#cve_2024_56406

:mastodon: decio⚠️ Alerte sécurité <a href="https://infosec.exchange/tags/Perl" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Perl</a> – CVE-2024-56406Si vous avez une solution ou un site exposé sur Internet avec Perl (v5.34 à v5.40), prenez 1 min pour lire ceci ⬇️ Une faille heap buffer overflow dans l’opérateur tr/// permet de planter Perl via une simple ligne de code : ⬇️ <blockquote>perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;'</blockquote>➡️ Risque d'attaque opportuniste par déni de service🎯 Possiblement à risque si exposés:<ul><li>Portails d'hébergements mutualisés </li><li>Scripts Perl manipulant des entrées utilisateur</li><li>Stacks locales (ex : XAMPP) </li></ul>🔒 Pour se protéger :Mettez à jour en 5.40.2 ( <a href="https://metacpan.org/release/SHAY/perl-5.40.2/changes" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://metacpan.org/release/SHAY/perl-5.40.2/changes</a>) ou 5.38.4 (<a href="https://metacpan.org/release/SHAY/perl-5.38.4/changes" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://metacpan.org/release/SHAY/perl-5.38.4/changes</a>)cPanel ⬇️ <a href="https://docs.cpanel.net/changelogs/110-change-log/#110058" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://docs.cpanel.net/changelogs/110-change-log/#110058</a><a href="https://infosec.exchange/tags/CyberVeille" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberVeille</a> <a href="https://infosec.exchange/tags/cve_2024_56406" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cve_2024_56406</a>

Harry SintonenCVE-2024-56406: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes."When there are non-ASCII bytes in the left-hand-side of the tr operator, S_do_trans_invmap() can overflow the destination pointer d.It is believed that this vulnerability can enable Denial of Service or Arbitrary Code Execution attacks on platforms that lack sufficient defenses."ref: <a href="https://www.openwall.com/lists/oss-security/2025/04/13/3" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.openwall.com/lists/oss-security/2025/04/13/3</a><a href="https://metacpan.org/release/SHAY/perl-5.40.2/changes" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://metacpan.org/release/SHAY/perl-5.40.2/changes</a>It's suggested releases from v5.33.1 to v5.41.10 are affected: <a href="https://www.openwall.com/lists/oss-security/2025/04/13/4" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.openwall.com/lists/oss-security/2025/04/13/4</a><a href="https://infosec.exchange/tags/cve_2024_56406" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cve_2024_56406</a>

Recent searches

Search options

Administered by:

Server stats: