Vulnerabilites related to perl - perl
CVE-2012-1151 (GCVE-0-2012-1151)
Vulnerability from cvelistv5
Published
2012-09-09 21:00
Modified
2024-08-06 18:45
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120309 Re: CVE Request -- libdbd-pg-perl / perl-DBD-Pg \u0026\u0026 libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/10/4"
},
{
"name": "MDVSA-2012:112",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:112"
},
{
"name": "dbdpg-pgwarn-format-string(73854)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73854"
},
{
"name": "48307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48307"
},
{
"name": "RHSA-2012:1116",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1116.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=801733"
},
{
"name": "[oss-security] 20120309 CVE Request -- libdbd-pg-perl / perl-DBD-Pg \u0026\u0026 libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/09/6"
},
{
"name": "48319",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48319"
},
{
"name": "dbdpg-dbdstprepare-format-string(73855)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73855"
},
{
"name": "GLSA-201204-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201204-08.xml"
},
{
"name": "DSA-2431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2431"
},
{
"name": "48824",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48824"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=75642"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120309 Re: CVE Request -- libdbd-pg-perl / perl-DBD-Pg \u0026\u0026 libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/10/4"
},
{
"name": "MDVSA-2012:112",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:112"
},
{
"name": "dbdpg-pgwarn-format-string(73854)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73854"
},
{
"name": "48307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48307"
},
{
"name": "RHSA-2012:1116",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1116.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=801733"
},
{
"name": "[oss-security] 20120309 CVE Request -- libdbd-pg-perl / perl-DBD-Pg \u0026\u0026 libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/09/6"
},
{
"name": "48319",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48319"
},
{
"name": "dbdpg-dbdstprepare-format-string(73855)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73855"
},
{
"name": "GLSA-201204-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201204-08.xml"
},
{
"name": "DSA-2431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2431"
},
{
"name": "48824",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48824"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=75642"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1151",
"datePublished": "2012-09-09T21:00:00",
"dateReserved": "2012-02-14T00:00:00",
"dateUpdated": "2024-08-06T18:45:27.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1927 (GCVE-0-2008-1927)
Vulnerability from cvelistv5
Published
2008-04-23 17:00
Modified
2024-08-07 08:41
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:41:00.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm"
},
{
"name": "ADV-2008-2424",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2424"
},
{
"name": "31328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31328"
},
{
"name": "FEDORA-2008-3399",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00607.html"
},
{
"name": "44588",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/44588"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"name": "33937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33937"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156"
},
{
"name": "RHSA-2008:0532",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0532.html"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31687"
},
{
"name": "perl-utf8-dos(41996)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41996"
},
{
"name": "USN-700-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"name": "oval:org.mitre.oval:def:10579",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10579"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "29948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29948"
},
{
"name": "APPLE-SA-2009-02-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "GLSA-200805-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-17.xml"
},
{
"name": "1020253",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020253"
},
{
"name": "ADV-2008-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2361"
},
{
"name": "31467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31467"
},
{
"name": "RHSA-2008:0522",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0522.html"
},
{
"name": "FEDORA-2008-3392",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00601.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm"
},
{
"name": "33314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33314"
},
{
"name": "ADV-2009-0422",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"name": "31604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31604"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792"
},
{
"name": "28928",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28928"
},
{
"name": "20090120 rPSA-2009-0011-1 perl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"name": "30624",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30624"
},
{
"name": "30025",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30025"
},
{
"name": "USN-700-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"name": "30326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30326"
},
{
"name": "MDVSA-2008:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:100"
},
{
"name": "DSA-1556",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1556"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=41"
},
{
"name": "31208",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31208"
},
{
"name": "ADV-2008-2265",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2265/references"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm"
},
{
"name": "ADV-2008-2424",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2424"
},
{
"name": "31328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31328"
},
{
"name": "FEDORA-2008-3399",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00607.html"
},
{
"name": "44588",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/44588"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"name": "33937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33937"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156"
},
{
"name": "RHSA-2008:0532",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0532.html"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31687"
},
{
"name": "perl-utf8-dos(41996)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41996"
},
{
"name": "USN-700-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"name": "oval:org.mitre.oval:def:10579",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10579"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "29948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29948"
},
{
"name": "APPLE-SA-2009-02-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "GLSA-200805-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-17.xml"
},
{
"name": "1020253",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020253"
},
{
"name": "ADV-2008-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2361"
},
{
"name": "31467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31467"
},
{
"name": "RHSA-2008:0522",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0522.html"
},
{
"name": "FEDORA-2008-3392",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00601.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm"
},
{
"name": "33314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33314"
},
{
"name": "ADV-2009-0422",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"name": "31604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31604"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792"
},
{
"name": "28928",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28928"
},
{
"name": "20090120 rPSA-2009-0011-1 perl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"name": "30624",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30624"
},
{
"name": "30025",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30025"
},
{
"name": "USN-700-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"name": "30326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30326"
},
{
"name": "MDVSA-2008:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:100"
},
{
"name": "DSA-1556",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1556"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=41"
},
{
"name": "31208",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31208"
},
{
"name": "ADV-2008-2265",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2265/references"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2008:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm"
},
{
"name": "ADV-2008-2424",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2424"
},
{
"name": "31328",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31328"
},
{
"name": "FEDORA-2008-3399",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00607.html"
},
{
"name": "44588",
"refsource": "OSVDB",
"url": "http://osvdb.org/44588"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0011",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"name": "33937",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33937"
},
{
"name": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156",
"refsource": "MISC",
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156"
},
{
"name": "RHSA-2008:0532",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0532.html"
},
{
"name": "31687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31687"
},
{
"name": "perl-utf8-dos(41996)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41996"
},
{
"name": "USN-700-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"name": "oval:org.mitre.oval:def:10579",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10579"
},
{
"name": "http://support.apple.com/kb/HT3438",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "29948",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29948"
},
{
"name": "APPLE-SA-2009-02-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "GLSA-200805-17",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-17.xml"
},
{
"name": "1020253",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020253"
},
{
"name": "ADV-2008-2361",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2361"
},
{
"name": "31467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31467"
},
{
"name": "RHSA-2008:0522",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0522.html"
},
{
"name": "FEDORA-2008-3392",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00601.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm"
},
{
"name": "33314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33314"
},
{
"name": "ADV-2009-0422",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"name": "31604",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31604"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792"
},
{
"name": "28928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28928"
},
{
"name": "20090120 rPSA-2009-0011-1 perl",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"name": "30624",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30624"
},
{
"name": "30025",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30025"
},
{
"name": "USN-700-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"name": "30326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30326"
},
{
"name": "MDVSA-2008:100",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:100"
},
{
"name": "DSA-1556",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1556"
},
{
"name": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=41",
"refsource": "CONFIRM",
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=41"
},
{
"name": "31208",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31208"
},
{
"name": "ADV-2008-2265",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2265/references"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1927",
"datePublished": "2008-04-23T17:00:00",
"dateReserved": "2008-04-23T00:00:00",
"dateUpdated": "2024-08-07T08:41:00.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0663 (GCVE-0-2009-0663)
Vulnerability from cvelistv5
Published
2009-04-30 20:00
Modified
2024-08-07 04:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2009:1067",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1067.html"
},
{
"name": "libdbdpgperl-unspecified-bo(50467)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50467"
},
{
"name": "34755",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34755"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.net/bugs/cve/2009-0663"
},
{
"name": "34909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34909"
},
{
"name": "RHSA-2009:0479",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0479.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "oval:org.mitre.oval:def:9499",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9499"
},
{
"name": "DSA-1780",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1780"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "35058",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2009:1067",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1067.html"
},
{
"name": "libdbdpgperl-unspecified-bo(50467)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50467"
},
{
"name": "34755",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34755"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.net/bugs/cve/2009-0663"
},
{
"name": "34909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34909"
},
{
"name": "RHSA-2009:0479",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0479.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "oval:org.mitre.oval:def:9499",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9499"
},
{
"name": "DSA-1780",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1780"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "35058",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35058"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2009:1067",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1067.html"
},
{
"name": "libdbdpgperl-unspecified-bo(50467)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50467"
},
{
"name": "34755",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34755"
},
{
"name": "http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz",
"refsource": "CONFIRM",
"url": "http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz"
},
{
"name": "https://launchpad.net/bugs/cve/2009-0663",
"refsource": "MISC",
"url": "https://launchpad.net/bugs/cve/2009-0663"
},
{
"name": "34909",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34909"
},
{
"name": "RHSA-2009:0479",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0479.html"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "oval:org.mitre.oval:def:9499",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9499"
},
{
"name": "DSA-1780",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1780"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "35058",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35058"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0663",
"datePublished": "2009-04-30T20:00:00",
"dateReserved": "2009-02-22T00:00:00",
"dateUpdated": "2024-08-07T04:40:05.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4777 (GCVE-0-2010-4777)
Vulnerability from cvelistv5
Published
2014-02-10 17:00
Modified
2024-08-07 03:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "[Postfixbuch-users] 20110222 proxy-reject: END-OF-MESSAGE: 451 4.3.0\tError: queue file write error",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694166"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forums.ocsinventory-ng.org/viewtopic.php?id=7215"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=76538"
},
{
"name": "openSUSE-SU-2011:0479",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-10T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "[Postfixbuch-users] 20110222 proxy-reject: END-OF-MESSAGE: 451 4.3.0\tError: queue file write error",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694166"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forums.ocsinventory-ng.org/viewtopic.php?id=7215"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=76538"
},
{
"name": "openSUSE-SU-2011:0479",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2011:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "[Postfixbuch-users] 20110222 proxy-reject: END-OF-MESSAGE: 451 4.3.0\tError: queue file write error",
"refsource": "MLIST",
"url": "https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=694166",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694166"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836"
},
{
"name": "http://forums.ocsinventory-ng.org/viewtopic.php?id=7215",
"refsource": "MISC",
"url": "http://forums.ocsinventory-ng.org/viewtopic.php?id=7215"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=76538",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=76538"
},
{
"name": "openSUSE-SU-2011:0479",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4777",
"datePublished": "2014-02-10T17:00:00",
"dateReserved": "2011-03-28T00:00:00",
"dateUpdated": "2024-08-07T03:55:35.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0761 (GCVE-0-2011-0761)
Vulnerability from cvelistv5
Published
2011-05-13 17:00
Modified
2024-08-06 22:05
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:53.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.toucan-system.com/advisories/tssa-2011-03.txt"
},
{
"name": "8248",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8248"
},
{
"name": "1025507",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025507"
},
{
"name": "perl-functions-dos(67355)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67355"
},
{
"name": "47766",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47766"
},
{
"name": "20110509 TSSA-2011-03 - Perl : multiple functions null pointer dereference uppon parameters injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517916/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.toucan-system.com/advisories/tssa-2011-03.txt"
},
{
"name": "8248",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8248"
},
{
"name": "1025507",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025507"
},
{
"name": "perl-functions-dos(67355)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67355"
},
{
"name": "47766",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47766"
},
{
"name": "20110509 TSSA-2011-03 - Perl : multiple functions null pointer dereference uppon parameters injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517916/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-0761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.toucan-system.com/advisories/tssa-2011-03.txt",
"refsource": "MISC",
"url": "http://www.toucan-system.com/advisories/tssa-2011-03.txt"
},
{
"name": "8248",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8248"
},
{
"name": "1025507",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025507"
},
{
"name": "perl-functions-dos(67355)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67355"
},
{
"name": "47766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47766"
},
{
"name": "20110509 TSSA-2011-03 - Perl : multiple functions null pointer dereference uppon parameters injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517916/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-0761",
"datePublished": "2011-05-13T17:00:00",
"dateReserved": "2011-02-03T00:00:00",
"dateUpdated": "2024-08-06T22:05:53.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2939 (GCVE-0-2011-2939)
Vulnerability from cvelistv5
Published
2012-01-13 18:00
Modified
2024-08-06 23:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:31.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46989",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46989"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55314"
},
{
"name": "USN-1643-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"name": "49858",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49858"
},
{
"name": "[oss-security] 20110818 CVE request: heap overflow in perl while decoding Unicode string",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/18/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5"
},
{
"name": "46172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46172"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=731246"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_%28CVE-2011-2939%29"
},
{
"name": "MDVSA-2012:008",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:008"
},
{
"name": "RHSA-2011:1424",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1424.html"
},
{
"name": "[oss-security] 20110819 Re: CVE request: heap overflow in perl while decoding Unicode string",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/19/17"
},
{
"name": "51457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51457"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-17T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "46989",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46989"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55314"
},
{
"name": "USN-1643-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"name": "49858",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49858"
},
{
"name": "[oss-security] 20110818 CVE request: heap overflow in perl while decoding Unicode string",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/18/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5"
},
{
"name": "46172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46172"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=731246"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_%28CVE-2011-2939%29"
},
{
"name": "MDVSA-2012:008",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:008"
},
{
"name": "RHSA-2011:1424",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1424.html"
},
{
"name": "[oss-security] 20110819 Re: CVE request: heap overflow in perl while decoding Unicode string",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/19/17"
},
{
"name": "51457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51457"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2939",
"datePublished": "2012-01-13T18:00:00",
"dateReserved": "2011-07-27T00:00:00",
"dateUpdated": "2024-08-06T23:15:31.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7422 (GCVE-0-2013-7422)
Vulnerability from cvelistv5
Published
2015-08-16 23:00
Modified
2024-08-06 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:16.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06"
},
{
"name": "GLSA-201507-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201507-11"
},
{
"name": "USN-2916-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "75704",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75704"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06"
},
{
"name": "GLSA-201507-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201507-11"
},
{
"name": "USN-2916-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "75704",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75704"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-7422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06"
},
{
"name": "GLSA-201507-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-11"
},
{
"name": "USN-2916-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "75704",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75704"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-7422",
"datePublished": "2015-08-16T23:00:00",
"dateReserved": "2015-01-27T00:00:00",
"dateUpdated": "2024-08-06T18:09:16.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-4363 (GCVE-0-2011-4363)
Vulnerability from cvelistv5
Published
2012-10-07 21:00
Modified
2024-09-16 22:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20111130 CVE request: Proc::ProcessTable perl module",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/30/2"
},
{
"name": "50868",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50868"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4363"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500"
},
{
"name": "47015",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47015"
},
{
"name": "[oss-security] 20111130 Re: CVE request: Proc::ProcessTable perl module",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/30/3"
},
{
"name": "77428",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/77428"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=72862"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-07T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20111130 CVE request: Proc::ProcessTable perl module",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/30/2"
},
{
"name": "50868",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50868"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4363"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500"
},
{
"name": "47015",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47015"
},
{
"name": "[oss-security] 20111130 Re: CVE request: Proc::ProcessTable perl module",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/30/3"
},
{
"name": "77428",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/77428"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=72862"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20111130 CVE request: Proc::ProcessTable perl module",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/11/30/2"
},
{
"name": "50868",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50868"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4363",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4363"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500"
},
{
"name": "47015",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47015"
},
{
"name": "[oss-security] 20111130 Re: CVE request: Proc::ProcessTable perl module",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/11/30/3"
},
{
"name": "77428",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77428"
},
{
"name": "https://rt.cpan.org/Public/Bug/Display.html?id=72862",
"refsource": "CONFIRM",
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=72862"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4363",
"datePublished": "2012-10-07T21:00:00Z",
"dateReserved": "2011-11-04T00:00:00Z",
"dateUpdated": "2024-09-16T22:14:01.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-56406 (GCVE-0-2024-56406)
Vulnerability from cvelistv5
Published
2025-04-13 13:16
Modified
2025-04-18 16:50
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A heap buffer overflow vulnerability was discovered in Perl.
Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10.
When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.
$ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;'
Segmentation fault (core dumped)
It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-04-13T22:02:35.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/13/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/13/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/04/13/5"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-56406",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-18T16:49:08.301269Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T16:50:29.834Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "perl",
"product": "perl",
"programFiles": [
"op.c"
],
"programRoutines": [
{
"name": "S_pmtrans"
},
{
"name": "tr"
}
],
"repo": "https://github.com/Perl/perl5/",
"vendor": "perl",
"versions": [
{
"lessThanOrEqual": "5.41.10",
"status": "affected",
"version": "5.41.0",
"versionType": "custom"
},
{
"lessThan": "5.40.2-RC1",
"status": "affected",
"version": "5.39.0",
"versionType": "custom"
},
{
"lessThan": "5.38.4-RC1",
"status": "affected",
"version": "5.33.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Nathan Mills"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A heap buffer overflow vulnerability was discovered in Perl. \u003cbr\u003e\u003cbr\u003eRelease branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10.\u003cbr\u003e\u003cbr\u003eWhen there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.\u003cbr\u003e\u003cbr\u003e\u003ctt\u003e\u0026nbsp; \u0026nbsp;$ perl -e \u0027$_ = \"\\x{FF}\" x 1000000; tr/\\xFF/\\x{100}/;\u0027 \u003cbr\u003e\u0026nbsp; \u0026nbsp;Segmentation fault (core dumped)\u003c/tt\u003e\u003cbr\u003e\u003cbr\u003eIt is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "A heap buffer overflow vulnerability was discovered in Perl. \n\nRelease branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10.\n\nWhen there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.\n\n\u00a0 \u00a0$ perl -e \u0027$_ = \"\\x{FF}\" x 1000000; tr/\\xFF/\\x{100}/;\u0027 \n\u00a0 \u00a0Segmentation fault (core dumped)\n\nIt is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-13T19:29:56.569Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/Perl/perl5/commit/87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd.patch"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/SHAY/perl-5.38.4/changes"
},
{
"tags": [
"release-notes"
],
"url": "https://metacpan.org/release/SHAY/perl-5.40.2/changes"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Users should update perl to 5.40.2 or 5.38.4, or apply the upstream patch provided in the References section.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "Users should update perl to 5.40.2 or 5.38.4, or apply the upstream patch provided in the References section."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2024-56406",
"datePublished": "2025-04-13T13:16:09.841Z",
"dateReserved": "2024-12-23T02:07:38.152Z",
"dateUpdated": "2025-04-18T16:50:29.834Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10878 (GCVE-0-2020-10878)
Vulnerability from cvelistv5
Published
2020-06-05 13:27
Modified
2024-08-04 11:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:15.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-202006-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"name": "FEDORA-2020-fd73c08076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"name": "openSUSE-SU-2020:0850",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:20:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-202006-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"name": "FEDORA-2020-fd73c08076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"name": "openSUSE-SU-2020:0850",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-202006-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"name": "FEDORA-2020-fd73c08076",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"name": "openSUSE-SU-2020:0850",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3",
"refsource": "CONFIRM",
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"name": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod",
"refsource": "CONFIRM",
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200611-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"name": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8",
"refsource": "CONFIRM",
"url": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8"
},
{
"name": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c",
"refsource": "CONFIRM",
"url": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10878",
"datePublished": "2020-06-05T13:27:22",
"dateReserved": "2020-03-23T00:00:00",
"dateUpdated": "2024-08-04T11:14:15.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12837 (GCVE-0-2017-12837)
Vulnerability from cvelistv5
Published
2017-09-19 18:00
Modified
2024-08-05 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:06.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3982",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"name": "100860",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100860"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492091"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131582"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a \u0027\\N{}\u0027 escape and the case-insensitive modifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3982",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"name": "100860",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100860"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492091"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131582"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a \u0027\\N{}\u0027 escape and the case-insensitive modifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3982",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"name": "100860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100860"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180426-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1492091",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492091"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=131582",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131582"
},
{
"name": "https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12837",
"datePublished": "2017-09-19T18:00:00",
"dateReserved": "2017-08-11T00:00:00",
"dateUpdated": "2024-08-05T18:51:06.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6798 (GCVE-0-2018-6798)
Vulnerability from cvelistv5
Published
2018-04-17 20:00
Modified
2024-08-05 06:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:1192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1192"
},
{
"name": "1040681",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040681"
},
{
"name": "USN-3625-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"name": "DSA-4172",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=132063"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2018:1192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1192"
},
{
"name": "1040681",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040681"
},
{
"name": "USN-3625-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"name": "DSA-4172",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=132063"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:1192",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1192"
},
{
"name": "1040681",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040681"
},
{
"name": "USN-3625-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"name": "DSA-4172",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"name": "GLSA-201909-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=132063",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=132063"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6798",
"datePublished": "2018-04-17T20:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:11.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2728 (GCVE-0-2011-2728)
Vulnerability from cvelistv5
Published
2012-12-21 02:00
Modified
2024-08-06 23:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1"
},
{
"name": "FEDORA-2011-15484",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html"
},
{
"name": "49858",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49858"
},
{
"name": "46172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46172"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742987"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-21T02:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1"
},
{
"name": "FEDORA-2011-15484",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html"
},
{
"name": "49858",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49858"
},
{
"name": "46172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46172"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742987"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2728",
"datePublished": "2012-12-21T02:00:00Z",
"dateReserved": "2011-07-11T00:00:00Z",
"dateUpdated": "2024-08-06T23:08:23.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-6329 (GCVE-0-2012-6329)
Vulnerability from cvelistv5
Published
2013-01-04 21:00
Modified
2024-08-06 21:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "MDVSA-2013:113",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"name": "[foswiki-announce] 20121212 Security Alert CVE-2012-6329: Foswiki MAKETEXT Variable Allows Arbitrary Shell Command Execution",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod"
},
{
"name": "[perl5-porters] 20121205 Re: security notice: Locale::Maketext",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://code.activestate.com/lists/perl5-porters/187763/"
},
{
"name": "[oss-security] 20121211 Re: CVE request: perl-modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/12/11/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032"
},
{
"name": "USN-2099-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2099-1"
},
{
"name": "[perl5-porters] 20121205 security notice: Locale::Maketext",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://code.activestate.com/lists/perl5-porters/187746/"
},
{
"name": "RHSA-2013:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"name": "56950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56950"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "MDVSA-2013:113",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"name": "[foswiki-announce] 20121212 Security Alert CVE-2012-6329: Foswiki MAKETEXT Variable Allows Arbitrary Shell Command Execution",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod"
},
{
"name": "[perl5-porters] 20121205 Re: security notice: Locale::Maketext",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://code.activestate.com/lists/perl5-porters/187763/"
},
{
"name": "[oss-security] 20121211 Re: CVE request: perl-modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/12/11/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032"
},
{
"name": "USN-2099-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2099-1"
},
{
"name": "[perl5-porters] 20121205 security notice: Locale::Maketext",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://code.activestate.com/lists/perl5-porters/187746/"
},
{
"name": "RHSA-2013:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"name": "56950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56950"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "MDVSA-2013:113",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"name": "[foswiki-announce] 20121212 Security Alert CVE-2012-6329: Foswiki MAKETEXT Variable Allows Arbitrary Shell Command Execution",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"name": "http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8"
},
{
"name": "http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod"
},
{
"name": "[perl5-porters] 20121205 Re: security notice: Locale::Maketext",
"refsource": "MLIST",
"url": "http://code.activestate.com/lists/perl5-porters/187763/"
},
{
"name": "[oss-security] 20121211 Re: CVE request: perl-modules",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/12/11/4"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=884354",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884354"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032"
},
{
"name": "USN-2099-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2099-1"
},
{
"name": "[perl5-porters] 20121205 security notice: Locale::Maketext",
"refsource": "MLIST",
"url": "http://code.activestate.com/lists/perl5-porters/187746/"
},
{
"name": "RHSA-2013:0685",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"name": "56950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56950"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6329",
"datePublished": "2013-01-04T21:00:00",
"dateReserved": "2012-12-10T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5303 (GCVE-0-2008-5303)
Vulnerability from cvelistv5
Published
2008-12-01 17:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32980",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32980"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"name": "DSA-1678",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1678"
},
{
"name": "USN-700-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"name": "[oss-security] 20081128 Re: [oss-security] CVE Request - cups, dovecot-managesieve, perl, wireshark",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/2"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905"
},
{
"name": "oval:org.mitre.oval:def:6680",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6680"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "33314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33314"
},
{
"name": "oval:org.mitre.oval:def:9699",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9699"
},
{
"name": "20090120 rPSA-2009-0011-1 perl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"name": "USN-700-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "40052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40052"
},
{
"name": "RHSA-2010:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"name": "filepath-rmtree-symlink(47044)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47044"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gossamer-threads.com/lists/perl/porters/233695#233695"
},
{
"name": "MDVSA-2010:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32980",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32980"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"name": "DSA-1678",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1678"
},
{
"name": "USN-700-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"name": "[oss-security] 20081128 Re: [oss-security] CVE Request - cups, dovecot-managesieve, perl, wireshark",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/2"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905"
},
{
"name": "oval:org.mitre.oval:def:6680",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6680"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "33314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33314"
},
{
"name": "oval:org.mitre.oval:def:9699",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9699"
},
{
"name": "20090120 rPSA-2009-0011-1 perl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"name": "USN-700-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "40052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40052"
},
{
"name": "RHSA-2010:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"name": "filepath-rmtree-symlink(47044)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47044"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gossamer-threads.com/lists/perl/porters/233695#233695"
},
{
"name": "MDVSA-2010:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32980",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32980"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0011",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"name": "DSA-1678",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1678"
},
{
"name": "USN-700-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"name": "[oss-security] 20081128 Re: [oss-security] CVE Request - cups, dovecot-managesieve, perl, wireshark",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/2"
},
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905"
},
{
"name": "oval:org.mitre.oval:def:6680",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6680"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "33314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33314"
},
{
"name": "oval:org.mitre.oval:def:9699",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9699"
},
{
"name": "20090120 rPSA-2009-0011-1 perl",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"name": "USN-700-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "40052",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40052"
},
{
"name": "RHSA-2010:0458",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"name": "filepath-rmtree-symlink(47044)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47044"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"name": "http://www.gossamer-threads.com/lists/perl/porters/233695#233695",
"refsource": "MISC",
"url": "http://www.gossamer-threads.com/lists/perl/porters/233695#233695"
},
{
"name": "MDVSA-2010:116",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5303",
"datePublished": "2008-12-01T17:00:00",
"dateReserved": "2008-12-01T00:00:00",
"dateUpdated": "2024-08-07T10:49:12.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1487 (GCVE-0-2011-1487)
Vulnerability from cvelistv5
Published
2011-04-11 18:00
Modified
2024-08-06 22:28
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=692844"
},
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "FEDORA-2011-4610",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html"
},
{
"name": "44168",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44168"
},
{
"name": "43921",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43921"
},
{
"name": "DSA-2265",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2265"
},
{
"name": "FEDORA-2011-4631",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336"
},
{
"name": "47124",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47124"
},
{
"name": "[oss-security] 20110404 Re: CVE Request -- perl -- lc(), uc() routines are laundering tainted data",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/04/35"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=692898"
},
{
"name": "MDVSA-2011:091",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:091"
},
{
"name": "perl-laundering-security-bypass(66528)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66528"
},
{
"name": "[oss-security] 20110401 CVE Request -- perl -- lc(), uc() routines are laundering tainted data",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/01/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=692844"
},
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "FEDORA-2011-4610",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html"
},
{
"name": "44168",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44168"
},
{
"name": "43921",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43921"
},
{
"name": "DSA-2265",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2265"
},
{
"name": "FEDORA-2011-4631",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336"
},
{
"name": "47124",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47124"
},
{
"name": "[oss-security] 20110404 Re: CVE Request -- perl -- lc(), uc() routines are laundering tainted data",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/04/35"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=692898"
},
{
"name": "MDVSA-2011:091",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:091"
},
{
"name": "perl-laundering-security-bypass(66528)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66528"
},
{
"name": "[oss-security] 20110401 CVE Request -- perl -- lc(), uc() routines are laundering tainted data",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/01/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1487",
"datePublished": "2011-04-11T18:00:00",
"dateReserved": "2011-03-21T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1884 (GCVE-0-2009-1884)
Vulnerability from cvelistv5
Published
2009-08-19 17:00
Modified
2024-08-07 05:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36415"
},
{
"name": "FEDORA-2009-8888",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00999.html"
},
{
"name": "FEDORA-2009-8868",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00982.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=518278"
},
{
"name": "36082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36082"
},
{
"name": "36386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36386"
},
{
"name": "GLSA-200908-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200908-07.xml"
},
{
"name": "compressrawbzip2-bzinflate-dos(52628)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52628"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=281955"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "36415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36415"
},
{
"name": "FEDORA-2009-8888",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00999.html"
},
{
"name": "FEDORA-2009-8868",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00982.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=518278"
},
{
"name": "36082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36082"
},
{
"name": "36386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36386"
},
{
"name": "GLSA-200908-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200908-07.xml"
},
{
"name": "compressrawbzip2-bzinflate-dos(52628)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52628"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=281955"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-1884",
"datePublished": "2009-08-19T17:00:00",
"dateReserved": "2009-06-02T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47100 (GCVE-0-2023-47100)
Vulnerability from cvelistv5
Published
2023-12-02 00:00
Modified
2025-06-30 16:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-47100",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-28T17:21:28.413159Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755 Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T16:17:21.753Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \\p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T04:19:29.157Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3"
},
{
"url": "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6"
},
{
"url": "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47100",
"datePublished": "2023-12-02T00:00:00.000Z",
"dateReserved": "2023-10-30T00:00:00.000Z",
"dateUpdated": "2025-06-30T16:17:21.753Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18314 (GCVE-0-2018-18314)
Vulnerability from cvelistv5
Published
2018-12-07 21:00
Modified
2024-08-05 11:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4347",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"name": "106145",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106145"
},
{
"name": "1042181",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"name": "RHSA-2019:0010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"name": "FEDORA-2018-9dbe983805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"name": "RHSA-2019:0001",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"name": "USN-3834-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646751"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Ticket/Display.html?id=131649"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4347",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"name": "106145",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106145"
},
{
"name": "1042181",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"name": "RHSA-2019:0010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"name": "FEDORA-2018-9dbe983805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"name": "RHSA-2019:0001",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"name": "USN-3834-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646751"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Ticket/Display.html?id=131649"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4347",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"name": "106145",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106145"
},
{
"name": "1042181",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042181"
},
{
"name": "RHSA-2019:0010",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"name": "FEDORA-2018-9dbe983805",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"name": "RHSA-2019:0001",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"name": "USN-3834-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"name": "GLSA-201909-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190221-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"name": "https://metacpan.org/changes/release/SHAY/perl-5.26.3",
"refsource": "CONFIRM",
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"name": "https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f",
"refsource": "CONFIRM",
"url": "https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1646751",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646751"
},
{
"name": "https://rt.perl.org/Ticket/Display.html?id=131649",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Ticket/Display.html?id=131649"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18314",
"datePublished": "2018-12-07T21:00:00",
"dateReserved": "2018-10-14T00:00:00",
"dateUpdated": "2024-08-05T11:08:21.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-4330 (GCVE-0-2014-4330)
Vulnerability from cvelistv5
Published
2014-09-30 16:00
Modified
2024-08-06 11:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:12:34.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128422/Perl-5.20.1-Deep-Recursion-Stack-Overflow.html"
},
{
"name": "20140925 LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533543/100/0/threaded"
},
{
"name": "61441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61441"
},
{
"name": "FEDORA-2014-11453",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139441.html"
},
{
"name": "MDVSA-2015:136",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:136"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://metacpan.org/pod/distribution/Data-Dumper/Changes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.lsexperts.de/advisories/lse-2014-06-10.txt"
},
{
"name": "70142",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70142"
},
{
"name": "perl-cve20144330-dos(96216)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96216"
},
{
"name": "[perl.perl5.porters] 20140918 fix for CVE-2014-4330 present in blead",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2014/09/msg220118.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"name": "USN-2916-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"name": "20140925 LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/84"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0406.html"
},
{
"name": "61961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61961"
},
{
"name": "[oss-security] 20140925 LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/692"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128422/Perl-5.20.1-Deep-Recursion-Stack-Overflow.html"
