Search

Find a vulnerability

Search criteria

    4 vulnerabilities by SHLOMIF

    CVE-2026-11527 (GCVE-0-2026-11527)

    Vulnerability from nvd – Published: 2026-06-14 11:40 – Updated: 2026-06-19 20:31
    VLAI
    Title
    Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument in _make_filehandle
    Summary
    Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument in _make_filehandle. Config::IniFiles::_make_filehandle opens a filename argument with Perl's 2-arg open(), so a filename that begins or ends with a pipe ("| cmd", "cmd |") or begins with a redirect ("> path", ">> path") is run as a command or redirect rather than opened as a file. The helper is the open path behind the documented -file argument: new(-file => $thing) reaches it through ReadConfig. An in-memory scalar reference (-file => \$text) does not open a path and is unaffected. Any caller that forwards untrusted input to the -file argument can run an arbitrary command or truncate a file under the process UID.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Vendor Product Version
    SHLOMIF Config::IniFiles Affected: 0 , < 3.001000 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-19T20:31:36.704Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/06/14/5"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00026.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.6,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11527",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-15T18:52:43.717589Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-15T19:25:43.977Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "Config-IniFiles",
              "product": "Config::IniFiles",
              "programFiles": [
                "lib/Config/IniFiles.pm"
              ],
              "programRoutines": [
                {
                  "name": "Config::IniFiles::_make_filehandle"
                }
              ],
              "repo": "https://github.com/shlomif/perl-Config-IniFiles",
              "vendor": "SHLOMIF",
              "versions": [
                {
                  "lessThan": "3.001000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument in _make_filehandle.\n\nConfig::IniFiles::_make_filehandle opens a filename argument with Perl\u0027s 2-arg open(), so a filename that begins or ends with a pipe (\"| cmd\", \"cmd |\") or begins with a redirect (\"\u003e path\", \"\u003e\u003e path\") is run as a command or redirect rather than opened as a file. The helper is the open path behind the documented -file argument: new(-file =\u003e $thing) reaches it through ReadConfig. An in-memory scalar reference (-file =\u003e \\$text) does not open a path and is unaffected.\n\nAny caller that forwards untrusted input to the -file argument can run an arbitrary command or truncate a file under the process UID."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73 External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-14T11:40:45.634Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/shlomif/perl-Config-IniFiles/commit/3e48f9627fbba4dae5de35be1f735cdeb7e47fb8.patch"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/SHLOMIF/Config-IniFiles-3.001000/changes"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to Config::IniFiles 3.001000 or later, which opens the -file argument with a 3-arg read open so the filename is never interpreted as a command or redirect."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument in _make_filehandle",
          "workarounds": [
            {
              "lang": "en",
              "value": "For deployments that cannot upgrade to 3.001000, do not pass untrusted input as the -file argument. Callers can open the file themselves and pass the resulting filehandle, or pass the configuration as an in-memory scalar reference, which bypasses the affected string path."
            }
          ],
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-11527",
        "datePublished": "2026-06-14T11:40:45.634Z",
        "dateReserved": "2026-06-07T19:33:54.590Z",
        "dateUpdated": "2026-06-19T20:31:36.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8177 (GCVE-0-2026-8177)

