Updated 6 October 2025 (updated fix versions)
First published 23 June 2025
CVSS 3.1: 8.6 (High)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Summary
A security vulnerability has been found in Perl, a scripting language used in IGEL OS. This affects the following product versions:
-
IGEL OS 12
-
IGEL OS 11
Details
A heap buffer overflow vulnerability was discovered in how Perl handles non-ASCII bytes in the left-hand-side of the ‘tr’ operator. This can crash the process and potentially enable code execution. It is tracked as CVE-2024-56406 and rated as high.
Update Instructions
-
OS 12: Update to IGEL OS 12.7.2.
-
OS 11: Update to IGEL OS 11.11.100 when available (planned for end of November).
References
-
CVE-2024-56406: https://www.cve.org/CVERecord?id=CVE-2024-56406