Security Advisories (1)

CVE-2026-8376 (2026-05-25)

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.

https://github.com/Perl/perl5/commit/5e7f119eb2bb1181be908701f22bf7068e722f1c.patch

NAME

libnetcfg - configure libnet

DESCRIPTION

The libnetcfg utility can be used to configure the libnet. Starting from perl 5.8 libnet is part of the standard Perl distribution, but the libnetcfg can be used for any libnet installation.

USAGE

Without arguments libnetcfg displays the current configuration.

$ libnetcfg
# old config ./libnet.cfg
daytime_hosts        ntp1.none.such
ftp_int_passive      0
ftp_testhost         ftp.funet.fi
inet_domain          none.such
nntp_hosts           nntp.none.such
ph_hosts             
pop3_hosts           pop.none.such
smtp_hosts           smtp.none.such
snpp_hosts           
test_exist           1
test_hosts           1
time_hosts           ntp.none.such
# libnetcfg -h for help
$

It tells where the old configuration file was found (if found).

The -h option will show a usage message.

To change the configuration you will need to use either the -c or the -d options.

The default name of the old configuration file is by default "libnet.cfg", unless otherwise specified using the -i option, -i oldfile, and it is searched first from the current directory, and then from your module path.

The default name of the new configuration file is "libnet.cfg", and by default it is written to the current directory, unless otherwise specified using the -o option, -o newfile.

AUTHORS

Graham Barr, the original Configure script of libnet.

Jarkko Hietaniemi, conversion into libnetcfg for inclusion into Perl 5.8.

To install less, copy and paste the appropriate command in to your terminal.

cpanm

cpanm less

CPAN shell

perl -MCPAN -e shell
install less

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)

NAME

DESCRIPTION

USAGE

SEE ALSO

AUTHORS

Module Install Instructions

Keyboard Shortcuts