CVE-2026-12844: CWE-787 Out-of-bounds Write in DROLSKY List::SomeUtils::XS
List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function. pairwise() collects the values returned by the block into a heap buffer sized to the longer input array, then grows the buffer before each copy with a single quadrupling (alloc <<= 2) instead of a loop. A block call that returns more than four times the current allocation in one invocation outgrows that one quadrupling, and the copy writes past the end of the buffer. Any caller of pairwise() whose block returns, for a single pair, more than four times the longer input array's length writes past the buffer and corrupts the heap.
AI Analysis
Technical Summary
CVE-2026-12844 describes a heap buffer overflow in the pairwise() function of List::SomeUtils::XS versions prior to 0.59. The vulnerability arises because the buffer growth logic quadruples the allocation size once per copy operation rather than looping to ensure sufficient size. When a block returns more than four times the length of the longer input array in a single invocation, the buffer is overrun, leading to heap corruption. This is classified under CWE-787 (Out-of-bounds Write) and CWE-122 (Heap-based Buffer Overflow).
Potential Impact
Heap buffer overflow can lead to heap corruption, potentially causing crashes or enabling arbitrary code execution depending on the context in which pairwise() is used. No known exploits in the wild have been reported. The impact depends on how the vulnerable function is used and whether an attacker can control the block's return values.
Mitigation Recommendations
No official patch or remediation level has been published yet. Users should avoid using pairwise() with blocks that can return more than four times the length of the longer input array until a fix is available. Monitor the vendor or CPAN security advisories for updates and apply any official fixes once released.
CVE-2026-12844: CWE-787 Out-of-bounds Write in DROLSKY List::SomeUtils::XS
Description
List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function. pairwise() collects the values returned by the block into a heap buffer sized to the longer input array, then grows the buffer before each copy with a single quadrupling (alloc <<= 2) instead of a loop. A block call that returns more than four times the current allocation in one invocation outgrows that one quadrupling, and the copy writes past the end of the buffer. Any caller of pairwise() whose block returns, for a single pair, more than four times the longer input array's length writes past the buffer and corrupts the heap.
CVSS v3.1
Score 7.5high
Affected software
Run on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2026-12844 describes a heap buffer overflow in the pairwise() function of List::SomeUtils::XS versions prior to 0.59. The vulnerability arises because the buffer growth logic quadruples the allocation size once per copy operation rather than looping to ensure sufficient size. When a block returns more than four times the length of the longer input array in a single invocation, the buffer is overrun, leading to heap corruption. This is classified under CWE-787 (Out-of-bounds Write) and CWE-122 (Heap-based Buffer Overflow).
Potential Impact
Heap buffer overflow can lead to heap corruption, potentially causing crashes or enabling arbitrary code execution depending on the context in which pairwise() is used. No known exploits in the wild have been reported. The impact depends on how the vulnerable function is used and whether an attacker can control the block's return values.
Mitigation Recommendations
No official patch or remediation level has been published yet. Users should avoid using pairwise() with blocks that can return more than four times the length of the longer input array until a fix is available. Monitor the vendor or CPAN security advisories for updates and apply any official fixes once released.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- CPANSec
- Date Reserved
- 2026-06-21T21:38:59.795Z
- Cvss Version
- null
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 6a3d4d4b4853345fc124a2f3
Added to database: 06/25/2026, 15:46:19 UTC
Last enriched: 06/25/2026, 16:02:33 UTC
Last updated: 06/26/2026, 01:04:55 UTC
Views: 7
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.