},
{
"name": "20140925 LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533543/100/0/threaded"
},
{
"name": "61441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61441"
},
{
"name": "FEDORA-2014-11453",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139441.html"
},
{
"name": "MDVSA-2015:136",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:136"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://metacpan.org/pod/distribution/Data-Dumper/Changes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.lsexperts.de/advisories/lse-2014-06-10.txt"
},
{
"name": "70142",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70142"
},
{
"name": "perl-cve20144330-dos(96216)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96216"
},
{
"name": "[perl.perl5.porters] 20140918 fix for CVE-2014-4330 present in blead",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2014/09/msg220118.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"name": "USN-2916-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"name": "20140925 LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/84"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0406.html"
},
{
"name": "61961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61961"
},
{
"name": "[oss-security] 20140925 LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/692"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128422/Perl-5.20.1-Deep-Recursion-Stack-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128422/Perl-5.20.1-Deep-Recursion-Stack-Overflow.html"
},
{
"name": "20140925 LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533543/100/0/threaded"
},
{
"name": "61441",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61441"
},
{
"name": "FEDORA-2014-11453",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139441.html"
},
{
"name": "MDVSA-2015:136",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:136"
},
{
"name": "https://metacpan.org/pod/distribution/Data-Dumper/Changes",
"refsource": "CONFIRM",
"url": "https://metacpan.org/pod/distribution/Data-Dumper/Changes"
},
{
"name": "https://www.lsexperts.de/advisories/lse-2014-06-10.txt",
"refsource": "CONFIRM",
"url": "https://www.lsexperts.de/advisories/lse-2014-06-10.txt"
},
{
"name": "70142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70142"
},
{
"name": "perl-cve20144330-dos(96216)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96216"
},
{
"name": "[perl.perl5.porters] 20140918 fix for CVE-2014-4330 present in blead",
"refsource": "MLIST",
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2014/09/msg220118.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"name": "USN-2916-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"name": "20140925 LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Sep/84"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0406.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0406.html"
},
{
"name": "61961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61961"
},
{
"name": "[oss-security] 20140925 LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/692"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4330",
"datePublished": "2014-09-30T16:00:00",
"dateReserved": "2014-06-18T00:00:00",
"dateUpdated": "2024-08-06T11:12:34.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-2381 (GCVE-0-2016-2381)
Vulnerability from cvelistv5
Published
2016-04-08 15:00
Modified
2024-08-05 23:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201701-75",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "DSA-3501",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3501"
},
{
"name": "[porters] 20160301 CVE-2016-2381: duplicate environment variables",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.gossamer-threads.com/lists/perl/porters/326387"
},
{
"name": "USN-2916-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"name": "83802",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83802"
},
{
"name": "openSUSE-SU-2016:0881",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201701-75",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "DSA-3501",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3501"
},
{
"name": "[porters] 20160301 CVE-2016-2381: duplicate environment variables",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.gossamer-threads.com/lists/perl/porters/326387"
},
{
"name": "USN-2916-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"name": "83802",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83802"
},
{
"name": "openSUSE-SU-2016:0881",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201701-75",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "DSA-3501",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3501"
},
{
"name": "[porters] 20160301 CVE-2016-2381: duplicate environment variables",
"refsource": "MLIST",
"url": "http://www.gossamer-threads.com/lists/perl/porters/326387"
},
{
"name": "USN-2916-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"name": "83802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83802"
},
{
"name": "openSUSE-SU-2016:0881",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2381",
"datePublished": "2016-04-08T15:00:00",
"dateReserved": "2016-02-13T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12814 (GCVE-0-2017-12814)
Vulnerability from cvelistv5
Published
2017-09-27 17:00
Modified
2024-08-05 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:06.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101051",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101051"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131665"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "101051",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101051"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131665"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101051"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=131665",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131665"
},
{
"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180426-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12814",
"datePublished": "2017-09-27T17:00:00",
"dateReserved": "2017-08-11T00:00:00",
"dateUpdated": "2024-08-05T18:51:06.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47039 (GCVE-0-2023-47039)
Vulnerability from cvelistv5
Published
2024-01-02 05:30
Modified
2025-08-03 10:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► |
Version: 0 ≤ Version: 5.36.0 ≤ Version: 5.38.0 ≤ |
|||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-47039"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746"
},
{
"name": "RHBZ#2249525",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249525"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240208-0005/"
},
{
"tags": [
"x_transferred"
],
"url": "https://perldoc.perl.org/perl5382delta#CVE-2023-47039-Perl-for-Windows-binary-hijacking-vulnerability"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47039",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-02T20:02:55.618221Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-17T20:29:05.501Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/Perl/perl5",
"defaultStatus": "unaffected",
"packageName": "perl",
"versions": [
{
"lessThan": "5.34.3",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "5.36.3",
"status": "affected",
"version": "5.36.0",
"versionType": "semver"
},
{
"lessThan": "5.38.2",
"status": "affected",
"version": "5.38.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "perl",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "perl",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "perl",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "perl:5.30/perl",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "perl:5.32/perl",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "perl",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2023-11-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-03T10:46:34.148Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-47039"
},
{
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746"
},
{
"name": "RHBZ#2249525",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249525"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-11T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-11-25T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Perl: perl for windows binary hijacking vulnerability",
"x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-47039",
"datePublished": "2024-01-02T05:30:53.168Z",
"dateReserved": "2023-10-30T13:58:15.255Z",
"dateUpdated": "2025-08-03T10:46:34.148Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12723 (GCVE-0-2020-12723)
Vulnerability from cvelistv5
Published
2020-06-05 14:20
Modified
2024-08-04 12:04
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-202006-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"name": "FEDORA-2020-fd73c08076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"name": "openSUSE-SU-2020:0850",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Perl/perl5/issues/16947"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Perl/perl5/issues/17743"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:21:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-202006-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"name": "FEDORA-2020-fd73c08076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"name": "openSUSE-SU-2020:0850",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Perl/perl5/issues/16947"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Perl/perl5/issues/17743"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-202006-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"name": "FEDORA-2020-fd73c08076",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"name": "openSUSE-SU-2020:0850",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3",
"refsource": "CONFIRM",
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"name": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod",
"refsource": "CONFIRM",
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200611-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"name": "https://github.com/Perl/perl5/issues/16947",
"refsource": "MISC",
"url": "https://github.com/Perl/perl5/issues/16947"
},
{
"name": "https://github.com/Perl/perl5/issues/17743",
"refsource": "MISC",
"url": "https://github.com/Perl/perl5/issues/17743"
},
{
"name": "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a",
"refsource": "CONFIRM",
"url": "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12723",
"datePublished": "2020-06-05T14:20:50",
"dateReserved": "2020-05-08T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3599 (GCVE-0-2011-3599)
Vulnerability from cvelistv5
Published
2011-10-10 10:00
Modified
2024-08-06 23:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49928",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49928"
},
{
"name": "[oss-security] 20111005 Re: CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/9"
},
{
"name": "76025",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/76025"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=71421"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743567"
},
{
"name": "[oss-security] 20111005 CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/5"
},
{
"name": "46275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46275"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-19T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "49928",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49928"
},
{
"name": "[oss-security] 20111005 Re: CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/9"
},
{
"name": "76025",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/76025"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=71421"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743567"
},
{
"name": "[oss-security] 20111005 CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/5"
},
{
"name": "46275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46275"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49928"
},
{
"name": "[oss-security] 20111005 Re: CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/9"
},
{
"name": "76025",
"refsource": "OSVDB",
"url": "http://osvdb.org/76025"
},
{
"name": "https://rt.cpan.org/Public/Bug/Display.html?id=71421",
"refsource": "MISC",
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=71421"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=743567",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743567"
},
{
"name": "[oss-security] 20111005 CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/5"
},
{
"name": "46275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46275"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3599",
"datePublished": "2011-10-10T10:00:00",
"dateReserved": "2011-09-21T00:00:00",
"dateUpdated": "2024-08-06T23:37:48.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18312 (GCVE-0-2018-18312)
Vulnerability from cvelistv5
Published
2018-12-05 22:00
Modified
2024-08-05 11:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4347",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"name": "106179",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106179"
},
{
"name": "1042181",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"name": "RHSA-2019:0010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"name": "FEDORA-2018-9dbe983805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"name": "RHSA-2019:0001",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"name": "USN-3834-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.28.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646734"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=133423"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4347",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"name": "106179",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106179"
},
{
"name": "1042181",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"name": "RHSA-2019:0010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"name": "FEDORA-2018-9dbe983805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"name": "RHSA-2019:0001",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"name": "USN-3834-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.28.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646734"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=133423"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4347",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"name": "106179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106179"
},
{
"name": "1042181",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042181"
},
{
"name": "RHSA-2019:0010",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"name": "FEDORA-2018-9dbe983805",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"name": "RHSA-2019:0001",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"name": "USN-3834-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"name": "GLSA-201909-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190221-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"name": "https://metacpan.org/changes/release/SHAY/perl-5.26.3",
"refsource": "CONFIRM",
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"name": "https://metacpan.org/changes/release/SHAY/perl-5.28.1",
"refsource": "CONFIRM",
"url": "https://metacpan.org/changes/release/SHAY/perl-5.28.1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1646734",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646734"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=133423",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=133423"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18312",
"datePublished": "2018-12-05T22:00:00",
"dateReserved": "2018-10-14T00:00:00",
"dateUpdated": "2024-08-05T11:08:21.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18311 (GCVE-0-2018-18311)
Vulnerability from cvelistv5
Published
2018-12-07 21:00
Modified
2024-08-05 11:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1601-1] perl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html"
},
{
"name": "DSA-4347",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"name": "106145",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106145"
},
{
"name": "1042181",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"name": "RHSA-2019:0010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"name": "USN-3834-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3834-2/"
},
{
"name": "FEDORA-2018-9dbe983805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"name": "RHSA-2019:0001",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"name": "RHSA-2019:0109",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0109"
},
{
"name": "USN-3834-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"name": "RHBA-2019:0327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
},
{
"name": "RHSA-2019:1790",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1790"
},
{
"name": "RHSA-2019:1942",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1942"
},
{
"name": "RHSA-2019:2400",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2400"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646730"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.28.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Ticket/Display.html?id=133204"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1601-1] perl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html"
},
{
"name": "DSA-4347",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"name": "106145",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106145"
},
{
"name": "1042181",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"name": "RHSA-2019:0010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"name": "USN-3834-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3834-2/"
},
{
"name": "FEDORA-2018-9dbe983805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"name": "RHSA-2019:0001",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"name": "RHSA-2019:0109",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0109"
},
{
"name": "USN-3834-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"name": "RHBA-2019:0327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
},
{
"name": "RHSA-2019:1790",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1790"
},
{
"name": "RHSA-2019:1942",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1942"
},
{
"name": "RHSA-2019:2400",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2400"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646730"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.28.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Ticket/Display.html?id=133204"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1601-1] perl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html"
},
{
"name": "DSA-4347",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"name": "106145",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106145"
},
{
"name": "1042181",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042181"
},
{
"name": "RHSA-2019:0010",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"name": "USN-3834-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3834-2/"
},
{
"name": "FEDORA-2018-9dbe983805",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"name": "RHSA-2019:0001",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"name": "RHSA-2019:0109",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0109"
},
{
"name": "USN-3834-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"name": "RHBA-2019:0327",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
},
{
"name": "RHSA-2019:1790",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1790"
},
{
"name": "RHSA-2019:1942",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1942"
},
{
"name": "RHSA-2019:2400",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2400"
},
{
"name": "GLSA-201909-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "https://support.apple.com/kb/HT209600",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT209600"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1646730",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646730"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190221-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"name": "https://metacpan.org/changes/release/SHAY/perl-5.26.3",
"refsource": "CONFIRM",
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"name": "https://metacpan.org/changes/release/SHAY/perl-5.28.1",
"refsource": "CONFIRM",
"url": "https://metacpan.org/changes/release/SHAY/perl-5.28.1"
},
{
"name": "https://rt.perl.org/Ticket/Display.html?id=133204",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Ticket/Display.html?id=133204"
},
{
"name": "https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be",
"refsource": "CONFIRM",
"url": "https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18311",
"datePublished": "2018-12-07T21:00:00",
"dateReserved": "2018-10-14T00:00:00",
"dateUpdated": "2024-08-05T11:08:21.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-5195 (GCVE-0-2012-5195)
Vulnerability from cvelistv5
Published
2012-12-18 00:00
Modified
2024-08-06 20:58
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:58:03.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "MDVSA-2013:113",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"name": "[perl.perl5.porters] 20121010 maint-5.12, maint-5.14, and CVE-2012-5195",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55314"
},
{
"name": "USN-1643-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"name": "DSA-2586",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2586"
},
{
"name": "[oss-security] 20121026 Medium severity flaw with Perl 5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/26/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44"
},
{
"name": "56287",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56287"
},
{
"name": "[oss-security] 20121027 Re: Medium severity flaw with Perl 5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/27/1"
},
{
"name": "RHSA-2013:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "51457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51457"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the \u0027x\u0027 string repeat operator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "MDVSA-2013:113",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"name": "[perl.perl5.porters] 20121010 maint-5.12, maint-5.14, and CVE-2012-5195",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55314"
},
{
"name": "USN-1643-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"name": "DSA-2586",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2586"
},
{
"name": "[oss-security] 20121026 Medium severity flaw with Perl 5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/26/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44"
},
{
"name": "56287",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56287"
},
{
"name": "[oss-security] 20121027 Re: Medium severity flaw with Perl 5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/27/1"
},
{
"name": "RHSA-2013:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "51457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51457"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the \u0027x\u0027 string repeat operator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "MDVSA-2013:113",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"name": "[perl.perl5.porters] 20121010 maint-5.12, maint-5.14, and CVE-2012-5195",
"refsource": "MLIST",
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352"
},
{
"name": "55314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55314"
},
{
"name": "USN-1643-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"name": "DSA-2586",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2586"
},
{
"name": "[oss-security] 20121026 Medium severity flaw with Perl 5",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/26/2"
},
{
"name": "http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44"
},
{
"name": "56287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56287"
},
{
"name": "[oss-security] 20121027 Re: Medium severity flaw with Perl 5",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/27/1"
},
{
"name": "RHSA-2013:0685",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "51457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51457"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5195",
"datePublished": "2012-12-18T00:00:00",
"dateReserved": "2012-09-28T00:00:00",
"dateUpdated": "2024-08-06T20:58:03.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-48522 (GCVE-0-2022-48522)
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-03 14:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230915-0008/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48522",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T14:20:55.608211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T14:21:12.055Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T13:06:20.633841",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230915-0008/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-48522",
"datePublished": "2023-08-22T00:00:00",
"dateReserved": "2023-07-23T00:00:00",
"dateUpdated": "2024-10-03T14:21:12.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6913 (GCVE-0-2018-6913)
Vulnerability from cvelistv5
Published
2018-04-17 20:00
Modified
2024-08-05 06:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
References
| ► | URL | Tags | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3625-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3625-2/"
},
{
"name": "103953",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103953"
},
{
"name": "[debian-lts-announce] 20180414 [SECURITY] [DLA 1345-1] perl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00009.html"
},
{
"name": "1040681",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040681"
},
{
"name": "USN-3625-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"name": "DSA-4172",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131844"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3625-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3625-2/"
},
{
"name": "103953",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103953"
},
{
"name": "[debian-lts-announce] 20180414 [SECURITY] [DLA 1345-1] perl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00009.html"
},
{
"name": "1040681",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040681"
},
{
"name": "USN-3625-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"name": "DSA-4172",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131844"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3625-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3625-2/"
},
{
"name": "103953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103953"
},
{
"name": "[debian-lts-announce] 20180414 [SECURITY] [DLA 1345-1] perl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00009.html"
},
{
"name": "1040681",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040681"
},
{
"name": "USN-3625-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"name": "DSA-4172",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"name": "GLSA-201909-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=131844",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131844"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6913",
