Security Advisories (30)

CVE-2011-2728 (2012-12-21)

The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.

CVE-2020-12723 (2020-06-05)

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

CVE-2020-10878 (2020-06-05)

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

CVE-2020-10543 (2020-06-05)

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

CVE-2018-6913 (2018-04-17)

Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.

CVE-2018-18314 (2018-12-07)

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-18313 (2018-12-07)

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

CVE-2018-18312 (2018-12-05)

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2018-18311 (2018-12-07)

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

CVE-2015-8853 (2016-05-25)

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."

CVE-2013-1667 (2013-03-14)

The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.

CVE-2010-4777 (2014-02-10)

The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.

CVE-2010-1158 (2010-04-20)

Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.

CVE-2009-3626 (2009-10-29)

Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.

CVE-2008-1927 (2008-04-24)

Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.

CVE-2005-3962 (2005-12-01)

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

CVE-2007-5116 (2007-11-07)

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.

CVE-2012-5195 (2012-12-18)

Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.

CVE-2016-2381 (2016-04-08)

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

CVE-2013-7422 (2015-08-16)

Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.

CVE-2011-1487 (2011-04-11)

The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.

CVE-1999-1386 (1999-12-31)

Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.

CVE-2023-47100

In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.

CVE-2024-56406 (2025-04-13)

A heap buffer overflow vulnerability was discovered in Perl. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`. $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;' Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.

CVE-1999-0034 (1997-05-29)

Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.

CVE-1999-0462 (1999-03-17)

suidperl in Linux Perl does not check the nosuid mount option on file systems, allowing local users to gain root access by placing a setuid script in a mountable file system, e.g. a CD-ROM or floppy disk.

http://www.securityfocus.com/bid/339

CVE-2000-0703 (2000-10-20)

suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.

CVE-2023-47039 (2023-10-30)

Perl for Windows relies on the system path environment variable to find the shell (cmd.exe). When running an executable which uses Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. An attacker with limited privileges can exploit this behavior by placing cmd.exe in locations with weak permissions, such as C:\ProgramData. By doing so, when an administrator attempts to use this executable from these compromised locations, arbitrary code can be executed.

CVE-2016-1238 (2016-08-02)

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

CVE-2015-8608 (2017-02-07)

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.

NAME

pod2man - translate embedded Perl pod directives into man pages

SYNOPSIS

pod2man [ --section=manext ] [ --release=relpatch ] [ --center=string ] [ --date=string ] [ --fixed=font ] [ --official ] inputfile

DESCRIPTION

pod2man converts its input file containing embedded pod directives (see perlpod) into nroff source suitable for viewing with nroff(1) or troff(1) using the man(7) macro set.

Besides the obvious pod conversions, pod2man also takes care of func(), func(n), and simple variable references like $foo or @bar so you don't have to use code escapes for them; complex expressions like $fred{'stuff'} will still need to be escaped, though. Other nagging little roffish things that it catches include translating the minus in something like foo-bar, making a long dash--like this--into a real em dash, fixing up "paired quotes", putting a little space after the parens in something like func(), making C++ and PI look right, making double underbars have a little tiny space between them, making ALLCAPS a teeny bit smaller in troff(1), and escaping backslashes so you don't have to.

OPTIONS

center: Set the centered header to a specific string. The default is "User Contributed Perl Documentation", unless the --official flag is given, in which case the default is "Perl Programmers Reference Guide".
date: Set the left-hand footer string to this value. By default, the modification date of the input file will be used.
fixed: The fixed font to use for code refs. Defaults to CW.
official: Set the default header to indicate that this page is of the standard release in case --center is not given.
release: Set the centered footer. By default, this is the current perl release.
section: Set the section for the .TH macro. The standard conventions on sections are to use 1 for user commands, 2 for system calls, 3 for functions, 4 for devices, 5 for file formats, 6 for games, 7 for miscellaneous information, and 8 for administrator commands. This works best if you put your Perl man pages in a separate tree, like /usr/local/perl/man/. By default, section 1 will be used unless the file ends in .pm in which case section 3 will be selected.

Anatomy of a Proper Man Page

For those not sure of the proper layout of a man page, here's an example of the skeleton of a proper man page. Head of the major headers should be setout as a =head1 directive, and are historically written in the rather startling ALL UPPER CASE format, although this is not mandatory. Minor headers may be included using =head2, and are typically in mixed case.

NAME

Mandatory section; should be a comma-separated list of programs or functions documented by this podpage, such as:

foo, bar - programs to do something

SYNOPSIS

A short usage summary for programs and functions, which may someday be deemed mandatory.

DESCRIPTION

Long drawn out discussion of the program. It's a good idea to break this up into subsections using the =head2 directives, like

=head2 A Sample Subection

=head2 Yet Another Sample Subection

OPTIONS

Some people make this separate from the description.

RETURN VALUE

What the program or function returns if successful.

ERRORS

Exceptions, return codes, exit stati, and errno settings.

EXAMPLES

Give some example uses of the program.

ENVIRONMENT

Envariables this program might care about.

FILES

All files used by the program. You should probably use the F<> for these.

SEE ALSO

Other man pages to check out, like man(1), man(7), makewhatis(8), or catman(8).

NOTES

Miscellaneous commentary.

CAVEATS

Things to take special care with; sometimes called WARNINGS.

DIAGNOSTICS

All possible messages the program can print out--and what they mean.

BUGS

Things that are broken or just don't work quite right.

RESTRICTIONS

Bugs you don't plan to fix :-)

AUTHOR

Who wrote it (or AUTHORS if multiple).

HISTORY

Programs derived from other sources sometimes have this, or you might keep a modification log here.

EXAMPLES

pod2man program > program.1
pod2man some_module.pm > /usr/perl/man/man3/some_module.3
pod2man --section=7 note.pod > note.7

DIAGNOSTICS

The following diagnostics are generated by pod2man. Items marked "(W)" are non-fatal, whereas the "(F)" errors will cause pod2man to immediately exit with a non-zero status.

bad option in paragraph %d of %s: ``%s'' should be [%s]<%s>: (W) If you start include an option, you should set it off as bold, italic, or code.
can't open %s: %s: (F) The input file wasn't available for the given reason.
Improper man page - no dash in NAME header in paragraph %d of %s: (W) The NAME header did not have an isolated dash in it. This is considered important.
Invalid man page - no NAME line in %s: (F) You did not include a NAME header, which is essential.
roff font should be 1 or 2 chars, not `%s' (F): (F) The font specified with the --fixed option was not a one- or two-digit roff font.
%s is missing required section: %s: (W) Required sections include NAME, DESCRIPTION, and if you're using a section starting with a 3, also a SYNOPSIS. Actually, not having a NAME is a fatal.
Unknown escape: %s in %s: (W) An unknown HTML entity (probably for an 8-bit character) was given via a E<> directive. Besides amp, lt, gt, and quot, recognized entities are Aacute, aacute, Acirc, acirc, AElig, aelig, Agrave, agrave, Aring, aring, Atilde, atilde, Auml, auml, Ccedil, ccedil, Eacute, eacute, Ecirc, ecirc, Egrave, egrave, ETH, eth, Euml, euml, Iacute, iacute, Icirc, icirc, Igrave, igrave, Iuml, iuml, Ntilde, ntilde, Oacute, oacute, Ocirc, ocirc, Ograve, ograve, Oslash, oslash, Otilde, otilde, Ouml, ouml, szlig, THORN, thorn, Uacute, uacute, Ucirc, ucirc, Ugrave, ugrave, Uuml, uuml, Yacute, yacute, and yuml.
Unmatched =back: (W) You have a =back without a corresponding =over.
Unrecognized pod directive: %s: (W) You specified a pod directive that isn't in the known list of =head1, =head2, =item, =over, =back, or =cut.

NOTES

If you would like to print out a lot of man page continuously, you probably want to set the C and D registers to set contiguous page numbering and even/odd paging, at least on some versions of man(7). Settting the F register will get you some additional experimental indexing:

troff -man -rC1 -rD1 -rF1 perl.1 perldata.1 perlsyn.1 ...

The indexing merely outputs messages via .tm for each major page, section, subsection, item, and any X<> directives.

RESTRICTIONS

None at this time.

BUGS

The =over and =back directives don't really work right. They take absolute positions instead of offsets, don't nest well, and making people count is suboptimal in any event.

AUTHORS

Original prototype by Larry Wall, but so massively hacked over by Tom Christiansen such that Larry probably doesn't recognize it anymore.

To install lib, copy and paste the appropriate command in to your terminal.

cpanm

cpanm lib

CPAN shell

perl -MCPAN -e shell
install lib

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)