Integer Overflow Vulnerability in Perl Software by Perl Development Group
CVE-2026-57432

Currently unrated

Key Information:

Vendor

Shay

Status
Vendor
CVE Published:
13 July 2026

What is CVE-2026-57432?

An integer overflow vulnerability has been identified in Perl versions prior to 5.43.10, originating from the S_measure_struct function. This flaw occurs when the total size calculation of items does not include an overflow check, allowing a large repeat count to cause a negative wrap in the signed SSize_t total. As a result, the risk is that the @, X, and x position codes, which depend on a signed length, may actually proceed with a negative length, leading to out-of-bounds behavior. Consequently, this can enable an attacker to exploit the system by reading memory content beyond the allocated buffer through an improperly crafted template derived from untrusted input.

Affected Version(s)

perl 0 <= 5.43.10

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.