FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-10-10 08:58:57 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
72bfbb09-5a6a-11e6-a6c3-14dae9d210b8	perl -- local arbitrary code execution Sawyer X reports: Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory. Discovery 2016-07-21 Entry 2016-08-04 Modified 2016-08-22 perl5 perl5.18 perl5.20 perl5.22 perl5.24 perl5-devel < 5.18.4_23 >= 5.20 lt 5.20.3_14 >= 5.21 lt 5.22.3.r2 >= 5.23 lt 5.24.1.r2 >= 5.25 lt 5.25.3.18 perl >= 0 http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html CVE-2016-1238
a380f43e-19e5-11f0-9568-b42e991fc52e	Perl -- heap buffer overflow when transliterating non-ASCII bytes 9b29abf9-4ab0-4765-b253-1875cd9b441e reports: A heap buffer overflow vulnerability was discovered in Perl. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`. $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;' Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses. Discovery 2025-04-13 Entry 2025-04-15 perl5.36 < 5.36.3 perl5.38 < 5.38.4 perl5.40 < 5.40.2 perl5-devel < 5.41.10 CVE-2024-56406 https://nvd.nist.gov/vuln/detail/CVE-2024-56406

VuXML ID

Description

72bfbb09-5a6a-11e6-a6c3-14dae9d210b8

perl -- local arbitrary code execution

Sawyer X reports:

Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

Discovery 2016-07-21
Entry 2016-08-04
Modified 2016-08-22
perl5
perl5.18
perl5.20
perl5.22
perl5.24
perl5-devel

< 5.18.4_23

>= 5.20 lt 5.20.3_14

>= 5.21 lt 5.22.3.r2

>= 5.23 lt 5.24.1.r2

>= 5.25 lt 5.25.3.18

perl

>= 0

http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html
CVE-2016-1238

a380f43e-19e5-11f0-9568-b42e991fc52e

Perl -- heap buffer overflow when transliterating non-ASCII bytes

9b29abf9-4ab0-4765-b253-1875cd9b441e reports:

A heap buffer overflow vulnerability was discovered in Perl. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`. $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;' Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.

Discovery 2025-04-13
Entry 2025-04-15
perl5.36

< 5.36.3

perl5.38

< 5.38.4

perl5.40

< 5.40.2

perl5-devel

< 5.41.10

CVE-2024-56406
https://nvd.nist.gov/vuln/detail/CVE-2024-56406