CVE-2026-8376

CRITICAL

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds

Title source: cna

Exploitation Summary

EIP tracks 1 public exploit for CVE-2026-8376. PoCs published by CYFARE.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2026-8376, a heap buffer overflow in Perl's regex compilation on 32-bit builds. The exploit triggers an integer overflow by crafting a regex pattern with a large repetition count, leading to memory corruption.

Description

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.

Exploits (1)

github WORKING POC

by CYFARE · pythonpoc

https://github.com/CYFARE/CVE-2026-8376-Perl-Heap-Buffer-Overflow-PoC-Exploit

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2026-8376, a heap buffer overflow in Perl's regex compilation on 32-bit builds. The exploit triggers an integer overflow by crafting a regex pattern with a large repetition count, leading to memory corruption.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Perl versions through 5.43.10 on 32-bit builds

No auth needed

Prerequisites: 32-bit Perl binary · Python 3

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Jun 01, 2026 Full analysis →

References (2)

Core 2

Core References

Patch patch

https://github.com/Perl/perl5/commit/5e7f119eb2bb1181be908701f22bf7068e722f1c.patch

Mailing List

http://www.openwall.com/lists/oss-security/2026/05/26/1

Scores

CVSS v3 9.8

EPSS 0.0005

EPSS Percentile 15.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-680

Status published

Products (2)

perl/perl < 5.43.10

SHAY/perl < 5.43.10

Published May 26, 2026

Tracked Since May 26, 2026