    Vulnerability from nvd – Published: 2026-05-10 20:48 – Updated: 2026-07-15 13:48
    VLAI
    Title
    XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences
    Summary
    XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory. Any Perl process that passes attacker controlled strings to XML::LibXML's DOM node-name methods can reach this path on the default API. The likely consequence is a crash, causing denial of service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    SHLOMIF XML::LibXML Affected: 0 , ≤ 2.0210 (custom)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 1:2.0210-4.el10_2.1 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 1:2.0206-5.el9_8.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-11T16:53:25.716Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/10/8"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/11/2"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8177",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T16:34:46.706997Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T16:35:55.120Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "packageName": "perl-XML-LibXML",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1:2.0210-4.el10_2.1",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "affected",
                "packageName": "perl-XML-LibXML",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1:2.0206-5.el9_8.1",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unknown",
                "packageName": "perl-XML-LibXML",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "affected",
                "packageName": "perl-XML-LibXML",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "affected",
                "packageName": "perl-XML-LibXML",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhcos",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-10T20:48:51.816Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in XML::LibXML for Perl. A remote attacker could exploit this vulnerability when processing specially crafted XML node names containing incomplete UTF-8 character sequences. This can lead to an out-of-bounds read in heap memory, potentially causing the application to crash and resulting in a denial of service."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T13:48:09.918Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-8177"
              },
              {
                "name": "RHBZ#2468684",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468684"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-8177.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:39547"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:39878"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:39553"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:39547: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:39878: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:39553: Red Hat Enterprise Linux AppStream (v. 9)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-10T22:00:53.601Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-10T20:48:51.816Z",
                "value": "Made public."
              }
            ],
            "title": "perl-XML-LibXML: XML::LibXML: Denial of Service via truncated UTF-8 in XML node names",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "XML-LibXML",
              "product": "XML::LibXML",
              "programFiles": [
                "dom.c"
              ],
              "repo": "https://github.com/cpan-authors/XML-LibXML",
              "vendor": "SHLOMIF",
              "versions": [
                {
                  "lessThanOrEqual": "2.0210",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences.\n\nA node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory.\n\nAny Perl process that passes attacker controlled strings to XML::LibXML\u0027s DOM node-name methods can reach this path on the default API. The likely consequence is a crash, causing denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-10T23:33:30.265Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/cpan-authors/XML-LibXML/issues/146"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/cpan-authors/XML-LibXML/pull/149"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/cpan-authors/XML-LibXML/commit/15652bd905a6c9dda59a81b14d4766adbbae2ea8.patch"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to a future XML::LibXML release, or apply the upstream patch."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-08T00:00:00.000Z",
              "value": "Patch submitted in upstream PR."
            }
          ],
          "title": "XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-8177",
        "datePublished": "2026-05-10T20:48:51.816Z",
        "dateReserved": "2026-05-08T15:36:17.532Z",
