List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer...

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function.

pairwise() collects the values returned by the block into a heap buffer sized to the longer input array, then grows the buffer before each copy with a single quadrupling (alloc <<= 2) instead of a loop. A block call that returns more than four times the current allocation in one invocation outgrows that one quadrupling, and the copy writes past the end of the buffer.

Any caller of pairwise() whose block returns, for a single pair, more than four times the longer input array's length writes past the buffer and corrupts the heap.

Basic Information

ID CVE-2026-12844

Source CPANSec

Published Jun 25, 2026 at 15:26

Modified Jun 25, 2026 at 19:35

Affected Product

Vendor DROLSKY

Product List::SomeUtils::XS

Affected Versions DROLSKY List::SomeUtils::XS 0

CWE Classification

CWE-787 CWE-122

References

{
    "lastseen": "",
    "description": "List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function.\n\npairwise() collects the values returned by the block into a heap buffer sized to the longer input array, then grows the buffer before each copy with a single quadrupling (alloc <<= 2) instead of a loop. A block call that returns more than four times the current allocation in one invocation outgrows that one quadrupling, and the copy writes past the end of the buffer.\n\nAny caller of pairwise() whose block returns, for a single pair, more than four times the longer input array's length writes past the buffer and corrupts the heap.",
    "published": "2026-06-25T15:26:09.331Z",
    "modified": "2026-06-25T19:35:16.577Z",
    "type": "cve",
    "title": "List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function",
    "source": "CPANSec",
    "references": "https://github.com/houseabsolute/List-SomeUtils-XS/commit/22549f78669b780d6aa338a2d2e49a3dedfffaa6.patch\nhttps://metacpan.org/release/DROLSKY/List-SomeUtils-XS-0.59/changes",
    "id": "CVE-2026-12844",
    "bulletinFamily": "",
    "cwe": [
        "CWE-787",
        "CWE-122"
    ],
    "cvelist": null,
    "sourceData": "DROLSKY List::SomeUtils::XS 0",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "List::SomeUtils::XS",
    "version": "0",
    "vendor": "DROLSKY",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function_CVE-2026-12844