What is GHSA-q5cv-5vf6-95gp?

GHSA-q5cv-5vf6-95gp is a security advisory published by GitHub Security Advisories with Critical severity. Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs,...

Which CVE IDs does GHSA-q5cv-5vf6-95gp cover?

GHSA-q5cv-5vf6-95gp covers the following CVE IDs: CVE-2026-12087. Each CVE has its own detail page on EchelonGraph Pulse with the synthesized EG score.

What is the CVSS v3 score of GHSA-q5cv-5vf6-95gp?

GHSA-q5cv-5vf6-95gp has a CVSS v3 base score of 9.1, published by GitHub Security Advisories.

GHSA-q5cv-5vf6-95gpCriticalCVSS 9.1

Socket versions before 2.041 for Perl have an out-of-bounds heap read. In Socket.xs,...

Vendor

GitHub Security Advisories

Published

June 16, 2026

Last Modified

June 16, 2026

🔗 CVE IDs covered (1)

CVE-2026-12087 →

📋 Description

Socket versions before 2.041 for Perl have an out-of-bounds heap read.

In Socket.xs, pack_ip_mreq_source() checks the length of its source argument before the argument is read, so the check tests the byte length carried over from the preceding multiaddr argument instead. Both addresses occupy a 4-byte field, so a valid multiaddr lets a source of any length pass the check, and the source is then copied into the 4-byte imr_sourceaddr field with a fixed-size copy. A source shorter than 4 bytes is not rejected, and the copy reads up to 3 bytes past the end of its buffer.

Calling pack_ip_mreq_source() with a source value shorter than 4 bytes copies adjacent heap memory into the returned packed structure.

🔗 References (5)

https://nvd.nist.gov/vuln/detail/CVE-2026-12087
https://github.com/Perl/perl5/commit/de19a0b0ad1900fef976c5c1400bd8f11ec6c6cb.patch
https://metacpan.org/release/PEVANS/Socket-2.041/changes
http://www.openwall.com/lists/oss-security/2026/06/15/10
https://github.com/advisories/GHSA-q5cv-5vf6-95gp