Because of its design, the Perl language is immune to these attacks and to buffer overflow attacks. However, a bug in the Perl interpreter could lead to a buffer overflow;

This is not exactly true. Think of a perl extension, which is written in C or C++ or any other language which suffers from those "traditional" buffer-overflow problems. Those could bring the problem of buffer overflow attacks to your perl application, even if perl is theoretically immune to such attacks.

This is why I usually prefer pure-perl implementations when I choose to use a module from CPAN. At least as long as performance doesn't suffer too much.

Cheers, Flo