Perl Heap Buffer Overflow Vulnerability in tr Operator Handling Non-ASCII Bytes

A heap buffer overflow vulnerability has been identified in Perl versions 5.34, 5.36, 5.38, and 5.40, including development versions from 5.33.1 to 5.41.10. The vulnerability occurs when non-ASCII bytes are present on the left side of the 'tr' operator, leading to an overflow of the destination pointer in the 'S_do_trans_invmap' function. This flaw can cause a segmentation fault, indicating a crash, and is believed to facilitate denial-of-service conditions and potentially arbitrary code execution on platforms with inadequate protections.

Impact

Exploitation of this vulnerability causes a heap-based buffer overflow, which can lead to memory corruption. This type of vulnerability is commonly associated with allowing attackers to execute arbitrary code under certain conditions.

Reproduction

The vulnerability can be reproduced by using Perl to execute a command that applies the 'tr' operator to a string containing a large number of non-ASCII characters. This command will cause Perl to crash, demonstrating the buffer overflow.

Remediation

Users are advised to update Perl to version 5.40.2 or 5.38.4. Instructions for downloading these versions are available on MetaCPAN.