        "dateUpdated": "2026-07-15T13:48:09.918Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-11527 (GCVE-0-2026-11527)

    Vulnerability from cvelistv5 – Published: 2026-06-14 11:40 – Updated: 2026-06-19 20:31
    VLAI
    Title
    Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument in _make_filehandle
    Summary
    Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument in _make_filehandle. Config::IniFiles::_make_filehandle opens a filename argument with Perl's 2-arg open(), so a filename that begins or ends with a pipe ("| cmd", "cmd |") or begins with a redirect ("> path", ">> path") is run as a command or redirect rather than opened as a file. The helper is the open path behind the documented -file argument: new(-file => $thing) reaches it through ReadConfig. An in-memory scalar reference (-file => \$text) does not open a path and is unaffected. Any caller that forwards untrusted input to the -file argument can run an arbitrary command or truncate a file under the process UID.
    SSVC
    Exploitation: none Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
    • CWE-73 - External Control of File Name or Path
    Assigner
    Impacted products
    Vendor Product Version
    SHLOMIF Config::IniFiles Affected: 0 , < 3.001000 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-06-19T20:31:36.704Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/06/14/5"
              },
              {
                "url": "https://lists.debian.org/debian-lts-announce/2026/06/msg00026.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8.6,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "NONE",
                  "scope": "CHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-11527",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-06-15T18:52:43.717589Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-06-15T19:25:43.977Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "Config-IniFiles",
              "product": "Config::IniFiles",
              "programFiles": [
                "lib/Config/IniFiles.pm"
              ],
              "programRoutines": [
                {
                  "name": "Config::IniFiles::_make_filehandle"
                }
              ],
              "repo": "https://github.com/shlomif/perl-Config-IniFiles",
              "vendor": "SHLOMIF",
              "versions": [
                {
                  "lessThan": "3.001000",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument in _make_filehandle.\n\nConfig::IniFiles::_make_filehandle opens a filename argument with Perl\u0027s 2-arg open(), so a filename that begins or ends with a pipe (\"| cmd\", \"cmd |\") or begins with a redirect (\"\u003e path\", \"\u003e\u003e path\") is run as a command or redirect rather than opened as a file. The helper is the open path behind the documented -file argument: new(-file =\u003e $thing) reaches it through ReadConfig. An in-memory scalar reference (-file =\u003e \\$text) does not open a path and is unaffected.\n\nAny caller that forwards untrusted input to the -file argument can run an arbitrary command or truncate a file under the process UID."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-78",
                  "description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            },
            {
              "descriptions": [
                {
                  "cweId": "CWE-73",
                  "description": "CWE-73 External Control of File Name or Path",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-06-14T11:40:45.634Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/shlomif/perl-Config-IniFiles/commit/3e48f9627fbba4dae5de35be1f735cdeb7e47fb8.patch"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/SHLOMIF/Config-IniFiles-3.001000/changes"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to Config::IniFiles 3.001000 or later, which opens the -file argument with a 3-arg read open so the filename is never interpreted as a command or redirect."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Config::IniFiles versions before 3.001000 for Perl allow OS command injection and file overwrite via a 2-arg open() of the -file argument in _make_filehandle",
          "workarounds": [
            {
              "lang": "en",
              "value": "For deployments that cannot upgrade to 3.001000, do not pass untrusted input as the -file argument. Callers can open the file themselves and pass the resulting filehandle, or pass the configuration as an in-memory scalar reference, which bypasses the affected string path."
            }
          ],
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-11527",
        "datePublished": "2026-06-14T11:40:45.634Z",
        "dateReserved": "2026-06-07T19:33:54.590Z",
        "dateUpdated": "2026-06-19T20:31:36.704Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-8177 (GCVE-0-2026-8177)

