Hackers' Pub

Syntax	Description	Examples
`"` keyword `"`	Finds the string within quotes, including spaces. Case-insensitive. (Escape quotes inside with `\"`)	`"Hackers' Pub"`
`from:` handle	Finds content written by the specified user.	`from:hongminhee` `from:hongminhee@hollo.social`
`lang:` ISO 639-1	Finds content written in the specified language.	`lang:en`
`#` tag	Finds content with the specified tag. Case-insensitive.	`#HackersPub`
condition condition	Finds content that satisfies both conditions on either side of the space (logical AND).	`"Hackers' Pub" lang:en`
condition `OR` condition	Finds content that satisfies at least one of the conditions on either side of the OR operator (logical OR).	`#HackersPub OR "Hackers' Pub" lang:en`
`(` condition `)`	Combines the operators within the parentheses first.	`(#HackersPub OR "Hackers' Pub" OR "Hackers Pub") lang:en`

Harry Sintonen @harrysintonen@infosec.exchange

4/13/2025, 3:47:33 PM

Public

CVE-2024-56406: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes.

"When there are non-ASCII bytes in the left-hand-side of the tr operator, S_do_trans_invmap() can overflow the destination pointer d.

It is believed that this vulnerability can enable Denial of Service or Arbitrary Code Execution attacks on platforms that lack sufficient defenses."

ref: https://www.openwall.com/lists/oss-security/2025/04/13/3

https://metacpan.org/release/SHAY/perl-5.40.2/changes

It's suggested releases from v5.33.1 to v5.41.10 are affected: https://www.openwall.com/lists/oss-security/2025/04/13/4

#cve_2024_56406

oss-security - CVE-2024-56406: Perl 5.34, 5.36, 5.38 and 5.40 are vulnerable to a heap buffer overflow when transliterating non-ASCII bytes

www.openwall.com

If you have a fediverse account, you can quote this note from your own instance. Search https://infosec.exchange/users/harrysintonen/statuses/114331435266014302 on your instance and quote it. (Note that quoting is not supported in Mastodon.)