Vulnerability in Oalders Http::date
CVE-2026-14741
HTTP::Date versions before 6.08 for Perl allow CPU exhaustion via polynomial regex backtracking in parse_date. parse_date() matches the date string against a chain of alternative regexes, and str2time() delegates to it. Several of these p…
Vulnerability class: ReDoS (Regular Expression Denial of Service)
Affected products
- Oalders Http::date — versions 0
Weakness classification (CWE)
References
- 9b29abf9-4ab0-4765-b253-1875cd9b441e (patch)
- 9b29abf9-4ab0-4765-b253-1875cd9b441e (issue-tracking)
- 9b29abf9-4ab0-4765-b253-1875cd9b441e (release-notes)
- af854a3a-2127-422b-91ae-364da2661108