{"schema_version":"1.7.2","id":"OESA-2026-2843","modified":"2026-07-06T06:27:50Z","published":"2026-07-06T06:27:50Z","upstream":["CVE-2026-12087"],"summary":"perl security update","details":"Perl 5 is a highly capable, feature-rich programming language with over 30 years of development. Perl 5 runs on over 100 platforms from portables to mainframes and is suitable for both rapid prototyping and large scale development projects.\r\n\r\nSecurity Fix(es):\n\nSocket versions before 2.041 for Perl have an out-of-bounds heap read.\n\nIn Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-byte field, so a valid multiaddr lets a source of any length pass the check, and the source is then copied into the 4-byte imr_sourceaddr field with a fixed-size copy. A source shorter than 4 bytes is not rejected, and the copy reads up to 3 bytes past the end of its buffer.\n\nCalling pack_ip_mreq_source() with a source value shorter than 4 bytes copies adjacent heap memory into the returned packed structure.(CVE-2026-12087)","affected":[{"package":{"ecosystem":"openEuler:22.03-LTS-SP4","name":"perl","purl":"pkg:rpm/openEuler/perl&distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.34.0-16.oe2203sp4"}]}],"ecosystem_specific":{"aarch64":["perl-5.34.0-16.oe2203sp4.aarch64.rpm","perl-debuginfo-5.34.0-16.oe2203sp4.aarch64.rpm","perl-debugsource-5.34.0-16.oe2203sp4.aarch64.rpm","perl-devel-5.34.0-16.oe2203sp4.aarch64.rpm","perl-libs-5.34.0-16.oe2203sp4.aarch64.rpm"],"noarch":["perl-help-5.34.0-16.oe2203sp4.noarch.rpm"],"src":["perl-5.34.0-16.oe2203sp4.src.rpm"],"x86_64":["perl-5.34.0-16.oe2203sp4.x86_64.rpm","perl-debuginfo-5.34.0-16.oe2203sp4.x86_64.rpm","perl-debugsource-5.34.0-16.oe2203sp4.x86_64.rpm","perl-devel-5.34.0-16.oe2203sp4.x86_64.rpm","perl-libs-5.34.0-16.oe2203sp4.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2843"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-12087"}],"database_specific":{"severity":"Critical"}}
