Heap Buffer Overflow in Perl Affects 32-bit Builds
CVE-2026-8376

Currently unrated

Key Information:

Vendor: Shay
Status: Perl
Vendor: CVE Published:; 25 May 2026

What is CVE-2026-8376?

A heap buffer overflow vulnerability exists in Perl versions through 5.43.10 when compiling regular expressions with a repeated fixed string on 32-bit builds. The flaw lies in the Perl_study_chunk function within regcomp_study.c, where it incorrectly checks the size of the joined substring buffer in characters instead of bytes. This oversight can lead to an undersized allocation, allowing an attacker to craft a malicious regular expression that triggers a heap buffer overflow during compilation. Such exploitation can compromise the stability and security of applications using the vulnerable version of Perl.

Affected Version(s)

perl 0 <= 5.43.10

References

https://github.com/Perl/perl5/commit/5e7f119eb2bb1181be90...

patch

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 25, 2026
Vulnerability Reserved
May 12, 2026

CVE-2026-8376 Data

JSON

Shay

What is CVE-2026-8376?

Affected Version(s)

References

Timeline