CVE-2024-56406

HIGH Year: 2024
CVSS v3 Score
8.6
High
Weakness Type
CWE-122
View all →

Vulnerability Description

A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`. $ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;' Segmentation fault (core dumped) It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.

Related Vulnerabilities

CVE-2017-16717

HIGH
CVSS:8.6(High)

A Heap-based Buffer Overflow issue was discovered in WECON LeviStudio HMI. The heap-based buffer overflow vulnerability has been identified, which may allow remote code execution.

CWE-1222017

CVE-2021-21006

HIGH
CVSS:8.6(High)

Adobe Photoshop version 22.1 (and earlier) is affected by a heap buffer overflow vulnerability when handling a specially crafted font file. Successful exploitation could lead to arbitrary code executi...

CWE-1222021

CVE-2022-2601

HIGH
CVSS:8.6(High)

A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for ...

CWE-1222022

CVE-2024-20259

HIGH
CVSS:8.6(High)

A vulnerability in the DHCP snooping feature of Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload unexpectedly, resulting in a denial of servi...

CWE-1222024

CVE-2024-39825

HIGH
CVSS:8.5(High)

Buffer overflow in some Zoom Workplace Apps and Rooms Clients may allow an authenticated user to conduct an escalation of privilege via network access.

CWE-1222024