"datePublished": "2018-04-17T20:00:00",
"dateReserved": "2018-02-11T00:00:00",
"dateUpdated": "2024-08-05T06:17:17.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18313 (GCVE-0-2018-18313)
Vulnerability from cvelistv5
Published
2018-12-07 21:00
Modified
2024-08-05 11:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4347",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"name": "1042181",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"name": "RHSA-2019:0010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"name": "USN-3834-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3834-2/"
},
{
"name": "FEDORA-2018-9dbe983805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"name": "RHSA-2019:0001",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"name": "USN-3834-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646738"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Ticket/Display.html?id=133192"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4347",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"name": "1042181",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"name": "RHSA-2019:0010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"name": "USN-3834-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3834-2/"
},
{
"name": "FEDORA-2018-9dbe983805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"name": "RHSA-2019:0001",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"name": "USN-3834-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646738"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Ticket/Display.html?id=133192"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4347",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"name": "1042181",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042181"
},
{
"name": "RHSA-2019:0010",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"name": "USN-3834-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3834-2/"
},
{
"name": "FEDORA-2018-9dbe983805",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"name": "RHSA-2019:0001",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"name": "USN-3834-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"name": "GLSA-201909-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://support.apple.com/kb/HT209600",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT209600"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190221-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"name": "https://metacpan.org/changes/release/SHAY/perl-5.26.3",
"refsource": "CONFIRM",
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1646738",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646738"
},
{
"name": "https://rt.perl.org/Ticket/Display.html?id=133192",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Ticket/Display.html?id=133192"
},
{
"name": "https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62",
"refsource": "CONFIRM",
"url": "https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18313",
"datePublished": "2018-12-07T21:00:00",
"dateReserved": "2018-10-14T00:00:00",
"dateUpdated": "2024-08-05T11:08:21.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1238 (GCVE-0-2016-1238)
Vulnerability from cvelistv5
Published
2016-08-02 14:00
Modified
2024-08-05 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201701-75",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "GLSA-201812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab"
},
{
"name": "1036440",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036440"
},
{
"name": "DSA-3628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3628"
},
{
"name": "[announce] 20180916 [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 \u0026 CVE-2018-11781",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E"
},
{
"name": "FEDORA-2016-6ec2009080",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/"
},
{
"name": "[perl.perl5.porters] 20160725 CVE-2016-1238: Important unsafe module load path flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html"
},
{
"name": "FEDORA-2016-e9e5c081d4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"name": "FEDORA-2016-dd20a4631a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/"
},
{
"name": "92136",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92136"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=127834"
},
{
"name": "openSUSE-SU-2019:1831",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T20:06:06",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "GLSA-201701-75",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "GLSA-201812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab"
},
{
"name": "1036440",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036440"
},
{
"name": "DSA-3628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3628"
},
{
"name": "[announce] 20180916 [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 \u0026 CVE-2018-11781",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E"
},
{
"name": "FEDORA-2016-6ec2009080",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/"
},
{
"name": "[perl.perl5.porters] 20160725 CVE-2016-1238: Important unsafe module load path flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html"
},
{
"name": "FEDORA-2016-e9e5c081d4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"name": "FEDORA-2016-dd20a4631a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/"
},
{
"name": "92136",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92136"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=127834"
},
{
"name": "openSUSE-SU-2019:1831",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-1238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201701-75",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "GLSA-201812-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"name": "http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab"
},
{
"name": "1036440",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036440"
},
{
"name": "DSA-3628",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3628"
},
{
"name": "[announce] 20180916 [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 \u0026 CVE-2018-11781",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E"
},
{
"name": "FEDORA-2016-6ec2009080",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/"
},
{
"name": "[perl.perl5.porters] 20160725 CVE-2016-1238: Important unsafe module load path flaw",
"refsource": "MLIST",
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html"
},
{
"name": "FEDORA-2016-e9e5c081d4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"name": "FEDORA-2016-dd20a4631a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/"
},
{
"name": "92136",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92136"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=127834",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=127834"
},
{
"name": "openSUSE-SU-2019:1831",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-1238",
"datePublished": "2016-08-02T14:00:00",
"dateReserved": "2015-12-27T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-2201 (GCVE-0-2011-2201)
Vulnerability from cvelistv5
Published
2011-09-14 15:00
Modified
2024-08-06 22:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:53:17.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48167",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48167"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=61792"
},
{
"name": "[oss-security] 20110613 Re: CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/13/5"
},
{
"name": "[oss-security] 20110612 CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/12/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=712694"
},
{
"name": "[oss-security] 20110613 Re: CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/13/13"
},
{
"name": "FEDORA-2011-11680",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065416.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-14T15:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "48167",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48167"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=61792"
},
{
"name": "[oss-security] 20110613 Re: CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/13/5"
},
{
"name": "[oss-security] 20110612 CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/12/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=712694"
},
{
"name": "[oss-security] 20110613 Re: CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/13/13"
},
{
"name": "FEDORA-2011-11680",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065416.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2201",
"datePublished": "2011-09-14T15:00:00Z",
"dateReserved": "2011-05-31T00:00:00Z",
"dateUpdated": "2024-08-06T22:53:17.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-36770 (GCVE-0-2021-36770)
Vulnerability from cvelistv5
Published
2021-08-11 22:49
Modified
2024-08-04 01:01
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:59.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://metacpan.org/dist/Encode/changes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-36770"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://news.cpanel.com/unscheduled-tsr-10-august-2021/"
},
{
"name": "FEDORA-2021-92e07de1dd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KOZYD7BH2DNIAEZ2ZL4PJ4QUVQI6Y33/"
},
{
"name": "FEDORA-2021-44c65203cc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NDGQSGMEZ75FJGBKNYC75OTO7TF7XHB/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210909-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-09T08:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://metacpan.org/dist/Encode/changes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-36770"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://news.cpanel.com/unscheduled-tsr-10-august-2021/"
},
{
"name": "FEDORA-2021-92e07de1dd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KOZYD7BH2DNIAEZ2ZL4PJ4QUVQI6Y33/"
},
{
"name": "FEDORA-2021-44c65203cc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NDGQSGMEZ75FJGBKNYC75OTO7TF7XHB/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210909-0003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://metacpan.org/dist/Encode/changes",
"refsource": "CONFIRM",
"url": "https://metacpan.org/dist/Encode/changes"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2021-36770",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2021-36770"
},
{
"name": "https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74",
"refsource": "CONFIRM",
"url": "https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74"
},
{
"name": "https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9",
"refsource": "CONFIRM",
"url": "https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9"
},
{
"name": "https://news.cpanel.com/unscheduled-tsr-10-august-2021/",
"refsource": "CONFIRM",
"url": "https://news.cpanel.com/unscheduled-tsr-10-august-2021/"
},
{
"name": "FEDORA-2021-92e07de1dd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6KOZYD7BH2DNIAEZ2ZL4PJ4QUVQI6Y33/"
},
{
"name": "FEDORA-2021-44c65203cc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5NDGQSGMEZ75FJGBKNYC75OTO7TF7XHB/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210909-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210909-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36770",
"datePublished": "2021-08-11T22:49:04",
"dateReserved": "2021-07-17T00:00:00",
"dateUpdated": "2024-08-04T01:01:59.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-3626 (GCVE-0-2009-3626)
Vulnerability from cvelistv5
Published
2009-10-29 14:00
Modified
2024-08-07 06:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:28.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-3023",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3023"
},
{
"name": "[oss-security] 20091023 CVE-2009-3626 assigment notification - Perl - perl-5.10.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/23/8"
},
{
"name": "59283",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/59283"
},
{
"name": "perl-utf8-expressions-dos(53939)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53939"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973"
},
{
"name": "37144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37144"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4"
},
{
"name": "36812",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36812"
},
{
"name": "1023077",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023077"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2009-3023",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3023"
},
{
"name": "[oss-security] 20091023 CVE-2009-3626 assigment notification - Perl - perl-5.10.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/23/8"
},
{
"name": "59283",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/59283"
},
{
"name": "perl-utf8-expressions-dos(53939)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53939"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973"
},
{
"name": "37144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37144"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4"
},
{
"name": "36812",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36812"
},
{
"name": "1023077",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023077"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3626",
"datePublished": "2009-10-29T14:00:00",
"dateReserved": "2009-10-09T00:00:00",
"dateUpdated": "2024-08-07T06:38:28.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-12883 (GCVE-0-2017-12883)
Vulnerability from cvelistv5
Published
2017-09-19 18:00
Modified
2024-08-05 18:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:06.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3982",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"name": "100852",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100852"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492093"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131598"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid \u0027\\N{U+...}\u0027 escape."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3982",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"name": "100852",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100852"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492093"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131598"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid \u0027\\N{U+...}\u0027 escape."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3982",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"name": "100852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100852"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180426-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"name": "http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch",
"refsource": "CONFIRM",
"url": "http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1492093",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492093"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=131598",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131598"
},
{
"name": "https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12883",
"datePublished": "2017-09-19T18:00:00",
"dateReserved": "2017-08-16T00:00:00",
"dateUpdated": "2024-08-05T18:51:06.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-1246 (GCVE-0-2016-1246)
Vulnerability from cvelistv5
Published
2016-10-05 16:00
Modified
2024-08-05 22:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2"
},
{
"name": "93337",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93337"
},
{
"name": "DSA-3684",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3684"
},
{
"name": "GLSA-201701-51",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-51"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2"
},
{
"name": "93337",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93337"
},
{
"name": "DSA-3684",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3684"
},
{
"name": "GLSA-201701-51",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-51"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-1246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html",
"refsource": "CONFIRM",
"url": "http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html"
},
{
"name": "https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2",
"refsource": "CONFIRM",
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2"
},
{
"name": "93337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93337"
},
{
"name": "DSA-3684",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3684"
},
{
"name": "GLSA-201701-51",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-51"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-1246",
"datePublished": "2016-10-05T16:00:00",
"dateReserved": "2015-12-27T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8608 (GCVE-0-2015-8608)
Vulnerability from cvelistv5
Published
2017-02-07 15:00
Modified
2024-08-06 08:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.
References
| ► | URL | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=126755"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=126755"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=126755",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=126755"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8608",
"datePublished": "2017-02-07T15:00:00",
"dateReserved": "2015-12-17T00:00:00",
"dateUpdated": "2024-08-06T08:20:43.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-3962 (GCVE-0-2005-3962)
Vulnerability from cvelistv5
Published
2005-12-01 17:00
Modified
2024-08-07 23:31
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-4750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "oval:org.mitre.oval:def:1074",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074"
},
{
"name": "VU#948385",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/948385"
},
{
"name": "22255",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22255"
},
{
"name": "17941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17941"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm"
},
{
"name": "20051201 Perl format string integer wrap vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/418333/100/0/threaded"
},
{
"name": "HPSBTU02125",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438726/100/0/threaded"
},
{
"name": "20051201 Perl format string integer wrap vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=113342788118630\u0026w=2"
},
{
"name": "ADV-2005-2688",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2688"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.dyadsecurity.com/perl-0002.html"
},
{
"name": "21345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21345"
},
{
"name": "15629",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15629"
},
{
"name": "RHSA-2005:881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-881.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "oval:org.mitre.oval:def:10598",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598"
},
{
"name": "DSA-943",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-943"
},
{
"name": "[3.7] 20060105 007: SECURITY FIX: January 5, 2006",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "http://www.openbsd.org/errata37.html#perl"
},
{
"name": "17993",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17993"
},
{
"name": "18075",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18075"
},
{
"name": "FLSA-2006:176731",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html"
},
{
"name": "CLSA-2006:1056",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=001056"
},
{
"name": "OpenPKG-SA-2005.025",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html"
},
{
"name": "SSRT061105",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438726/100/0/threaded"
},
{
"name": "ADV-2006-0771",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0771"
},
{
"name": "20060101-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"name": "20894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20894"
},
{
"name": "USN-222-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/222-1/"
},
{
"name": "ADV-2006-2613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2613"
},
{
"name": "18413",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18413"
},
{
"name": "23155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23155"
},
{
"name": "17762",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17762"
},
{
"name": "18187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18187"
},
{
"name": "TSLSA-2005-0070",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2005/0070"
},
{
"name": "18517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18517"
},
{
"name": "18295",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18295"
},
{
"name": "SUSE-SA:2005:071",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_71_perl.html"
},
{
"name": "18183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18183"
},
{
"name": "RHSA-2005:880",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-880.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch"
},
{
"name": "APPLE-SA-2006-11-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"name": "102192",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1"
},
{
"name": "17952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17952"
},
{
"name": "MDKSA-2005:225",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:225"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=41"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch"
},
{
"name": "GLSA-200512-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml"
},
{
"name": "31208",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31208"
},
{
"name": "17802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17802"
},
{
"name": "SUSE-SR:2005:029",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_29_sr.html"
},
{
"name": "19041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19041"
},
{
"name": "17844",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17844"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2006-4750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "oval:org.mitre.oval:def:1074",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074"
},
{
"name": "VU#948385",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/948385"
},
{
"name": "22255",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22255"
},
{
"name": "17941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17941"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm"
},
{
"name": "20051201 Perl format string integer wrap vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/418333/100/0/threaded"
},
{
"name": "HPSBTU02125",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/438726/100/0/threaded"
},
{
"name": "20051201 Perl format string integer wrap vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=113342788118630\u0026w=2"
},
{
"name": "ADV-2005-2688",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2688"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.dyadsecurity.com/perl-0002.html"
},
{
"name": "21345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21345"
},
{
"name": "15629",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15629"
},
{
"name": "RHSA-2005:881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-881.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "oval:org.mitre.oval:def:10598",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598"
},
{
"name": "DSA-943",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-943"
},
{
"name": "[3.7] 20060105 007: SECURITY FIX: January 5, 2006",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "http://www.openbsd.org/errata37.html#perl"
},
{
"name": "17993",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17993"
},
{
"name": "18075",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18075"
},
{
"name": "FLSA-2006:176731",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html"
},
{
"name": "CLSA-2006:1056",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=001056"
},
{
"name": "OpenPKG-SA-2005.025",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html"
},
{
"name": "SSRT061105",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/438726/100/0/threaded"
},
{
"name": "ADV-2006-0771",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0771"
},
{
"name": "20060101-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"name": "20894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20894"
},
{
"name": "USN-222-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/222-1/"
},
{
"name": "ADV-2006-2613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2613"
},
{
"name": "18413",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18413"
},
{
"name": "23155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23155"
},
{
"name": "17762",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17762"
},
{
"name": "18187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18187"
},
{
"name": "TSLSA-2005-0070",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2005/0070"
},
{
"name": "18517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18517"
},
{
"name": "18295",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18295"
},
{
"name": "SUSE-SA:2005:071",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_71_perl.html"
},
{
"name": "18183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18183"
},
{
"name": "RHSA-2005:880",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-880.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch"
},
{
"name": "APPLE-SA-2006-11-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"name": "102192",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1"
},
{
"name": "17952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17952"
},
{
"name": "MDKSA-2005:225",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:225"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=41"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch"
},
{
"name": "GLSA-200512-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml"
},
{
"name": "31208",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31208"
},
{
"name": "17802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17802"
},
{
"name": "SUSE-SR:2005:029",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_29_sr.html"
},
{
"name": "19041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19041"
},
{
"name": "17844",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17844"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-3962",
"datePublished": "2005-12-01T17:00:00",
"dateReserved": "2005-12-01T00:00:00",
"dateUpdated": "2024-08-07T23:31:48.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-1667 (GCVE-0-2013-1667)
Vulnerability from cvelistv5
Published
2013-03-12 16:00
Modified
2024-08-06 15:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:31.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "[perl.perl5.porters] 20130304 CVE-2013-1667: important rehashing flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html"
},
{
"name": "52472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52472"
},
{
"name": "MDVSA-2013:113",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296"
},
{
"name": "52499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52499"
},
{
"name": "APPLE-SA-2013-10-22-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/d59e31f"
},
{
"name": "58311",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58311"
},
{
