{"id":"AZL-60384","summary":"CVE-2024-56406 affecting package perl for versions less than 5.34.1-490","details":"A heap buffer overflow vulnerability was discovered in Perl. \n\nRelease branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10.\n\nWhen there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.\n\n   $ perl -e '$_ = \"\\x{FF}\" x 1000000; tr/\\xFF/\\x{100}/;' \n   Segmentation fault (core dumped)\n\nIt is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.","modified":"2026-04-01T05:19:37.293046Z","published":"2025-04-13T14:15:14Z","upstream":["CVE-2024-56406"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-56406"}],"affected":[{"package":{"name":"perl","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/perl"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.34.1-490"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-60384.json"}}],"schema_version":"1.7.5"}