Login Sign Up

CVE-2024-56406

8.4 HIGH
Denial of Service

📋 TL;DR

A heap buffer overflow vulnerability in Perl's tr operator when processing non-ASCII characters allows attackers to crash applications or potentially execute arbitrary code. This affects Perl versions 5.34 through 5.40, including development versions, impacting any system running vulnerable Perl scripts.

💻 Affected Systems

Products:
  • Perl programming language
Versions: 5.34.x, 5.36.x, 5.38.x, 5.40.x, and development versions 5.33.1 through 5.41.10
Operating Systems: All operating systems running affected Perl versions
Default Config Vulnerable: ⚠️ Yes
Notes: Any Perl script using the tr operator with non-ASCII characters is vulnerable. The vulnerability is triggered during string processing.

📦 What is this software?

Perl by Perl

View all CVEs affecting Perl →

Perl by Perl

View all CVEs affecting Perl →

Perl by Perl

View all CVEs affecting Perl →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise on platforms without memory protection features like ASLR.

🟠

Likely Case

Denial of service through application crashes when processing malicious input in Perl scripts.

🟢

If Mitigated

Application crash without code execution on modern systems with ASLR and other memory protections.

🌐 Internet-Facing: HIGH - Perl scripts processing user input via web applications or APIs are directly exploitable.
🏢 Internal Only: MEDIUM - Internal scripts processing untrusted data remain vulnerable to privilege escalation.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof-of-concept demonstrating crash is publicly available. Code execution would require additional exploitation techniques.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.38.4, 5.40.2, and later versions

Vendor Advisory: https://metacpan.org/release/SHAY/perl-5.38.4/changes

Restart Required: No

Instructions:

1. Update Perl using your system package manager (apt-get upgrade perl, yum update perl, etc.) 2. For custom installations, download and compile from perl.org 3. Verify the update with 'perl -v'

🔧 Temporary Workarounds

Input validation for tr operator

all

Validate or sanitize input before using the tr operator with non-ASCII characters

# Add input validation in Perl scripts before using tr operator

🧯 If You Can't Patch

  • Implement strict input validation for all Perl scripts processing user data
  • Use application firewalls or WAF rules to block suspicious patterns in input to Perl applications

🔍 How to Verify

Check if Vulnerable:

Run: perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;' - if it crashes, system is vulnerable

Check Version:

perl -v | head -2

Verify Fix Applied:

Run the same test command - it should complete without segmentation fault

📡 Detection & Monitoring

Log Indicators:

  • Segmentation fault errors in application logs
  • Unexpected Perl process crashes

Network Indicators:

  • HTTP requests containing repeated non-ASCII characters to Perl-based applications

SIEM Query:

source="application.log" AND "segmentation fault" AND process="perl"

📊 Metadata

CVE ID: CVE-2024-56406
CVSS v3 Score: 8.4 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-122
EPSS Score: 0.13% exploit probability (32.7th percentile)
Published: April 13, 2025
Last Updated: October 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-56406, you might also want to check these:

CVE-2021-21940 10.0

A heap-based buffer overflow vulnerability in Anker Eufy Homebase 2's RTSP handling allows remote co...

Same vulnerability type (CWE-122)
CVE-2023-45318 10.0

This critical vulnerability allows remote attackers to execute arbitrary code on systems running Wes...

Same vulnerability type (CWE-122)
CVE-2025-23123 10.0

A heap buffer overflow vulnerability in UniFi Protect Camera firmware allows remote code execution. ...

Same vulnerability type (CWE-122)