adds each item's size times its repeat count to a running total with no overflow check, so a large repeat count in a pack or unpack template wraps the signed SSize_t total negative. The @, X, and x position codes then guard their moves with a signed length comparison that passes when the length is negative, advancing the buffer pointer out of bounds. A template derived from untrusted input can read heap memory past the buffer and return it to the caller.

Metadata

CVE ID
CVE-2026-57432
State
PUBLISHED
Assigner
CPANSec
Reserved
2026-06-24 13:09 UTC
Published
2026-07-13 15:38 UTC
Last updated
2026-07-13 19:30 UTC
Primary CWE
CWE-190
CWE-190 Integer Overflow or Wraparound
Vendor / Product
SHAY / perl
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
SHAY perl 0 ≤ 5.43.10
Weakness (CWE)
CWESourceDescription
CWE-125 cna CWE-125 Out-of-bounds Read
CWE-190 cna CWE-190 Integer Overflow or Wraparound
Back to overview