Description
HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities.

The XS routine backing HTML::Entities::_decode_entities cached a pointer (repl) into the entity-value SV returned by hv_fetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and that value contained its own key as an entity reference, a later call to grow_gap() reallocated the SV's PV buffer and freed the backing allocation that repl still pointed into. The subsequent copy loop read repl_len bytes from the freed allocation.

The read may disclose adjacent heap contents into the destination SV.
Published: 2026-06-04
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

HTML::Entities versions prior to 3.84 contain a use‑after‑free bug in the _decode_entities routine. The routine caches a pointer into a string that may be freed later, so that a subsequent copy operation reads data from a reclaimed heap region. This flaw can lead to disclosure of adjacent heap contents when copying from the freed buffer, potentially exposing sensitive data. The weakness is a classic use‑after‑free issue as classified by CWE‑416.

Affected Systems

The vulnerability impacts the HTML::Entities Perl module, distributed by OALDERS. All released versions before 3.84 are affected. Systems that load this library, such as Perl applications that parse or render user‑supplied HTML using HTML::Entities, are at risk unless they have upgraded to version 3.84 or later.

Risk and Exploitability

The flaw permits arbitrary read of freed memory. While no CVSS score is provided, the potential for sensitive data leakage suggests a high severity. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog. The exploit requires local execution of code that uses the vulnerable library; an attacker would need to supply crafted entity references that trigger the freed memory copy path. Thus the attack surface is limited to environments where untrusted input can be processed by the module.

Generated by OpenCVE AI on June 4, 2026 at 03:51 UTC.

Remediation

Vendor Solution

Upgrade to HTML-Parser 3.84 or later.

OpenCVE Recommended Actions

  • Upgrade to HTML::Parser 3.84 or later, which contains the fix for the use‑after‑free issue.
  • Implement strict input validation to prevent entity references that map an entity key to its own value, thereby blocking the reallocated buffer read path.
  • If an immediate upgrade is not feasible, limit the usage of HTML::Entities to trusted input sources only, and consider isolating the parsing logic in a sandboxed environment to contain potential memory disclosure.

Generated by OpenCVE AI on June 4, 2026 at 03:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 04 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities. The XS routine backing HTML::Entities::_decode_entities cached a pointer (repl) into the entity-value SV returned by hv_fetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and that value contained its own key as an entity reference, a later call to grow_gap() reallocated the SV's PV buffer and freed the backing allocation that repl still pointed into. The subsequent copy loop read repl_len bytes from the freed allocation. The read may disclose adjacent heap contents into the destination SV.
Title HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities
Weaknesses CWE-416
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: CPANSec

Published:

Updated: 2026-06-04T02:03:46.702Z

Reserved: 2026-05-18T13:24:05.252Z

Link: CVE-2026-8829

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-06-04T03:16:20.260

Modified: 2026-06-04T03:16:20.260

Link: CVE-2026-8829

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-04T04:00:05Z

Weaknesses