CVE-2026-8829 in HTML::Entitiesinfo

Summary

by MITRE • 06/04/2026

HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities.

The XS routine backing HTML::Entities::_decode_entities cached a pointer (repl) into the entity-value SV returned by hv_fetch on the entity2char hash. When the input SV was identical to a value SV in that hash, and that value contained its own key as an entity reference, a later call to grow_gap() reallocated the SV's PV buffer and freed the backing allocation that repl still pointed into. The subsequent copy loop read repl_len bytes from the freed allocation.

The read may disclose adjacent heap contents into the destination SV.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsible

CPANSec

Reservation

05/18/2026

Disclosure

06/04/2026

Moderation

accepted

Entry

VDB-368242

CPE

ready

CWE

CWE-416 (confirmed)

CVSS

7.3 (VulDB)

EPSS

0.00017

KEV

Activities

medium

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-8829
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-8829
CVE Details	https://www.cvedetails.com/cve/CVE-2026-8829/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!