Source: perl Version: 5.40.1-8 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for perl. CVE-2026-12087[0]: | Socket versions before 2.041 for Perl have an out-of-bounds heap | read. In Socket.xs, pack_ip_mreq_source() checks the length of its | source argument before the argument is read, so the check tests the | byte length carried over from the preceding multiaddr argument | instead. Both addresses occupy a 4-byte field, so a valid multiaddr | lets a source of any length pass the check, and the source is then | copied into the 4-byte imr_sourceaddr field with a fixed-size copy. | A source shorter than 4 bytes is not rejected, and the copy reads up | to 3 bytes past the end of its buffer. Calling | pack_ip_mreq_source() with a source value shorter than 4 bytes | copies adjacent heap memory into the returned packed structure. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-12087 https://www.cve.org/CVERecord?id=CVE-2026-12087 [1] https://lists.security.metacpan.org/cve-announce/msg/41020451/ Please adjust the affected versions in the BTS as needed. Regards, Salvatore
