🟠 High  |  Source: Microsoft Security Response Center


A integer overflow vulnerability in Perl versions up to and including 5.43.10 can trigger an out-of-bounds heap read in the pack and unpack functions. An attacker who can influence the data or structures processed by these functions may be able to read sensitive memory contents or cause a crash. This affects any Azure-hosted workloads or services that use vulnerable Perl versions for data serialisation or processing.

Security Architect’s Take: Audit Azure workloads, container images, and pipelines that use Perl and ensure they are updated beyond version 5.43.10 once a patched release is available. Pay particular attention to any internet-facing services or data processing pipelines that invoke pack or unpack with untrusted input, as these represent the highest-risk attack surface.

Original advisory: CVE-2026-57432 Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack