| Name | CVE-2026-46739 |
| Description | Net::Statsd versions before 0.13 for Perl allow metric injections. Th ... |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| libnet-statsd-perl (PTS) | bullseye | 0.12-1.1 | vulnerable |
| bookworm | 0.12-3 | vulnerable |
| trixie | 0.12-4 | vulnerable |
| forky, sid | 0.12-5 | vulnerable |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| libnet-statsd-perl | source | (unstable) | (unfixed) | | | |
Notes
https://lists.security.metacpan.org/cve-announce/msg/40702251/
https://github.com/cosimo/perl5-net-statsd/pull/10
Fixed by: https://github.com/cosimo/perl5-net-statsd/commit/a10b10173d6751991b7ade14b86dd272439d2283 (0.13)
Testcase: https://github.com/cosimo/perl5-net-statsd/commit/583dfdf0385120768d6cfca7264a6ebf337ff377 (0.13)