CVE-2026-8829

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-8829
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-8829.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-8829
Downstream
Related
Published
2026-06-04T02:03:46.702Z
Modified
2026-06-24T09:14:03.055176252Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities
Details

HTML::Entities versions before 3.84 for Perl read freed heap memory in decodeentities.

The XS routine backing HTML::Entities::decodeentities cached a pointer (repl) into the entity-value SV returned by hvfetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and that value contained its own key as an entity reference, a later call to growgap() reallocated the SV's PV buffer and freed the backing allocation that repl still pointed into. The subsequent copy loop read repl_len bytes from the freed allocation.

The read may disclose adjacent heap contents into the destination SV.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/8xxx/CVE-2026-8829.json",
    "cwe_ids": [
        "CWE-416"
    ],
    "cna_assigner": "CPANSec"
}
References

Affected packages

Git / github.com/libwww-perl/html-parser

Affected ranges

Type
GIT
Repo
https://github.com/libwww-perl/html-parser
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
6b21b32af5e34192d9cc02334136ff5e9bffd6a0
Fixed
6922552b0778c90a9587a3894e248be4d3a25e1c
Database specific 
{
    "cpe": "cpe:2.3:a:oalders:html\\:\\:entities:*:*:*:*:*:perl:*:*",
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.84"
        }
    ]
}

Affected versions

3.*
3.57
3.58
3.59
3.60
3.61
3.62
3.63
3.64
3.65
3.66
3.67
3.68
3.69
3.70
3.71
3.72
3.73
3.74
3.75
3.76
3.77
3.78
3.79
3.80
3.81
3.82
3.83
Other
B11
B12
B13
B6
LWP_5_00
LWP_5_05
LWP_5_17
LWP_5_18
LWP_5_22
R19_90
R2_14
R2_16
R2_17
R2_18
R2_19
R2_20
R2_21
R2_22
R2_23
R2_24
R2_25
R2_99_01
R2_99_02
R2_99_03
R2_99_04
R2_99_05
R2_99_06
R2_99_07
R2_99_08
R2_99_09
R2_99_10
R2_99_11
R2_99_12
R2_99_13
R2_99_14
R2_99_15
R2_99_16
R2_99_17
R2_99_90
R2_99_91
R2_99_92
R2_99_93
R2_99_94
R2_99_95
R2_99_96
R3_00
R3_01
R3_02
R3_03
R3_04
R3_05
R3_06
R3_07
R3_08
R3_09
R3_10
R3_11
R3_12
R3_13
R3_14
R3_15
R3_16
R3_17
R3_18
R3_19
R3_19_91
R3_19_92
R3_19_93
R3_19_94
R3_20
R3_21
R3_22
R3_23
R3_24
R3_25
R3_26
R3_27
R3_28
R3_29
R3_30
R3_31
R3_32
R3_33
R3_34
R3_35
R3_36
R3_37
R3_38
R3_39_90
R3_39_91
R3_39_92
R3_40
R3_42
R3_43
R3_44
R3_45
R3_46
R3_47
R3_48
R3_49
R3_50
R3_51
R3_52
R3_53
R3_54
R3_55
R3_56

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-8829.json"
vanir_signatures 
[
    {
        "target": {
            "file": "util.c"
        },
        "source": "https://github.com/libwww-perl/html-parser/commit/6922552b0778c90a9587a3894e248be4d3a25e1c",
        "digest": {
            "line_hashes": [
                "29524226695568867393611713302732256007",
                "88925536424335811418513984117503737771",
                "125351173588064010782487249454781502536",
                "244693494973170438017600447690742251171",
                "177566466278410444417561684390376957074",
                "161068445147121806963874015074544648543",
                "55192585854307345962842473963564967862",
                "235073147029104328918831853661015462231",
                "45855650820848338149040975573924227466",
                "224125197776965977316250693747002817775",
                "162567067660630509810466194269228684738",
                "258479322125686328984193696014827764263",
                "308011330346174385747097628131380601554",
                "46442983270035478777643436301391618654",
                "18921908710528266953421495109603178278",
                "229891308261985322485472263359863391893",
                "280375879308588453047160834160354569603",
                "134429069728731958751856250472328785201",
                "300278630825011606591107183136696983218",
                "88967852916892989479353512631507549383",
                "115856390516382032478180913911082783685",
                "33000665795576920914913238638696949613",
                "234150239203820662679117585177268903128",
                "19832847907142007802878252255421180173",
                "187583489482414199909937053426466094382"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2026-8829-25837f81",
        "signature_version": "v1",
        "deprecated": false,
        "signature_type": "Line"
    },
    {
        "target": {
            "file": "util.c",
            "function": "decode_entities"
        },
        "source": "https://github.com/libwww-perl/html-parser/commit/6922552b0778c90a9587a3894e248be4d3a25e1c",
        "digest": {
            "function_hash": "89558245732209872575410423504328203275",
            "length": 3138.0
        },
        "id": "CVE-2026-8829-8366e2d3",
        "deprecated": false,
        "signature_type": "Function",
        "signature_version": "v1"
    }
]
vanir_signatures_modified 
"2026-06-19T03:19:16Z"