    Vulnerability from cvelistv5 – Published: 2026-05-10 20:48 – Updated: 2026-07-15 13:48
    VLAI
    Title
    XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences
    Summary
    XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory. Any Perl process that passes attacker controlled strings to XML::LibXML's DOM node-name methods can reach this path on the default API. The likely consequence is a crash, causing denial of service.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    SHLOMIF XML::LibXML Affected: 0 , ≤ 2.0210 (custom)
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 10 Unaffected: 1:2.0210-4.el10_2.1 , < * (rpm)
        cpe:/o:redhat:enterprise_linux:10.2
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 9 Unaffected: 1:2.0206-5.el9_8.1 , < * (rpm)
        cpe:/a:redhat:enterprise_linux:9
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 6     cpe:/o:redhat:enterprise_linux:6
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 7     cpe:/o:redhat:enterprise_linux:7
    Create a notification for this product.
    Red Hat Red Hat Enterprise Linux 8     cpe:/o:redhat:enterprise_linux:8
    Create a notification for this product.
    Red Hat Red Hat OpenShift Container Platform 4     cpe:/a:redhat:openshift:4
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-05-11T16:53:25.716Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/10/8"
              },
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/05/11/2"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-8177",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-05-11T16:34:46.706997Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-05-11T16:35:55.120Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "affected": [
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:10.2"
                ],
                "defaultStatus": "affected",
                "packageName": "perl-XML-LibXML",
                "product": "Red Hat Enterprise Linux 10",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1:2.0210-4.el10_2.1",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:enterprise_linux:9"
                ],
                "defaultStatus": "affected",
                "packageName": "perl-XML-LibXML",
                "product": "Red Hat Enterprise Linux 9",
                "vendor": "Red Hat",
                "versions": [
                  {
                    "lessThan": "*",
                    "status": "unaffected",
                    "version": "1:2.0206-5.el9_8.1",
                    "versionType": "rpm"
                  }
                ]
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:6"
                ],
                "defaultStatus": "unknown",
                "packageName": "perl-XML-LibXML",
                "product": "Red Hat Enterprise Linux 6",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:7"
                ],
                "defaultStatus": "affected",
                "packageName": "perl-XML-LibXML",
                "product": "Red Hat Enterprise Linux 7",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/o:redhat:enterprise_linux:8"
                ],
                "defaultStatus": "affected",
                "packageName": "perl-XML-LibXML",
                "product": "Red Hat Enterprise Linux 8",
                "vendor": "Red Hat"
              },
              {
                "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
                "cpes": [
                  "cpe:/a:redhat:openshift:4"
                ],
                "defaultStatus": "unaffected",
                "packageName": "rhcos",
                "product": "Red Hat OpenShift Container Platform 4",
                "vendor": "Red Hat"
              }
            ],
            "datePublic": "2026-05-10T20:48:51.816Z",
            "descriptions": [
              {
                "lang": "en",
                "value": "A flaw was found in XML::LibXML for Perl. A remote attacker could exploit this vulnerability when processing specially crafted XML node names containing incomplete UTF-8 character sequences. This can lead to an out-of-bounds read in heap memory, potentially causing the application to crash and resulting in a denial of service."
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "namespace": "https://access.redhat.com/security/updates/classification/",
                    "value": "Important"
                  },
                  "type": "Red Hat severity rating"
                }
              },
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                },
                "format": "CVSS"
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-125",
                    "description": "Out-of-bounds Read",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T13:48:09.918Z",
              "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
              "shortName": "redhat-SADP"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/security/cve/CVE-2026-8177"
              },
              {
                "name": "RHBZ#2468684",
                "tags": [
                  "issue-tracking",
                  "x_refsource_REDHAT"
                ],
                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2468684"
              },
              {
                "tags": [
                  "x_sadp-csaf-vex"
                ],
                "url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-8177.json"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:39547"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:39878"
              },
              {
                "tags": [
                  "vendor-advisory",
                  "x_refsource_REDHAT"
                ],
                "url": "https://access.redhat.com/errata/RHSA-2026:39553"
              }
            ],
            "solutions": [
              {
                "lang": "en",
                "value": "RHSA-2026:39547: Red Hat Enterprise Linux AppStream (v. 10)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:39878: Red Hat Enterprise Linux AppStream (v. 8)"
              },
              {
                "lang": "en",
                "value": "RHSA-2026:39553: Red Hat Enterprise Linux AppStream (v. 9)"
              }
            ],
            "timeline": [
              {
                "lang": "en",
                "time": "2026-05-10T22:00:53.601Z",
                "value": "Reported to Red Hat."
              },
              {
                "lang": "en",
                "time": "2026-05-10T20:48:51.816Z",
                "value": "Made public."
              }
            ],
            "title": "perl-XML-LibXML: XML::LibXML: Denial of Service via truncated UTF-8 in XML node names",
            "workarounds": [
              {
                "lang": "en",
                "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
              }
            ],
            "x_adpType": "supplier",
            "x_generator": {
              "engine": "sadp-cli 1.0.0"
            }
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "XML-LibXML",
              "product": "XML::LibXML",
              "programFiles": [
                "dom.c"
              ],
              "repo": "https://github.com/cpan-authors/XML-LibXML",
              "vendor": "SHLOMIF",
              "versions": [
                {
                  "lessThanOrEqual": "2.0210",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences.\n\nA node name ending in the middle of a multi byte UTF-8 sequence causes the parser to read past the end of the input string into adjacent heap memory.\n\nAny Perl process that passes attacker controlled strings to XML::LibXML\u0027s DOM node-name methods can reach this path on the default API. The likely consequence is a crash, causing denial of service."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-125",
                  "description": "CWE-125 Out-of-bounds Read",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-05-10T23:33:30.265Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/cpan-authors/XML-LibXML/issues/146"
            },
            {
              "tags": [
                "issue-tracking"
              ],
              "url": "https://github.com/cpan-authors/XML-LibXML/pull/149"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/cpan-authors/XML-LibXML/commit/15652bd905a6c9dda59a81b14d4766adbbae2ea8.patch"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to a future XML::LibXML release, or apply the upstream patch."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "timeline": [
            {
              "lang": "en",
              "time": "2026-05-08T00:00:00.000Z",
              "value": "Patch submitted in upstream PR."
            }
          ],
          "title": "XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-8177",
        "datePublished": "2026-05-10T20:48:51.816Z",
        "dateReserved": "2026-05-08T15:36:17.532Z",
        "dateUpdated": "2026-07-15T13:48:09.918Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }