SB2025041425 - OpenBSD update for Perl
Published: April 14, 2025
Security Bulletin ID
SB2025041425
Severity
High
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Heap-based buffer overflow (CVE-ID: CVE-2024-56406)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the S_do_trans_invmap() function. A remote attacker can pass specially crafted input to the application, trigger a heap-based buffer overflow and execute arbitrary code on the target system.
Remediation
Install update from vendor's website.
References
- http://www.openbsd.org/errata76.html#015"
- http://www.openbsd.org/errata76.html#015</a><a
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/015_perl.patch.sig"
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.6/common/015_perl.patch.sig</a></p><p><a
- http://www.openbsd.org/errata75.html#025"
- http://www.openbsd.org/errata75.html#025</a></p><p><a
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/025_perl.patch.sig"
- https://ftp.openbsd.org/pub/OpenBSD/patches/7.5/common/025_perl.patch.sig</a></p>