Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
To mitigate this flaw, developers should not allow untrusted regular expressions to be compiled by the Perl regular expression compiler.