CVE-2024-56406
Published Apr 13, 2025
Last updated 2 days ago
AI description
CVE-2024-56406 is a heap buffer overflow vulnerability found in Perl. It affects release branches 5.34, 5.36, 5.38, and 5.40, including development versions from 5.33.1 through 5.41.10. The vulnerability occurs in the `S_do_trans_invmap` function when the left-hand side of the `tr` operator contains non-ASCII bytes. This can cause the destination pointer `d` to overflow. Applying updates to version 5.38.4 or 5.40.2 eliminates this vulnerability.
- Description
- A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`. $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;' Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.
- Source
- 9b29abf9-4ab0-4765-b253-1875cd9b441e
- NVD status
- Awaiting Analysis
- 9b29abf9-4ab0-4765-b253-1875cd9b441e
- CWE-122
- Hype score
- Not currently trending
Perlにヒープオーバーフローの脆弱性。CVE-2024-56406はtrオペレータの左側に非ASCII文字がある場合に発現。DoS、あるいはシステムが堅牢でない場合はコード実行となる可能性。バージョン5.40.2または5.38.4で修正。 https://t.co/DlLvXx7GA9
@__kokumoto
14 Apr 2025
2228 Impressions
6 Retweets
28 Likes
3 Bookmarks
0 Replies
0 Quotes
CVE-2024-56406: Heap Overflow Vulnerability in Perl Threatens DoS and Code Execution A heap overflow flaw in Perl could lead to denial-of-service attacks or remote code execution, impacting countless systems. Patch now! https://t.co/haXGgilEd3 #Cybersecurity #Vulnerability
@adriananglin
14 Apr 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Alert🚨 CVE-2024-56406: Heap Overflow Vulnerability in Perl Threatens Denial of Service and Potential Code Execution 📊1.4M+ Services are found on the https://t.co/ysWb28Crld yearly. 🔗Hunter Link:https://t.co/FCagPgNegB 👇Query HUNTER : https://t.co/q9rtuGgxk7="Perl" FOFA : ht
@HunterMapping
14 Apr 2025
1780 Impressions
6 Retweets
33 Likes
11 Bookmarks
1 Reply
0 Quotes
CVE-2024-56406 04/13/2025 02:15:14 PM A heap buffer overflow vulnerability was discovered in Perl. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invma... https://t.co/dgSrC2qkTK
@CVETracker
13 Apr 2025
41 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2024-56406 ❓ 🏢 perl - perl 🏗️ 5.40.0 🔗 https://t.co/q1kav6f1mR 🔗 https://t.co/K21lAujtcU 🔗 https://t.co/Dj1TQfJcrw #CyberCron #VulnAlert #InfoSec https://t.co/45cj2rOt7s
@cybercronai
13 Apr 2025
48 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2024-56406: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes https://t.co/M5wHss8z8t $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;' Segmentation fault First included in tag v5.33.1, fixed in 5.40.2 and 5.38.4
@oss_security
13 Apr 2025
10485 Impressions
10 Retweets
29 Likes
10 Bookmarks
2 Replies
5 Quotes
CVE-2024-56406 A heap buffer overflow vulnerability was discovered in Perl. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can over… https://t.co/YqteeKZVSW
@CVEnew
13 Apr 2025
778 Impressions
1 Retweet
4 Likes
1 Bookmark
0 Replies
0 Quotes