CRITICAL
SHAY
CVE published 2026-05-26
CVE-2026-8376
A heap buffer overflow vulnerability exists in Perl versions through 5.43.10 when compiling regular expressions containing a repeated fixed string on 32-bit builds. The flaw resides in `Perl_study_chunk` within `regcomp_study.c`, where the size of the joined substring buffer was checked in characters rather than bytes. For quantified fixed substrings with large minimum counts, the byte length calculation [truncated]