"name": "90892",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/90892"
},
{
"name": "perl-rehash-dos(82598)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82598"
},
{
"name": "SSRT101274",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=137891988921058\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:18771",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/9d83adc"
},
{
"name": "DSA-2641",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2641"
},
{
"name": "HPSBUX02928",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=137891988921058\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5"
},
{
"name": "USN-1770-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1770-1"
},
{
"name": "RHSA-2013:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=912276"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "[perl.perl5.porters] 20130304 CVE-2013-1667: important rehashing flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html"
},
{
"name": "52472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52472"
},
{
"name": "MDVSA-2013:113",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296"
},
{
"name": "52499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52499"
},
{
"name": "APPLE-SA-2013-10-22-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/d59e31f"
},
{
"name": "58311",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58311"
},
{
"name": "90892",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/90892"
},
{
"name": "perl-rehash-dos(82598)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82598"
},
{
"name": "SSRT101274",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=137891988921058\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:18771",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/9d83adc"
},
{
"name": "DSA-2641",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2641"
},
{
"name": "HPSBUX02928",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=137891988921058\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5"
},
{
"name": "USN-1770-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1770-1"
},
{
"name": "RHSA-2013:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=912276"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "[perl.perl5.porters] 20130304 CVE-2013-1667: important rehashing flaw",
"refsource": "MLIST",
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html"
},
{
"name": "52472",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52472"
},
{
"name": "MDVSA-2013:113",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296"
},
{
"name": "52499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52499"
},
{
"name": "APPLE-SA-2013-10-22-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"name": "http://perl5.git.perl.org/perl.git/commitdiff/d59e31f",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/commitdiff/d59e31f"
},
{
"name": "58311",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58311"
},
{
"name": "90892",
"refsource": "OSVDB",
"url": "http://osvdb.org/90892"
},
{
"name": "perl-rehash-dos(82598)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82598"
},
{
"name": "SSRT101274",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=137891988921058\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:18771",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771"
},
{
"name": "http://perl5.git.perl.org/perl.git/commitdiff/9d83adc",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/commitdiff/9d83adc"
},
{
"name": "DSA-2641",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2641"
},
{
"name": "HPSBUX02928",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=137891988921058\u0026w=2"
},
{
"name": "http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5"
},
{
"name": "USN-1770-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1770-1"
},
{
"name": "RHSA-2013:0685",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=912276",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=912276"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1667",
"datePublished": "2013-03-12T16:00:00",
"dateReserved": "2013-02-13T00:00:00",
"dateUpdated": "2024-08-06T15:13:31.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-12015 (GCVE-0-2018-12015)
Vulnerability from cvelistv5
Published
2018-06-07 13:00
Modified
2024-08-05 08:24
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:24:03.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104423",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104423"
},
{
"name": "1041048",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041048"
},
{
"name": "DSA-4226",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4226"
},
{
"name": "USN-3684-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3684-1/"
},
{
"name": "USN-3684-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3684-2/"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"name": "RHSA-2019:2097",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2097"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180927-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209600"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "104423",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104423"
},
{
"name": "1041048",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041048"
},
{
"name": "DSA-4226",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4226"
},
{
"name": "USN-3684-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3684-1/"
},
{
"name": "USN-3684-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3684-2/"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"name": "RHSA-2019:2097",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2097"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180927-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT209600"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104423"
},
{
"name": "1041048",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041048"
},
{
"name": "DSA-4226",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4226"
},
{
"name": "USN-3684-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3684-1/"
},
{
"name": "USN-3684-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3684-2/"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"name": "RHSA-2019:2097",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2097"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180927-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180927-0001/"
},
{
"name": "https://support.apple.com/kb/HT209600",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT209600"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12015",
"datePublished": "2018-06-07T13:00:00",
"dateReserved": "2018-06-07T00:00:00",
"dateUpdated": "2024-08-05T08:24:03.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31484 (GCVE-0-2023-31484)
Vulnerability from cvelistv5
Published
2023-04-28 00:00
Modified
2024-08-02 14:53
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cpanpm_project:cpanpm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cpanpm",
"vendor": "cpanpm_project",
"versions": [
{
"lessThan": "2.35",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-31484",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T15:22:37.772694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T15:24:40.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:30.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/04/18/14"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/andk/cpanpm/pull/175"
},
{
"tags": [
"x_transferred"
],
"url": "https://metacpan.org/dist/CPAN/changes"
},
{
"name": "[oss-security] 20230429 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/29/1"
},
{
"name": "[oss-security] 20230503 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/3"
},
{
"name": "[oss-security] 20230503 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/5"
},
{
"name": "[oss-security] 20230507 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/07/2"
},
{
"name": "FEDORA-2023-1e5af38524",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/"
},
{
"name": "FEDORA-2023-46924e402a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:08:14.922685",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/04/18/14"
},
{
"url": "https://github.com/andk/cpanpm/pull/175"
},
{
"url": "https://metacpan.org/dist/CPAN/changes"
},
{
"name": "[oss-security] 20230429 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/29/1"
},
{
"name": "[oss-security] 20230503 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/3"
},
{
"name": "[oss-security] 20230503 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/5"
},
{
"name": "[oss-security] 20230507 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/07/2"
},
{
"name": "FEDORA-2023-1e5af38524",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/"
},
{
"name": "FEDORA-2023-46924e402a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-31484",
"datePublished": "2023-04-28T00:00:00",
"dateReserved": "2023-04-28T00:00:00",
"dateUpdated": "2024-08-02T14:53:30.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2827 (GCVE-0-2008-2827)
Vulnerability from cvelistv5
Published
2008-06-23 19:00
Modified
2024-08-07 09:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:14.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "FEDORA-2008-5739",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01025.html"
},
{
"name": "29902",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29902"
},
{
"name": "MDVSA-2008:165",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:165"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rt.cpan.org/Public/Bug/Display.html?id=36982"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31687"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319"
},
{
"name": "1020373",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020373"
},
{
"name": "30790",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30790"
},
{
"name": "30837",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30837"
},
{
"name": "perl-filepath-rmtree-symlink(43308)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43308"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "FEDORA-2008-5739",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01025.html"
},
{
"name": "29902",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29902"
},
{
"name": "MDVSA-2008:165",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:165"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rt.cpan.org/Public/Bug/Display.html?id=36982"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31687"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319"
},
{
"name": "1020373",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020373"
},
{
"name": "30790",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30790"
},
{
"name": "30837",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30837"
},
{
"name": "perl-filepath-rmtree-symlink(43308)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43308"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2008:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "FEDORA-2008-5739",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01025.html"
},
{
"name": "29902",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29902"
},
{
"name": "MDVSA-2008:165",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:165"
},
{
"name": "http://rt.cpan.org/Public/Bug/Display.html?id=36982",
"refsource": "MISC",
"url": "http://rt.cpan.org/Public/Bug/Display.html?id=36982"
},
{
"name": "31687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31687"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319"
},
{
"name": "1020373",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020373"
},
{
"name": "30790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30790"
},
{
"name": "30837",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30837"
},
{
"name": "perl-filepath-rmtree-symlink(43308)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43308"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2827",
"datePublished": "2008-06-23T19:00:00",
"dateReserved": "2008-06-23T00:00:00",
"dateUpdated": "2024-08-07T09:14:14.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-31486 (GCVE-0-2023-31486)
Vulnerability from cvelistv5
Published
2023-04-28 00:00
Modified
2025-01-30 19:26
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-11-29T12:04:38.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/04/18/14"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/"
},
{
"tags": [
"x_transferred"
],
"url": "https://hackeriet.github.io/cpan-http-tiny-overview/"
},
{
"name": "[oss-security] 20230429 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/29/1"
},
{
"name": "[oss-security] 20230503 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/3"
},
{
"name": "[oss-security] 20230503 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/05/03/4"
},
{
"name": "[oss-security] 20230507 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/07/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/chansen/p5-http-tiny/pull/153"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241129-0011/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-31486",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-30T19:18:03.667792Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-30T19:26:26.203Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-20T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/04/18/14"
},
{
"url": "https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/"
},
{
"url": "https://hackeriet.github.io/cpan-http-tiny-overview/"
},
{
"name": "[oss-security] 20230429 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/29/1"
},
{
"name": "[oss-security] 20230503 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/3"
},
{
"name": "[oss-security] 20230503 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/5"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/05/03/4"
},
{
"name": "[oss-security] 20230507 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/07/2"
},
{
"url": "https://github.com/chansen/p5-http-tiny/pull/153"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-31486",
"datePublished": "2023-04-28T00:00:00.000Z",
"dateReserved": "2023-04-28T00:00:00.000Z",
"dateUpdated": "2025-01-30T19:26:26.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10543 (GCVE-0-2020-10543)
Vulnerability from cvelistv5
Published
2020-06-05 13:17
Modified
2024-08-04 11:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:09.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-202006-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"name": "FEDORA-2020-fd73c08076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"name": "openSUSE-SU-2020:0850",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:20:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-202006-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"name": "FEDORA-2020-fd73c08076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"name": "openSUSE-SU-2020:0850",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-202006-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"name": "FEDORA-2020-fd73c08076",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"name": "openSUSE-SU-2020:0850",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed",
"refsource": "CONFIRM",
"url": "https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed"
},
{
"name": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3",
"refsource": "CONFIRM",
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"name": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod",
"refsource": "CONFIRM",
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200611-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10543",
"datePublished": "2020-06-05T13:17:49",
"dateReserved": "2020-03-13T00:00:00",
"dateUpdated": "2024-08-04T11:06:09.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1158 (GCVE-0-2010-1158)
Vulnerability from cvelistv5
Published
2010-04-20 15:00
Modified
2024-08-07 01:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.
References
| ► | URL | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=313565"
},
{
"name": "[oss-security] 20100414 Re: CVE Request -- perl v5.8.* -- stack overflow by processing certain regex (Gentoo BTS#313565 / RH BZ#580605)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/04/14/3"
},
{
"name": "[oss-security] 20100408 CVE Request -- perl v5.8.* -- stack overflow by processing certain regex (Gentoo BTS#313565 / RH BZ#580605)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/04/08/9"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55314"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=580605"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perldoc.perl.org/perl5100delta.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-24T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=313565"
},
{
"name": "[oss-security] 20100414 Re: CVE Request -- perl v5.8.* -- stack overflow by processing certain regex (Gentoo BTS#313565 / RH BZ#580605)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/04/14/3"
},
{
"name": "[oss-security] 20100408 CVE Request -- perl v5.8.* -- stack overflow by processing certain regex (Gentoo BTS#313565 / RH BZ#580605)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/04/08/9"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55314"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=580605"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perldoc.perl.org/perl5100delta.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1158",
"datePublished": "2010-04-20T15:00:00",
"dateReserved": "2010-03-29T00:00:00",
"dateUpdated": "2024-08-07T01:14:06.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8853 (GCVE-0-2015-8853)
Vulnerability from cvelistv5
Published
2016-05-25 15:00
Modified
2024-08-06 08:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."
References
| ► | URL | Tags | |||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:29:22.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201701-75",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "[oss-security] 20160420 Re: CVE Request: perl: denial-of-service / Regexp-matching \"hangs\" indefinitely on illegal input using binmode :utf8 using 100%CPU",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/7"
},
{
"name": "USN-3625-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3625-2/"
},
{
"name": "[oss-security] 20160420 CVE Request: perl: denial-of-service / Regexp-matching \"hangs\" indefinitely on illegal input using binmode :utf8 using 100%CPU",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=123562"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "86707",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/86707"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5"
},
{
"name": "USN-3625-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"name": "FEDORA-2016-5a9313e4b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by \"a\\x80.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-01T09:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "GLSA-201701-75",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "[oss-security] 20160420 Re: CVE Request: perl: denial-of-service / Regexp-matching \"hangs\" indefinitely on illegal input using binmode :utf8 using 100%CPU",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/7"
},
{
"name": "USN-3625-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3625-2/"
},
{
"name": "[oss-security] 20160420 CVE Request: perl: denial-of-service / Regexp-matching \"hangs\" indefinitely on illegal input using binmode :utf8 using 100%CPU",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=123562"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "86707",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/86707"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5"
},
{
"name": "USN-3625-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"name": "FEDORA-2016-5a9313e4b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-8853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by \"a\\x80.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201701-75",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "[oss-security] 20160420 Re: CVE Request: perl: denial-of-service / Regexp-matching \"hangs\" indefinitely on illegal input using binmode :utf8 using 100%CPU",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/7"
},
{
"name": "USN-3625-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3625-2/"
},
{
"name": "[oss-security] 20160420 CVE Request: perl: denial-of-service / Regexp-matching \"hangs\" indefinitely on illegal input using binmode :utf8 using 100%CPU",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/5"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=123562",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=123562"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "86707",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/86707"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1329106",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329106"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"name": "http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5"
},
{
"name": "USN-3625-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"name": "FEDORA-2016-5a9313e4b4",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-8853",
"datePublished": "2016-05-25T15:00:00",
"dateReserved": "2016-04-20T00:00:00",
"dateUpdated": "2024-08-06T08:29:22.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-1999-1386 (GCVE-0-1999-1386)
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-01 17:11
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
References
| ► | URL | Tags | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:11:02.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/rh50-errata-general.html#perl"
},
{
"name": "19980308 another /tmp race: `perl -e\u0027 opens temp file not safely",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=88932165406213\u0026w=2"
},
{
"name": "perl-e-tmp-symlink(7243)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7243.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1998-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redhat.com/support/errata/rh50-errata-general.html#perl"
},
{
"name": "19980308 another /tmp race: `perl -e\u0027 opens temp file not safely",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=88932165406213\u0026w=2"
},
{
"name": "perl-e-tmp-symlink(7243)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7243.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.redhat.com/support/errata/rh50-errata-general.html#perl",
"refsource": "CONFIRM",
"url": "http://www.redhat.com/support/errata/rh50-errata-general.html#perl"
},
{
"name": "19980308 another /tmp race: `perl -e\u0027 opens temp file not safely",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=88932165406213\u0026w=2"
},
{
"name": "perl-e-tmp-symlink(7243)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7243.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1386",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T17:11:02.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-6185 (GCVE-0-2016-6185)
Vulnerability from cvelistv5
Published
2016-08-02 14:00
Modified
2024-08-06 01:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2016-eb2592245b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/"
},
{
"name": "GLSA-201701-75",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "USN-3625-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3625-2/"
},
{
"name": "FEDORA-2016-485dff6060",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/"
},
{
"name": "1036260",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036260"
},
{
"name": "DSA-3628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3628"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7"
},
{
"name": "91685",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91685"
},
{
"name": "[oss-security] 20160707 CVE Request: perl: XSLoader: could load shared library from incorrect location",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/07/1"
},
{
"name": "FEDORA-2016-742bde2be7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/"
},
{
"name": "[oss-security] 20160708 Re: CVE Request: perl: XSLoader: could load shared library from incorrect location",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/08/5"
},
{
"name": "USN-3625-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=115808"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-01T09:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "FEDORA-2016-eb2592245b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/"
},
{
"name": "GLSA-201701-75",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "USN-3625-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3625-2/"
},
{
"name": "FEDORA-2016-485dff6060",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/"
},
{
"name": "1036260",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036260"
},
{
"name": "DSA-3628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3628"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7"
},
{
"name": "91685",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91685"
},
{
"name": "[oss-security] 20160707 CVE Request: perl: XSLoader: could load shared library from incorrect location",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/07/1"
},
{
"name": "FEDORA-2016-742bde2be7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/"
},
{
"name": "[oss-security] 20160708 Re: CVE Request: perl: XSLoader: could load shared library from incorrect location",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/08/5"
},
{
"name": "USN-3625-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=115808"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-6185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2016-eb2592245b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/"
},
{
"name": "GLSA-201701-75",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "USN-3625-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3625-2/"
},
{
"name": "FEDORA-2016-485dff6060",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/"
},
{
"name": "1036260",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036260"
},
{
"name": "DSA-3628",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3628"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7"
},
{
"name": "91685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91685"
},
{
"name": "[oss-security] 20160707 CVE Request: perl: XSLoader: could load shared library from incorrect location",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/07/1"
},
{
"name": "FEDORA-2016-742bde2be7",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/"
},
{
"name": "[oss-security] 20160708 Re: CVE Request: perl: XSLoader: could load shared library from incorrect location",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/08/5"
},
{
"name": "USN-3625-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"name": "https://rt.cpan.org/Public/Bug/Display.html?id=115808",
"refsource": "CONFIRM",
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=115808"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-6185",
"datePublished": "2016-08-02T14:00:00",
"dateReserved": "2016-07-08T00:00:00",
"dateUpdated": "2024-08-06T01:22:20.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6797 (GCVE-0-2018-6797)
Vulnerability from cvelistv5
Published
2018-04-17 20:00
Modified
2024-08-05 06:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.
