Description
XML::Bare versions through 0.53 for Perl have an unbounded character lookahead.
The parserc_parse function attempts to check for multicharacter strings such as "<![CDATA" or element terminators such as ">" without checking that the offsets are within the buffer.
Truncated strings such as "<a/" can trigger an out-of-bounds read.
The parserc_parse function attempts to check for multicharacter strings such as "<![CDATA" or element terminators such as ">" without checking that the offsets are within the buffer.
Truncated strings such as "<a/" can trigger an out-of-bounds read.
Published:
2026-07-16
Score:
n/a
EPSS:
n/a
KEV:
No
Impact:
n/a
Action:
n/a
No analysis available yet.
Remediation
Vendor Workaround
Apply the patch.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Thu, 16 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | XML::Bare versions through 0.53 for Perl have an unbounded character lookahead. The parserc_parse function attempts to check for multicharacter strings such as "<![CDATA" or element terminators such as ">" without checking that the offsets are within the buffer. Truncated strings such as "<a/" can trigger an out-of-bounds read. | |
| Title | XML::Bare versions through 0.53 for Perl have an unbounded character lookahead | |
| Weaknesses | CWE-125 | |
| References |
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: CPANSec
Published:
Updated: 2026-07-16T16:15:34.033Z
Reserved: 2026-06-23T17:59:40.467Z
Link: CVE-2026-57074
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-125
Out-of-bounds Read