HTML::Bare versions through 0.04 for Perl will hang in an infinite loop when parsing malformed attributes.

The parserc_parse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever.

Nameless attributes such as "<a ='c'>" or unbalanced quotes "<a b='''''''c'>" can trigger this condition.

Note that the latest version available on CPAN is version 0.02. Newer versions are available on the git repository.

Project Subscriptions

No data.

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.


Workaround

Apply the patch.

History

Thu, 16 Jul 2026 16:30:00 +0000

Type Values Removed Values Added
Description HTML::Bare versions through 0.04 for Perl will hang in an infinite loop when parsing malformed attributes. The parserc_parse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever. Nameless attributes such as "<a ='c'>" or unbalanced quotes "<a b='''''''c'>" can trigger this condition. Note that the latest version available on CPAN is version 0.02. Newer versions are available on the git repository.
Title HTML::Bare versions through 0.04 for Perl will hang in an infinite loop when parsing malformed attributes
Weaknesses CWE-835
References

Projects

Sign in to view the affected projects.

cve-icon MITRE

Status: PUBLISHED

Assigner: CPANSec

Published:

Updated: 2026-07-16T16:14:14.891Z

Reserved: 2026-06-26T08:25:15.552Z

Link: CVE-2026-13397

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.

Weaknesses