References
| ► | URL | Tags | ||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1042004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "RHSA-2018:1192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1192"
},
{
"name": "1040681",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040681"
},
{
"name": "USN-3625-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"name": "DSA-4172",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=132227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1042004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "RHSA-2018:1192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1192"
},
{
"name": "1040681",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040681"
},
{
"name": "USN-3625-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"name": "DSA-4172",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=132227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1042004",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "RHSA-2018:1192",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1192"
},
{
"name": "1040681",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040681"
},
{
"name": "USN-3625-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"name": "DSA-4172",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"name": "GLSA-201909-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=132227",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=132227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6797",
"datePublished": "2018-04-17T20:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:11.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-47038 (GCVE-0-2023-47038)
Vulnerability from cvelistv5
Published
2023-12-18 13:43
Modified
2025-08-03 10:46
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
References
| ► | URL | Tags | |||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► |
Version: 5.30.0 ≤ Version: 5.36.0 ≤ Version: 5.38.0 ≤ |
|||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:2228",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2228"
},
{
"name": "RHSA-2024:3128",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3128"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-47038"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746"
},
{
"name": "RHBZ#2249523",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249523"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T20:34:17.016514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T20:34:37.926Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/Perl/perl5",
"defaultStatus": "unaffected",
"packageName": "perl",
"versions": [
{
"lessThan": "5.34.3",
"status": "affected",
"version": "5.30.0",
"versionType": "semver"
},
{
"lessThan": "5.36.3",
"status": "affected",
"version": "5.36.0",
"versionType": "semver"
},
{
"lessThan": "5.38.2",
"status": "affected",
"version": "5.38.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "perl:5.32",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8100020240314121426.9fe1d287",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "perl",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4:5.32.1-481.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "perl",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "perl",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "perl",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "perl:5.30/perl",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
}
],
"datePublic": "2023-11-25T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-03T10:46:10.459Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:2228",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2228"
},
{
"name": "RHSA-2024:3128",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3128"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-47038"
},
{
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746"
},
{
"name": "RHBZ#2249523",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249523"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-11T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-11-25T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Perl: write past buffer end via illegal user-defined unicode property",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-47038",
"datePublished": "2023-12-18T13:43:07.713Z",
"dateReserved": "2023-10-30T13:58:15.255Z",
"dateUpdated": "2025-08-03T10:46:10.459Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5302 (GCVE-0-2008-5302)
Vulnerability from cvelistv5
Published
2008-12-01 17:00
Modified
2024-08-07 10:49
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32980",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32980"
},
{
"name": "perl-filepath-symlink(47043)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47043"
},
{
"name": "oval:org.mitre.oval:def:6890",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"name": "DSA-1678",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1678"
},
{
"name": "USN-700-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"name": "[oss-security] 20081128 Re: [oss-security] CVE Request - cups, dovecot-managesieve, perl, wireshark",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/2"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "33314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33314"
},
{
"name": "20090120 rPSA-2009-0011-1 perl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"name": "USN-700-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"name": "oval:org.mitre.oval:def:11076",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "40052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40052"
},
{
"name": "RHSA-2010:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gossamer-threads.com/lists/perl/porters/233695#233695"
},
{
"name": "MDVSA-2010:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32980",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32980"
},
{
"name": "perl-filepath-symlink(47043)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47043"
},
{
"name": "oval:org.mitre.oval:def:6890",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"name": "DSA-1678",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1678"
},
{
"name": "USN-700-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"name": "[oss-security] 20081128 Re: [oss-security] CVE Request - cups, dovecot-managesieve, perl, wireshark",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/2"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "33314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33314"
},
{
"name": "20090120 rPSA-2009-0011-1 perl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"name": "USN-700-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"name": "oval:org.mitre.oval:def:11076",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "40052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40052"
},
{
"name": "RHSA-2010:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gossamer-threads.com/lists/perl/porters/233695#233695"
},
{
"name": "MDVSA-2010:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32980",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32980"
},
{
"name": "perl-filepath-symlink(47043)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47043"
},
{
"name": "oval:org.mitre.oval:def:6890",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0011",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"name": "DSA-1678",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1678"
},
{
"name": "USN-700-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"name": "[oss-security] 20081128 Re: [oss-security] CVE Request - cups, dovecot-managesieve, perl, wireshark",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/2"
},
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "33314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33314"
},
{
"name": "20090120 rPSA-2009-0011-1 perl",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"name": "USN-700-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"name": "oval:org.mitre.oval:def:11076",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "40052",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40052"
},
{
"name": "RHSA-2010:0458",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"name": "http://www.gossamer-threads.com/lists/perl/porters/233695#233695",
"refsource": "MISC",
"url": "http://www.gossamer-threads.com/lists/perl/porters/233695#233695"
},
{
"name": "MDVSA-2010:116",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5302",
"datePublished": "2008-12-01T17:00:00",
"dateReserved": "2008-12-01T00:00:00",
"dateUpdated": "2024-08-07T10:49:12.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-40909 (GCVE-0-2025-40909)
Vulnerability from cvelistv5
Published
2025-05-30 12:20
Modified
2025-06-03 03:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Perl threads have a working directory race condition where file operations may target unintended paths.
If a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone that handle for the new thread, which is visible from any third (or more) thread already running.
This may lead to unintended operations such as loading code or accessing files from unexpected locations, which a local attacker may be able to exploit.
The bug was introduced in commit 11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6
References
| ► | URL | Tags | |||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-06-03T03:23:21.080Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/23/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/05/30/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/06/02/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/06/02/5"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/06/02/6"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/06/02/7"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/06/03/1"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-40909",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-30T14:05:00.839656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T14:09:50.842Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "perl",
"product": "perl",
"programRoutines": [
{
"name": "threads"
}
],
"repo": "https://github.com/perl/perl5",
"vendor": "perl",
"versions": [
{
"lessThan": "5.41.13",
"status": "affected",
"version": "5.13.6",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Vincent Lefevre"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Perl threads have a working directory race condition where file operations may target unintended paths.\u003cbr\u003e\u003cbr\u003eIf a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone\u0026nbsp;that handle for the new thread, which is visible from any third (or\u0026nbsp;more) thread already running. \u003cbr\u003e\u003cbr\u003eThis may lead to unintended operations\u0026nbsp;such as loading code or accessing files from unexpected locations,\u0026nbsp;which a local attacker may be able to exploit.\u003cbr\u003e\u003cbr\u003eThe bug was introduced in commit\u0026nbsp;11a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6"
}
],
"value": "Perl threads have a working directory race condition where file operations may target unintended paths.\n\nIf a directory handle is open at thread creation, the process-wide current working directory is temporarily changed in order to clone\u00a0that handle for the new thread, which is visible from any third (or\u00a0more) thread already running. \n\nThis may lead to unintended operations\u00a0such as loading code or accessing files from unexpected locations,\u00a0which a local attacker may be able to exploit.\n\nThe bug was introduced in commit\u00a011a11ecf4bea72b17d250cfb43c897be1341861e and released in Perl version 5.13.6"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-362",
"description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T12:20:11.237Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/Perl/perl5/commit/918bfff86ca8d6d4e4ec5b30994451e0bd74aba9.patch"
},
{
"tags": [
"mailing-list",
"exploit"
],
"url": "https://www.openwall.com/lists/oss-security/2025/05/22/2"
},
{
"tags": [
"issue-tracking"
],
"url": "https://github.com/Perl/perl5/issues/23010"
},
{
"tags": [
"related"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1098226"
},
{
"tags": [
"related"
],
"url": "https://github.com/Perl/perl5/issues/10387"
},
{
"tags": [
"related"
],
"url": "https://perldoc.perl.org/5.14.0/perl5136delta#Directory-handles-not-copied-to-threads"
},
{
"tags": [
"related"
],
"url": "https://github.com/Perl/perl5/commit/11a11ecf4bea72b17d250cfb43c897be1341861e"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update perl to an unaffected version, or apply the patch provided in the references section."
}
],
"value": "Update perl to an unaffected version, or apply the patch provided in the references section."
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Perl threads have a working directory race condition where file operations may target unintended paths",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2025-40909",
"datePublished": "2025-05-30T12:20:11.237Z",
"dateReserved": "2025-04-16T09:05:34.360Z",
"dateUpdated": "2025-06-03T03:23:21.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1168 (GCVE-0-2010-1168)
Vulnerability from cvelistv5
Published
2010-06-21 16:00
Modified
2024-08-07 01:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods."
References
| ► | URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2010:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:115"
},
{
"name": "42402",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42402"
},
{
"name": "oval:org.mitre.oval:def:9807",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9807"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes"
},
{
"name": "1024062",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024062"
},
{
"name": "RHSA-2010:0457",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0457.html"
},
{
"name": "oval:org.mitre.oval:def:7424",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7424"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=576508"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html"
},
{
"name": "40049",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40049"
},
{
"name": "ADV-2010-3075",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3075"
},
{
"name": "40052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40052"
},
{
"name": "RHSA-2010:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"name": "[oss-security] 20100520 CVE-2010-1974 reject request (dupe of CVE-2010-1168) and CVE-2010-1447 description modification request",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/20/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in"
},
{
"name": "MDVSA-2010:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to \"automagic methods.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2010:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:115"
},
{
"name": "42402",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42402"
},
{
"name": "oval:org.mitre.oval:def:9807",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9807"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes"
},
{
"name": "1024062",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024062"
},
{
"name": "RHSA-2010:0457",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0457.html"
},
{
"name": "oval:org.mitre.oval:def:7424",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7424"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=576508"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html"
},
{
"name": "40049",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40049"
},
{
"name": "ADV-2010-3075",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3075"
},
{
"name": "40052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40052"
},
{
"name": "RHSA-2010:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"name": "[oss-security] 20100520 CVE-2010-1974 reject request (dupe of CVE-2010-1168) and CVE-2010-1447 description modification request",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/20/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in"
},
{
"name": "MDVSA-2010:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1168",
"datePublished": "2010-06-21T16:00:00",
"dateReserved": "2010-03-29T00:00:00",
"dateUpdated": "2024-08-07T01:14:06.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2012-12-21 05:46
Modified
2025-04-11 00:51
Severity ?
Summary
The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html | ||
| secalert@redhat.com | http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77 | ||
| secalert@redhat.com | http://secunia.com/advisories/46172 | Vendor Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/bid/49858 | ||
| secalert@redhat.com | https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=742987 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/46172 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/49858 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=742987 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | * | |
| perl | perl | 1.00 | |
| perl | perl | 1.01 | |
| perl | perl | 1.20 | |
| perl | perl | 1.21 | |
| perl | perl | 1.22 | |
| perl | perl | 1.31 | |
| perl | perl | 1.32 | |
| perl | perl | 1.40 | |
| perl | perl | 1.41 | |
| perl | perl | 1.42 | |
| perl | perl | 1.43 | |
| perl | perl | 1.44 | |
| perl | perl | 1.45 | |
| perl | perl | 1.46 | |
| perl | perl | 1.47 | |
| perl | perl | 1.48 | |
| perl | perl | 1.49 | |
| perl | perl | 2.0.0 | |
| perl | perl | 2.1.0 | |
| perl | perl | 2.1.1 | |
| perl | perl | 2.1.2 | |
| perl | perl | 2.1.3 | |
| perl | perl | 2.2.0 | |
| perl | perl | 2.2.1 | |
| perl | perl | 2.2.2 | |
| perl | perl | 2.3.0 | |
| perl | perl | 2.4.0 | |
| perl | perl | 2.5.0 | |
| perl | perl | 2.5.1 | |
| perl | perl | 2.6.0 | |
| perl | perl | 2.6.1 | |
| perl | perl | 2.6.2 | |
| perl | perl | 2.6.3 | |
| perl | perl | 2.6.4 | |
| perl | perl | 2.6.5 | |
| perl | perl | 2.6.6 | |
| perl | perl | 2.7.0 | |
| perl | perl | 2.7.1 | |
| perl | perl | 2.7.2 | |
| perl | perl | 2.8.0 | |
| perl | perl | 2.8.1 | |
| perl | perl | 2.8.2 | |
| perl | perl | 2.8.3 | |
| perl | perl | 2.8.4 | |
| perl | perl | 2.8.5 | |
| perl | perl | 2.8.6 | |
| perl | perl | 2.8.7 | |
| perl | perl | 2.8.8 | |
| perl | perl | 2.9.0 | |
| perl | perl | 2.9.1 | |
| perl | perl | 2.9.2 | |
| perl | perl | 2.10.0 | |
| perl | perl | 2.10.1 | |
| perl | perl | 2.10.2 | |
| perl | perl | 2.10.3 | |
| perl | perl | 2.10.4 | |
| perl | perl | 2.10.5 | |
| perl | perl | 2.10.6 | |
| perl | perl | 2.10.7 | |
| perl | perl | 2.11.0 | |
| perl | perl | 2.11.1 | |
| perl | perl | 2.11.2 | |
| perl | perl | 2.11.3 | |
| perl | perl | 2.11.4 | |
| perl | perl | 2.11.5 | |
| perl | perl | 2.11.6 | |
| perl | perl | 2.11.7 | |
| perl | perl | 2.11.8 | |
| perl | perl | 2.12.0 | |
| perl | perl | 2.13.0 | |
| perl | perl | 2.14.0 | |
| perl | perl | 2.14.1 | |
| perl | perl | 2.15.0 | |
| perl | perl | 2.15.1 | |
| perl | perl | 2.16.0 | |
| perl | perl | 2.16.1 | |
| perl | perl | 2.17.0 | |
| perl | perl | 2.17.1 | |
| perl | perl | 2.17.2 | |
| perl | perl | 2.18.0 | |
| perl | perl | 2.18.1 | |
| perl | perl | 5.6.0 | |
| perl | perl | 5.6.1 | |
| perl | perl | 5.8.0 | |
| perl | perl | 5.8.1 | |
| perl | perl | 5.8.2 | |
| perl | perl | 5.8.3 | |
| perl | perl | 5.8.4 | |
| perl | perl | 5.8.5 | |
| perl | perl | 5.8.6 | |
| perl | perl | 5.8.7 | |
| perl | perl | 5.8.8 | |
| perl | perl | 5.8.9 | |
| perl | perl | 5.8.10 | |
| perl | perl | 5.9.2 | |
| perl | perl | 5.10 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.11.0 | |
| perl | perl | 5.11.1 | |
| perl | perl | 5.11.2 | |
| perl | perl | 5.11.3 | |
| perl | perl | 5.11.4 | |
| perl | perl | 5.11.5 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.13.0 | |
| perl | perl | 5.13.1 | |
| perl | perl | 5.13.2 | |
| perl | perl | 5.13.3 | |
| perl | perl | 5.13.4 | |
| perl | perl | 5.13.5 | |
| perl | perl | 5.13.6 | |
| perl | perl | 5.13.7 | |
| perl | perl | 5.13.8 | |
| perl | perl | 5.13.9 | |
| perl | perl | 5.13.10 | |
| perl | perl | 5.13.11 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9313BD13-82CE-4632-80E8-48B3A1159CDE",
"versionEndIncluding": "5.14.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA44592-DC6D-4FB7-AC1D-A300643922C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBE0151-85BA-449C-880F-E23D8C446D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "83F3ED90-9586-41DB-9B83-C6B05C605213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0DB562AC-B665-4F2B-B004-9E848ACC7C20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "8305CB5A-A64A-4F11-B912-B2E428513E22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.31:*:*:*:*:*:*:*",
"matchCriteriaId": "367FF98C-12FF-4CEC-9870-6356FAD3C523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.32:*:*:*:*:*:*:*",
"matchCriteriaId": "191EDFB5-F9AB-4A8B-BFC7-9BB7BCE7AAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "A253AEB7-A581-4E1F-9410-E056390C0BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.41:*:*:*:*:*:*:*",
"matchCriteriaId": "2696ACCA-47FC-4D25-8A08-17F7CD640040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.42:*:*:*:*:*:*:*",
"matchCriteriaId": "50F9F981-903A-48F8-ACD9-48308E639261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.43:*:*:*:*:*:*:*",
"matchCriteriaId": "99E7410D-A498-49FB-818E-309BDBDB7A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.44:*:*:*:*:*:*:*",
"matchCriteriaId": "85BE0085-3E86-4A39-8AE4-76ED06D2534B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.45:*:*:*:*:*:*:*",
"matchCriteriaId": "2614B8FD-F7A5-4C70-AE1E-2255FCAB1154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.46:*:*:*:*:*:*:*",
"matchCriteriaId": "58387159-A167-4032-9F3F-B517EF2185F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.47:*:*:*:*:*:*:*",
"matchCriteriaId": "CB414CE9-5EFA-45F7-BB0B-B8B3893444DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.48:*:*:*:*:*:*:*",
