A heap buffer overflow vulnerability exists in Perl versions up to and including 5.43.10, triggered when the interpreter compiles regular expressions containing repeated fixed strings on 32-bit builds. This type of memory corruption flaw can potentially be exploited to crash applications or, in worst-case scenarios, execute arbitrary code. Any Azure workloads or services running 32-bit Perl environments are potentially at risk.

Security Architect’s Take: Audit your Azure workloads and container images for 32-bit Perl installations at version 5.43.10 or below, and prioritise patching or rebuilding on 64-bit runtimes where possible. If immediate patching isn’t feasible, consider restricting untrusted regex input paths and applying network-level controls to limit exposure.

Original advisory: CVE-2026-8376 Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds