Description
Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack.

S_measure_struct adds each item's size times its repeat count to a running total with no overflow check, so a large repeat count in a pack or unpack template wraps the signed SSize_t total negative. The @, X, and x position codes then guard their moves with a signed length comparison that passes when the length is negative, advancing the buffer pointer out of bounds.

A template derived from untrusted input can read heap memory past the buffer and return it to the caller.
Published: 2026-07-13
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

Vendor Solution

Apply the upstream patches. The fix is included in the Perl 5.43.11 development release.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 13 Jul 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Shay
Shay perl
Vendors & Products Shay
Shay perl

Mon, 13 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Description Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack. S_measure_struct adds each item's size times its repeat count to a running total with no overflow check, so a large repeat count in a pack or unpack template wraps the signed SSize_t total negative. The @, X, and x position codes then guard their moves with a signed length comparison that passes when the length is negative, advancing the buffer pointer out of bounds. A template derived from untrusted input can read heap memory past the buffer and return it to the caller.
Title Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack
Weaknesses CWE-125
CWE-190
References

cve-icon MITRE

Status: PUBLISHED

Assigner: CPANSec

Published:

Updated: 2026-07-13T19:30:46.712Z

Reserved: 2026-06-24T13:09:26.322Z

Link: CVE-2026-57432

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-13T17:30:04Z

Weaknesses