"matchCriteriaId": "93FBE9FB-99AC-4800-BB1F-4F0689E0A07A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.49:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB83944-0183-4DDB-B20E-0C8A7646A07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80151ACD-28DC-4383-9B7E-F2B759299341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C15294D-F2AC-4E81-A612-14A31510449D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF2EE2D3-A942-4CAE-8F14-213BB6CBD62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05630C5E-263A-4974-81A0-2DC178B9708C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4B372AF6-29BB-4DAA-B3DA-3F8AE7BBC5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C17CD4D0-DFE5-4C01-BEEA-891C865E18AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEB7512-D7E2-4F24-B96F-4FFE9E650262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "307F457C-4015-4857-ADB8-637BC53DEB54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B645F9A1-44FB-4504-BF6C-2810EE841025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E91B29C4-3709-473E-8F69-69D77ECEB221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB3068F9-9A65-4DC4-88C2-19C8E1807CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ADDA896A-8EA8-4924-A648-6001F83F8AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "91611ED9-FFDE-42B2-8E02-5B089A34DB33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "638055BA-CB01-404E-B9CD-D9EEB284ACE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54F33281-2EA9-49EF-A074-E0AE93D4DC72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2EA4A6E5-F1A0-42E8-BB49-E06497DA582B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "085763C4-D71A-47AF-B64C-829E6EC8E6D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9805F52C-B9F4-4531-A478-C3FA03D1EA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1183DBED-4EF7-4942-9400-D57BC0C63773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4FCE3D75-98D9-4D95-9EB9-F33E37CC047B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58228B5F-7FA1-42B5-BC4A-A5F6535E2C39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D4C885-1FDB-479C-9626-B006E1C84E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6574874E-EE2A-43B0-9D4B-9106C46BF8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62A4C415-6408-4A7E-A1C9-8A327B0DEA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B35E250-F525-4EF5-9DBD-D80D68E5C00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79388C94-3306-4FD2-880E-56D42830B822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E181D243-AFF0-41E3-A969-3DC67E81E8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D445C68D-BFB8-4BAB-B995-FADF7CA5DF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D8982A13-3F5E-4B52-932C-00BD7CEA7625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B0518BBC-BE6F-4949-A39B-1BE1FFA9442D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5F66A1-E3C6-4D89-B3E3-AF46CC98BB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8090363F-1850-4095-A212-0A554EA37A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26FA77D7-CE3B-4ED2-8117-E6CC1BA39B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4687A27-D41C-489D-AA95-E6999ABB696D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C03AD0EA-BFB8-480D-9B9C-6D6BD0DABDB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59BADDB6-D48A-4DC0-A758-902F0EBC51CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D12770F8-8729-4712-9023-64CB2B374BCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4A7FD104-1DE9-4A2A-AB2B-CD4AD9E70A93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A33D85D8-AA73-4120-9DB0-85B9E0BC14F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "079B9B47-194A-4047-AFEB-ABAD9CA5E53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "98034760-4DF2-4D7B-92D8-02EDCF56E618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7EB7B211-AFE1-4D1A-B46F-86394981D5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "930C1B45-2ABE-42DD-8D10-B375ED796F4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B5811AB6-ED08-40C9-A0CD-77793A495E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82185F66-9E19-4C56-8E77-5C153275A542",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E51FAC0-BEF4-4839-B3C0-CCC9ED015582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D902DF16-5F3A-485E-9409-BC47A4E46014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8FA7E4-B406-4587-86A7-F560FE64A3B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "77C35F36-AD3C-418C-ACED-486FF06EFFC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B28DF2CD-1BEC-4F5E-AD30-7F84E58DF223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3960D793-C3C8-40FC-83B2-710ED2F5D658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5DDE4919-FA8A-485B-9F0E-BD015B1D4D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC022C7A-35DD-445D-B9D3-6024CF28610E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88D408D9-B90D-495A-BC09-E322FBE78E06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D00E45-E017-43AB-AAF9-9B4721CD8E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDB7238-FD06-4872-A736-9D988A0433E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "676C7999-B586-40E0-83E8-EB09E3F107C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31B80A50-5766-4ED7-9254-5CDDB74C7C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF88AD1-AECE-4227-AE63-EA3E279238C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED441D3-6D17-4F8E-AF0E-27D813B2C68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22CAAB68-FD86-49DB-8DA7-F16FC3F6B878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF19BA4-1BF5-4F1E-BE6C-318B581D1EB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6EE9535-B8AB-4DC8-A012-405FDEF88CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51143CE7-A953-4174-B043-5D7AC7CD9391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BBDE0711-1423-4E75-A902-1DA04DC8C352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD62DA82-0EB3-4ACA-ACC8-A1E63C031D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4932278D-A661-42D9-AA36-4233B174EF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70CBBC87-F6F7-45AF-9B54-95402D03C75F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B34EA51-64A3-483A-AF99-01358F6BE8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E0DBA5-360F-463E-A840-365168A1FCC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA80F25-A108-4B65-BE25-56DE17B930EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ECB2B6E2-890E-4B6E-833F-DF40E6D77E22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53F0358E-0722-48A6-A2C6-470229602089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8DFDF97-EF44-448F-A5CA-021B2D64605F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E98D2706-99B7-4153-925B-77A8CECD7CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B10AD15E-6275-48AB-8757-FB5A735C82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7B358BF3-55AC-477E-A4B5-3960C449C011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF69341A-4D00-424E-AD0F-FA7515278770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "777EC860-FB16-4B15-A8BE-3EAE9FD8A99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B84C088-F29F-4498-A390-187505361962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17E86767-47EB-4A39-B8E1-A4B9AB4BC20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DB77E3D6-9F24-4C51-86E4-CD014DF0F66E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D67E248-C0B8-4713-9D9A-47097885A2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B32436EE-DA64-41AD-B967-26C6D4973FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CF46E50D-AE29-49FD-884B-488D9EB879D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77B23E85-8167-4B17-8D76-BD807067BB4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8355C16E-16D4-4A68-BFD3-125892E3FA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85FFA753-4B14-4B52-941F-C33D41451EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B99FD006-688D-43BB-901A-FB9192157947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD582A1-DCCF-4D54-8177-45E861A0C263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E5AF4FAA-A591-43FB-A9B1-FD47EF0AC622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC3F8EA-BE60-4EAB-A9B9-DB1368B5430C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "C0D13359-AC5F-40CB-B906-8E03526CE045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A5E92FB2-7C21-4F06-AE3F-562551A758AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D213529E-33EF-43D1-A673-3C94191427D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6539E09-4DC5-4C53-AFF1-70D06BBA9E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "52D8DF08-AE73-4529-B212-CA31F02A719E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "EA054FCE-FABC-4EB5-9759-F77C6F250B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5DDFC6-4EDF-452A-B561-C9115D91FB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1DBAB61-4BFB-4664-98CF-77C617F982A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8A7580C2-44DE-48E5-AC26-A221537C95D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54E04A5E-BE90-4A31-8C1D-09A91DD3E7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1A52ADD6-05DE-4A16-9745-D92CD5F46502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF99954-5B94-4092-83B9-7D17EEDB30A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38A25AC3-1C81-4234-8B7E-0D59EA1F103B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "93E670B7-6956-4A13-A2A8-F675C0B093FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "23F1C64E-1446-409D-9F53-1C03724A10E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93813F8D-F22F-43E3-B894-BEB7FA6204F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B280339A-1CED-4FBD-8B3C-A48B07FE9BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC85766E-3A59-4711-85C9-62AC01F2A87D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC9AA38-4A25-4825-9EDD-E93353A8B195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "388E8952-47B7-426E-AE35-0216FD60CC8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "105AB2DD-5E61-4369-8383-B7BF13B85444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2F4C5C-2B56-450A-813F-254019FBB854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "226424B4-7299-4E28-BBB1-0FCC9E2602E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C16C918C-A1C4-425B-9C0C-B239B3482A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5393E265-60C1-43A6-9EFE-505A115053DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD50D93-8395-4698-A12B-D9CAAB022BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.11:*:*:*:*:*:*:*",
"matchCriteriaId": "04EE04B4-71DD-4A87-BA2D-79954AEF5DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A968B30-8456-49C2-A9B0-6CF55CB3C7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "66BF9787-C734-43DA-B8BF-FF6D6F4E802A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D94BF151-572F-4C50-8E47-9B8BCDD16A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5114F054-E5AF-4905-83DD-459E1D56B5DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference."
},
{
"lang": "es",
"value": "La funci\u00f3n bsd_glob en el m\u00f3dulo de archivo ::Glob para Perl antes de v5.14.2 permite a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una expresi\u00f3n regular dada con la bandera GLOB_ALTDIRFUNC, lo que desencadena una desreferencia de puntero no inicializado."
}
],
"id": "CVE-2011-2728",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-21T05:46:14.527",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html"
},
{
"source": "secalert@redhat.com",
"url": "http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46172"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/49858"
},
{
"source": "secalert@redhat.com",
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742987"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-11 23:15
Modified
2024-11-21 06:14
Severity ?
Summary
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74 | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NDGQSGMEZ75FJGBKNYC75OTO7TF7XHB/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KOZYD7BH2DNIAEZ2ZL4PJ4QUVQI6Y33/ | ||
| cve@mitre.org | https://metacpan.org/dist/Encode/changes | Third Party Advisory | |
| cve@mitre.org | https://news.cpanel.com/unscheduled-tsr-10-august-2021/ | Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2021-36770 | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20210909-0003/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NDGQSGMEZ75FJGBKNYC75OTO7TF7XHB/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KOZYD7BH2DNIAEZ2ZL4PJ4QUVQI6Y33/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://metacpan.org/dist/Encode/changes | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://news.cpanel.com/unscheduled-tsr-10-august-2021/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2021-36770 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20210909-0003/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| p5-encode_project | p5-encode | * | |
| perl | perl | * | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 33 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:p5-encode_project:p5-encode:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1789B3F3-F9D3-4521-8279-02D87A3CBBBB",
"versionEndExcluding": "3.12",
"versionStartIncluding": "3.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5420C786-37DA-4247-96B1-1E4DCA0D452C",
"versionEndIncluding": "5.34.0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value."
},
{
"lang": "es",
"value": "Encode.pm, distribuido en Perl versiones hasta 5.34.0, permite a usuarios locales alcanzar privilegios por medio de una biblioteca Encode::ConfigLocal (en el directorio de trabajo actual) que se adelanta a una carga din\u00e1mica de m\u00f3dulos. Una explotaci\u00f3n requiere una configuraci\u00f3n inusual, y determinadas versiones 2021 de Encode.pm (3.05 hasta 3.11). Este problema ocurre porque el operador || eval\u00faa @INC en un contexto escalar, y por lo tanto @INC s\u00f3lo tiene un valor entero"
}
],
"id": "CVE-2021-36770",
"lastModified": "2024-11-21T06:14:03.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-11T23:15:07.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NDGQSGMEZ75FJGBKNYC75OTO7TF7XHB/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KOZYD7BH2DNIAEZ2ZL4PJ4QUVQI6Y33/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/dist/Encode/changes"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://news.cpanel.com/unscheduled-tsr-10-august-2021/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-36770"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210909-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NDGQSGMEZ75FJGBKNYC75OTO7TF7XHB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KOZYD7BH2DNIAEZ2ZL4PJ4QUVQI6Y33/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/dist/Encode/changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://news.cpanel.com/unscheduled-tsr-10-august-2021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-36770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210909-0003/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-22 19:16
Modified
2024-11-21 07:33
Severity ?
Summary
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345 | Exploit | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20230915-0008/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20230915-0008/ |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.34.0:-:*:*:*:*:*:*",
"matchCriteriaId": "ED202CAF-C081-41FF-948C-84A9ECADCE2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation."
},
{
"lang": "es",
"value": "En Perl 5.34.0, la funci\u00f3n S_find_uninit_var en sv.c tiene un bloqueo basado en pila que puede conducir a la ejecuci\u00f3n remota de c\u00f3digo o a la escalada de privilegios locales."
}
],
"id": "CVE-2022-48522",
"lastModified": "2024-11-21T07:33:29.637",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-22T19:16:31.153",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20230915-0008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230915-0008/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-12-31 05:00
Modified
2025-04-03 01:03
Severity ?
Summary
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://marc.info/?l=bugtraq&m=88932165406213&w=2 | Exploit, Mailing List | |
| cve@mitre.org | http://www.iss.net/security_center/static/7243.php | Broken Link | |
| cve@mitre.org | http://www.redhat.com/support/errata/rh50-errata-general.html#perl | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=88932165406213&w=2 | Exploit, Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.iss.net/security_center/static/7243.php | Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/rh50-errata-general.html#perl | Broken Link |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "356EEFF0-DC56-4E12-B7B1-DB28784FF3B1",
"versionEndIncluding": "5.004_04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file."
}
],
"id": "CVE-1999-1386",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "1999-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=88932165406213\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.iss.net/security_center/static/7243.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/rh50-errata-general.html#perl"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=88932165406213\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.iss.net/security_center/static/7243.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/rh50-errata-general.html#perl"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-24 05:05
Modified
2025-04-09 00:30
Severity ?
Summary
Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792 | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html | ||
| cve@mitre.org | http://osvdb.org/44588 | ||
| cve@mitre.org | http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156 | ||
| cve@mitre.org | http://secunia.com/advisories/29948 | ||
| cve@mitre.org | http://secunia.com/advisories/30025 | ||
| cve@mitre.org | http://secunia.com/advisories/30326 | ||
| cve@mitre.org | http://secunia.com/advisories/30624 | ||
| cve@mitre.org | http://secunia.com/advisories/31208 | ||
| cve@mitre.org | http://secunia.com/advisories/31328 | ||
| cve@mitre.org | http://secunia.com/advisories/31467 | ||
| cve@mitre.org | http://secunia.com/advisories/31604 | ||
| cve@mitre.org | http://secunia.com/advisories/31687 | ||
| cve@mitre.org | http://secunia.com/advisories/33314 | ||
| cve@mitre.org | http://secunia.com/advisories/33937 | ||
| cve@mitre.org | http://support.apple.com/kb/HT3438 | ||
| cve@mitre.org | http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm | ||
| cve@mitre.org | http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm | ||
| cve@mitre.org | http://wiki.rpath.com/Advisories:rPSA-2009-0011 | ||
| cve@mitre.org | http://www.debian.org/security/2008/dsa-1556 | ||
| cve@mitre.org | http://www.gentoo.org/security/en/glsa/glsa-200805-17.xml | ||
| cve@mitre.org | http://www.ipcop.org/index.php?name=News&file=article&sid=41 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2008:100 | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2008-0522.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2008-0532.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/500210/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/28928 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1020253 | ||
| cve@mitre.org | http://www.ubuntu.com/usn/usn-700-1 | ||
| cve@mitre.org | http://www.ubuntu.com/usn/usn-700-2 | ||
| cve@mitre.org | http://www.vmware.com/security/advisories/VMSA-2008-0013.html | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2265/references | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2361 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2008/2424 | ||
| cve@mitre.org | http://www.vupen.com/english/advisories/2009/0422 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/41996 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10579 | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00601.html | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00607.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/44588 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/29948 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30025 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30326 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30624 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31208 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31328 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31467 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31604 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31687 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/33314 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/33937 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT3438 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/Advisories:rPSA-2009-0011 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1556 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200805-17.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ipcop.org/index.php?name=News&file=article&sid=41 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:100 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2008-0522.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2008-0532.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/500210/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/28928 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1020253 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-700-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-700-2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vmware.com/security/advisories/VMSA-2008-0013.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2265/references | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2361 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2008/2424 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/0422 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/41996 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10579 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00601.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00607.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E98D2706-99B7-4153-925B-77A8CECD7CFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems."
