Perl before 5.30.3 has an integer overflow related to mishandling of a “PL_regkind[OP(n)] == NOTHING” situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
To mitigate this flaw, developers should not allow untrusted regular expressions to be compiled by the Perl regular expression compiler.