/ 
perl-5.42.2
⭐ Starred 2013 / checkURL.pl
Security Advisories (1)
CVE-2026-8376 (2026-05-25)

Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds. Perl_study_chunk in regcomp_study.c checked the size of the joined substring buffer in characters rather than bytes. For a quantified fixed substring with a large minimum count, the byte length mincount * l could overflow SSize_t, producing an undersized SvGROW allocation; the subsequent copy writes past the end of the buffer. A caller that compiles an attacker-controlled regular expression on a 32-bit perl build triggers a heap buffer overflow at compile time.

NAME

checkURL.pl - Check that all the URLs in the Perl source are valid

DESCRIPTION

This program checks that all the URLs in the Perl source are valid. It checks HTTP and FTP links in parallel and contains a list of known bad example links in its source. It takes 4 minutes to run on my machine. The results are written to 'uris.txt' and list the filename, the URL and the error:

* ext/Locale-Maketext/lib/Locale/Maketext.pod
  http://sunsite.dk/RFC/rfc/rfc2277.html
    404 Not Found
...

It should be run every so often and links fixed and upstream authors notified.

Note that the web is unstable and some websites are temporarily down.