Description
List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function.

pairwise() collects the values returned by the block into a heap buffer sized to the longer input array, then grows the buffer before each copy with a single quadrupling (alloc <<= 2) instead of a loop. A block call that returns more than four times the current allocation in one invocation outgrows that one quadrupling, and the copy writes past the end of the buffer.

Any caller of pairwise() whose block returns, for a single pair, more than four times the longer input array's length writes past the buffer and corrupts the heap.
Published: 2026-06-25
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

List::SomeUtils::XS versions prior to 0.59 contain a heap buffer overflow in the pairwise function. The function preallocates a heap buffer sized to the longer input array and then enlarges it with a single quadrupling operation rather than a loop. When a block executed for a single pair returns more than four times the longest input array, the buffer grows too small and subsequent memcpy writes past its end, corrupting heap memory. This can lead to denial of service or, if an attacker controls the block, arbitrary code execution.

Affected Systems

Any Perl installation that loads List::SomeUtils::XS before version 0.59 and uses the pairwise function is impacted. Systems must check the module version in their environment; older releases such as 0.58 and earlier are vulnerable.

Risk and Exploitability

No CVSS score is provided in the data, and the EPSS score is not available; the vulnerability is not listed in CISA KEV. The overflow requires the pairwise function to be invoked with a block that can return a large value, implying a local code execution scenario. While public exploits are not reported, the possibility of arbitrary code execution makes it a moderate to high risk for environments where untrusted code can call pairwise.

Generated by OpenCVE AI on June 25, 2026 at 16:13 UTC.

Remediation

Vendor Solution

Upgrade to List::SomeUtils::XS 0.59 or later.

OpenCVE Recommended Actions

  • Upgrade List::SomeUtils::XS to version 0.59 or later.
  • Refactor any pairwise calls so that the block never returns more than four times the longest input array length.
  • If an upgrade cannot be performed immediately, replace pairwise with a custom implementation that performs explicit bounds checking before copying data.

Generated by OpenCVE AI on June 25, 2026 at 16:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function. pairwise() collects the values returned by the block into a heap buffer sized to the longer input array, then grows the buffer before each copy with a single quadrupling (alloc <<= 2) instead of a loop. A block call that returns more than four times the current allocation in one invocation outgrows that one quadrupling, and the copy writes past the end of the buffer. Any caller of pairwise() whose block returns, for a single pair, more than four times the longer input array's length writes past the buffer and corrupts the heap.
Title List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function
Weaknesses CWE-122
CWE-787
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: CPANSec

Published:

Updated: 2026-06-25T15:26:09.331Z

Reserved: 2026-06-21T21:38:59.795Z

Link: CVE-2026-12844

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T16:15:15Z

Weaknesses