CVE-2026-12087: CWE-125 Out-of-bounds Read in PEVANS Socket
Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-byte field, so a valid multiaddr lets a source of any length pass the check, and the source is then copied into the 4-byte imr_sourceaddr field with a fixed-size copy. A source shorter than 4 bytes is not rejected, and the copy reads up to 3 bytes past the end of its buffer. Calling pack_ip_mreq_source() with a source value shorter than 4 bytes copies adjacent heap memory into the returned packed structure.
AI Analysis
Technical Summary
The vulnerability in PEVANS Socket (pre-2.041) involves an out-of-bounds read in the pack_ip_mreq_source() function within Socket.xs. The function performs a length check on the source argument using the byte length of a preceding multiaddr argument, both occupying 4 bytes. Because of this, a source argument shorter than 4 bytes is not properly validated, leading to a fixed-size copy operation that reads beyond the source buffer by up to 3 bytes. This results in adjacent heap memory being copied into the packed structure returned by the function.
Potential Impact
An attacker providing a source argument shorter than 4 bytes to pack_ip_mreq_source() can cause the function to read and copy adjacent heap memory beyond the intended buffer. This out-of-bounds read may lead to information disclosure of heap contents. There is no indication of code execution or denial of service from the provided data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, avoid passing source arguments shorter than 4 bytes to the pack_ip_mreq_source() function in the Socket module. Monitor vendor communications for updates regarding an official fix.
CVE-2026-12087: CWE-125 Out-of-bounds Read in PEVANS Socket
Description
Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-byte field, so a valid multiaddr lets a source of any length pass the check, and the source is then copied into the 4-byte imr_sourceaddr field with a fixed-size copy. A source shorter than 4 bytes is not rejected, and the copy reads up to 3 bytes past the end of its buffer. Calling pack_ip_mreq_source() with a source value shorter than 4 bytes copies adjacent heap memory into the returned packed structure.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in PEVANS Socket (pre-2.041) involves an out-of-bounds read in the pack_ip_mreq_source() function within Socket.xs. The function performs a length check on the source argument using the byte length of a preceding multiaddr argument, both occupying 4 bytes. Because of this, a source argument shorter than 4 bytes is not properly validated, leading to a fixed-size copy operation that reads beyond the source buffer by up to 3 bytes. This results in adjacent heap memory being copied into the packed structure returned by the function.
Potential Impact
An attacker providing a source argument shorter than 4 bytes to pack_ip_mreq_source() can cause the function to read and copy adjacent heap memory beyond the intended buffer. This out-of-bounds read may lead to information disclosure of heap contents. There is no indication of code execution or denial of service from the provided data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until a fix is available, avoid passing source arguments shorter than 4 bytes to the pack_ip_mreq_source() function in the Socket module. Monitor vendor communications for updates regarding an official fix.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- CPANSec
- Date Reserved
- 2026-06-12T13:29:50.478Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a30726b0b89be6888a31ad3
Added to database: 6/15/2026, 9:45:15 PM
Last enriched: 6/15/2026, 10:01:21 PM
Last updated: 6/16/2026, 12:40:01 AM
Views: 9
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.