},
{
"lang": "es",
"value": "Vulnerabilidad de doble liberacio\u00f3n en Perl 5.8.8 permite a los atacantes, dependiendo del contexto, causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y caida) a trav\u00e9s de expresiones regulares manipuladas conteniendo caracteres UTF8. NOTE: esta caracter\u00edstica solo est\u00e1 presente en ciertos sistemas operativos."
}
],
"id": "CVE-2008-1927",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-24T05:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/44588"
},
{
"source": "cve@mitre.org",
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29948"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30025"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30326"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30624"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31208"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31328"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31467"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31604"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31687"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33314"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33937"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3438"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1556"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-17.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=41"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:100"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0522.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0532.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28928"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020253"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2265/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2361"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2424"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41996"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10579"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00601.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00607.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/44588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-17.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=41"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0522.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0532.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2265/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00601.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00607.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-02 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@debian.org | http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html | Third Party Advisory | |
| security@debian.org | http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab | Issue Tracking | |
| security@debian.org | http://www.debian.org/security/2016/dsa-3628 | Third Party Advisory | |
| security@debian.org | http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html | Third Party Advisory | |
| security@debian.org | http://www.securityfocus.com/bid/92136 | Third Party Advisory, VDB Entry | |
| security@debian.org | http://www.securitytracker.com/id/1036440 | Third Party Advisory, VDB Entry | |
| security@debian.org | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 | Third Party Advisory | |
| security@debian.org | https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E | ||
| security@debian.org | https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html | Mailing List, Third Party Advisory | |
| security@debian.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/ | ||
| security@debian.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/ | ||
| security@debian.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/ | ||
| security@debian.org | https://rt.perl.org/Public/Bug/Display.html?id=127834 | Permissions Required | |
| security@debian.org | https://security.gentoo.org/glsa/201701-75 | Third Party Advisory | |
| security@debian.org | https://security.gentoo.org/glsa/201812-07 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3628 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/92136 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036440 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rt.perl.org/Public/Bug/Display.html?id=127834 | Permissions Required | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201701-75 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201812-07 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 8.0 | |
| fedoraproject | fedora | 23 | |
| fedoraproject | fedora | 24 | |
| perl | perl | 1.0.15 | |
| perl | perl | 1.0.16 | |
| perl | perl | 5.000 | |
| perl | perl | 5.000o | |
| perl | perl | 5.001 | |
| perl | perl | 5.001n | |
| perl | perl | 5.002 | |
| perl | perl | 5.002_01 | |
| perl | perl | 5.003 | |
| perl | perl | 5.003_01 | |
| perl | perl | 5.003_02 | |
| perl | perl | 5.003_03 | |
| perl | perl | 5.003_04 | |
| perl | perl | 5.003_05 | |
| perl | perl | 5.003_07 | |
| perl | perl | 5.003_08 | |
| perl | perl | 5.003_09 | |
| perl | perl | 5.003_10 | |
| perl | perl | 5.003_11 | |
| perl | perl | 5.003_12 | |
| perl | perl | 5.003_13 | |
| perl | perl | 5.003_14 | |
| perl | perl | 5.003_15 | |
| perl | perl | 5.003_16 | |
| perl | perl | 5.003_17 | |
| perl | perl | 5.003_18 | |
| perl | perl | 5.003_19 | |
| perl | perl | 5.003_20 | |
| perl | perl | 5.003_21 | |
| perl | perl | 5.003_22 | |
| perl | perl | 5.003_23 | |
| perl | perl | 5.003_24 | |
| perl | perl | 5.003_25 | |
| perl | perl | 5.003_26 | |
| perl | perl | 5.003_27 | |
| perl | perl | 5.003_28 | |
| perl | perl | 5.003_90 | |
| perl | perl | 5.003_91 | |
| perl | perl | 5.003_92 | |
| perl | perl | 5.003_93 | |
| perl | perl | 5.003_94 | |
| perl | perl | 5.003_95 | |
| perl | perl | 5.003_96 | |
| perl | perl | 5.003_97 | |
| perl | perl | 5.003_97a | |
| perl | perl | 5.003_97b | |
| perl | perl | 5.003_97c | |
| perl | perl | 5.003_97d | |
| perl | perl | 5.003_97e | |
| perl | perl | 5.003_97f | |
| perl | perl | 5.003_97g | |
| perl | perl | 5.003_97h | |
| perl | perl | 5.003_97i | |
| perl | perl | 5.003_97j | |
| perl | perl | 5.003_98 | |
| perl | perl | 5.003_99 | |
| perl | perl | 5.003_99a | |
| perl | perl | 5.004 | |
| perl | perl | 5.004_01 | |
| perl | perl | 5.004_02 | |
| perl | perl | 5.004_03 | |
| perl | perl | 5.004_04 | |
| perl | perl | 5.004_05 | |
| perl | perl | 5.005 | |
| perl | perl | 5.005_01 | |
| perl | perl | 5.005_02 | |
| perl | perl | 5.005_03 | |
| perl | perl | 5.005_04 | |
| perl | perl | 5.6 | |
| perl | perl | 5.6.0 | |
| perl | perl | 5.6.1 | |
| perl | perl | 5.6.2 | |
| perl | perl | 5.7.3 | |
| perl | perl | 5.8 | |
| perl | perl | 5.8.0 | |
| perl | perl | 5.8.1 | |
| perl | perl | 5.8.2 | |
| perl | perl | 5.8.3 | |
| perl | perl | 5.8.4 | |
| perl | perl | 5.8.5 | |
| perl | perl | 5.8.6 | |
| perl | perl | 5.8.7 | |
| perl | perl | 5.8.8 | |
| perl | perl | 5.8.9 | |
| perl | perl | 5.8.9 | |
| perl | perl | 5.9.0 | |
| perl | perl | 5.9.1 | |
| perl | perl | 5.9.2 | |
| perl | perl | 5.9.3 | |
| perl | perl | 5.9.4 | |
| perl | perl | 5.9.5 | |
| perl | perl | 5.10 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.11.0 | |
| perl | perl | 5.11.1 | |
| perl | perl | 5.11.2 | |
| perl | perl | 5.11.3 | |
| perl | perl | 5.11.4 | |
| perl | perl | 5.11.5 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.4 | |
| perl | perl | 5.12.4 | |
| perl | perl | 5.12.4 | |
| perl | perl | 5.12.5 | |
| perl | perl | 5.12.5 | |
| perl | perl | 5.12.5 | |
| perl | perl | 5.13.0 | |
| perl | perl | 5.13.1 | |
| perl | perl | 5.13.2 | |
| perl | perl | 5.13.3 | |
| perl | perl | 5.13.4 | |
| perl | perl | 5.13.5 | |
| perl | perl | 5.13.6 | |
| perl | perl | 5.13.7 | |
| perl | perl | 5.13.8 | |
| perl | perl | 5.13.9 | |
| perl | perl | 5.13.10 | |
| perl | perl | 5.13.11 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.1 | |
| perl | perl | 5.14.1 | |
| perl | perl | 5.14.2 | |
| perl | perl | 5.14.2 | |
| perl | perl | 5.14.3 | |
| perl | perl | 5.14.3 | |
| perl | perl | 5.14.3 | |
| perl | perl | 5.14.4 | |
| perl | perl | 5.14.4 | |
| perl | perl | 5.14.4 | |
| perl | perl | 5.15.0 | |
| perl | perl | 5.15.1 | |
| perl | perl | 5.15.2 | |
| perl | perl | 5.15.3 | |
| perl | perl | 5.15.4 | |
| perl | perl | 5.15.5 | |
| perl | perl | 5.15.6 | |
| perl | perl | 5.15.7 | |
| perl | perl | 5.15.8 | |
| perl | perl | 5.15.9 | |
| perl | perl | 5.16.0 | |
| perl | perl | 5.16.0 | |
| perl | perl | 5.16.0 | |
| perl | perl | 5.16.1 | |
| perl | perl | 5.16.2 | |
| perl | perl | 5.16.3 | |
| perl | perl | 5.16.3 | |
| perl | perl | 5.17.0 | |
| perl | perl | 5.17.1 | |
| perl | perl | 5.17.2 | |
| perl | perl | 5.17.3 | |
| perl | perl | 5.17.4 | |
| perl | perl | 5.17.5 | |
| perl | perl | 5.17.6 | |
| perl | perl | 5.17.7 | |
| perl | perl | 5.17.7.0 | |
| perl | perl | 5.17.8 | |
| perl | perl | 5.17.9 | |
| perl | perl | 5.17.10 | |
| perl | perl | 5.17.11 | |
| perl | perl | 5.18.0 | |
| perl | perl | 5.18.0 | |
| perl | perl | 5.18.0 | |
| perl | perl | 5.18.0 | |
| perl | perl | 5.18.0 | |
| perl | perl | 5.18.1 | |
| perl | perl | 5.18.2 | |
| perl | perl | 5.18.2 | |
| perl | perl | 5.18.2 | |
| perl | perl | 5.18.2 | |
| perl | perl | 5.18.2 | |
| perl | perl | 5.18.3 | |
| perl | perl | 5.18.3 | |
| perl | perl | 5.18.3 | |
| perl | perl | 5.18.4 | |
| perl | perl | 5.19.0 | |
| perl | perl | 5.19.1 | |
| perl | perl | 5.19.2 | |
| perl | perl | 5.19.3 | |
| perl | perl | 5.19.4 | |
| perl | perl | 5.19.5 | |
| perl | perl | 5.19.6 | |
| perl | perl | 5.19.7 | |
| perl | perl | 5.19.8 | |
| perl | perl | 5.19.9 | |
| perl | perl | 5.19.10 | |
| perl | perl | 5.19.11 | |
| perl | perl | 5.20.0 | |
| perl | perl | 5.20.0 | |
| perl | perl | 5.20.1 | |
| perl | perl | 5.20.1 | |
| perl | perl | 5.20.1 | |
| perl | perl | 5.20.2 | |
| perl | perl | 5.20.2 | |
| perl | perl | 5.20.3 | |
| perl | perl | 5.20.3 | |
| perl | perl | 5.20.3 | |
| perl | perl | 5.21.0 | |
| perl | perl | 5.21.1 | |
| perl | perl | 5.21.2 | |
| perl | perl | 5.21.3 | |
| perl | perl | 5.21.4 | |
| perl | perl | 5.21.5 | |
| perl | perl | 5.21.6 | |
| perl | perl | 5.21.7 | |
| perl | perl | 5.21.8 | |
| perl | perl | 5.21.9 | |
| perl | perl | 5.21.10 | |
| perl | perl | 5.21.11 | |
| perl | perl | 5.22.0 | |
| perl | perl | 5.22.0 | |
| perl | perl | 5.22.0 | |
| perl | perl | 5.22.1 | |
| perl | perl | 5.22.1 | |
| perl | perl | 5.22.1 | |
| perl | perl | 5.22.1 | |
| perl | perl | 5.22.1 | |
| perl | perl | 5.22.2 | |
| perl | perl | 5.22.2 | |
| perl | perl | 5.22.3 | |
| perl | perl | 5.24.0 | |
| perl | perl | 5.24.0 | |
| perl | perl | 5.24.0 | |
| perl | perl | 5.24.0 | |
| perl | perl | 5.24.0 | |
| perl | perl | 5.24.0 | |
| perl | perl | 5.24.1 | |
| opensuse | leap | 15.0 | |
| apache | spamassassin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
"matchCriteriaId": "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "BF593285-9ECF-4F81-8D0E-7048E5297A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "68E7AF92-F791-4F27-A996-1C688E27EB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.000:*:*:*:*:*:*:*",
"matchCriteriaId": "33BD16F3-90F9-44FA-913F-3E8832EE7FEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.000o:*:*:*:*:*:*:*",
"matchCriteriaId": "9A9A905C-3DF9-4EB6-B93A-F7DFED63E2E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.001:*:*:*:*:*:*:*",
"matchCriteriaId": "6A0F4D87-B780-4672-93B5-739E365E2155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.001n:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2C9916-353B-4958-AF80-5477DB26F015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.002:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C74D41-BC84-43C2-9C6B-0C11A61EDC1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.002_01:*:*:*:*:*:*:*",
"matchCriteriaId": "4F56CD3C-542A-4441-AF33-65C084F219C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0C7A76-FEDA-4AC4-BFAD-01015DAE751D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_01:*:*:*:*:*:*:*",
"matchCriteriaId": "8950DFB0-64BF-4E4A-929F-8165A88F8C77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_02:*:*:*:*:*:*:*",
"matchCriteriaId": "C63F4167-E4D2-4633-8CDA-4E2A86E66AF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_03:*:*:*:*:*:*:*",
"matchCriteriaId": "85F31F8A-5682-45D6-8E0C-E7F312F59F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_04:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EE1C93-D2C6-4F53-9862-C29E93C6D80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_05:*:*:*:*:*:*:*",
"matchCriteriaId": "E59A0DBD-B135-41A1-92C1-EABA0157839F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_07:*:*:*:*:*:*:*",
"matchCriteriaId": "CB2932C3-0F88-46A4-8822-78CD5F1EBB12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_08:*:*:*:*:*:*:*",
"matchCriteriaId": "F760289E-C86E-4AC6-A4EC-DB25A141C99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_09:*:*:*:*:*:*:*",
"matchCriteriaId": "2F43A336-EDE0-445B-827F-E9544FC77552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_10:*:*:*:*:*:*:*",
"matchCriteriaId": "7749C19E-DC46-4F0B-A866-B292FA74B29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_11:*:*:*:*:*:*:*",
"matchCriteriaId": "E92CC85B-B58C-48F8-9E6C-4EF2053AC276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_12:*:*:*:*:*:*:*",
"matchCriteriaId": "818A195C-E450-4BA5-9557-A65285D79ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_13:*:*:*:*:*:*:*",
"matchCriteriaId": "82FEB582-2504-4E7E-A5C6-E0B6A4CC16D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_14:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAC694B-E397-4C15-BDBC-3D897761A9D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_15:*:*:*:*:*:*:*",
"matchCriteriaId": "0039A8F5-063D-49D6-8820-6948BB50C923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_16:*:*:*:*:*:*:*",
"matchCriteriaId": "E233E9D3-B462-4DF6-B46A-7D92DF37D6D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_17:*:*:*:*:*:*:*",
"matchCriteriaId": "C5F09857-DC25-40F3-9D40-1699AED6ABBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_18:*:*:*:*:*:*:*",
"matchCriteriaId": "F786345C-81BB-4BA4-B84A-0AB99E92B104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_19:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E22076-8DA3-40B7-BD3B-ACFBFAE79B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_20:*:*:*:*:*:*:*",
"matchCriteriaId": "E81E679F-803B-4AFB-947A-5DB6FE40A099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_21:*:*:*:*:*:*:*",
"matchCriteriaId": "C1FDE206-0648-4758-AFBF-E1E062875485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_22:*:*:*:*:*:*:*",
"matchCriteriaId": "061B1DE8-E39E-4B87-AAB3-076CC0086913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_23:*:*:*:*:*:*:*",
"matchCriteriaId": "49A046AB-FBF7-4F69-BDA5-A38ACF7A5822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_24:*:*:*:*:*:*:*",
"matchCriteriaId": "1FFEB7B3-2A2A-40BC-9EA9-0E18E62BBDFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_25:*:*:*:*:*:*:*",
"matchCriteriaId": "F81F635C-AF53-4515-8D38-0A738A0FD16E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_26:*:*:*:*:*:*:*",
"matchCriteriaId": "90FCFD46-17FC-4550-8608-4FBE7A450922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_27:*:*:*:*:*:*:*",
"matchCriteriaId": "3343A0BC-D62F-4FC5-A5BC-4FF155A566E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_28:*:*:*:*:*:*:*",
"matchCriteriaId": "B0440F0B-154D-48CE-84CB-0751F2CC9EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_90:*:*:*:*:*:*:*",
"matchCriteriaId": "0539B3F5-A216-4B9A-8229-752519135153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_91:*:*:*:*:*:*:*",
"matchCriteriaId": "2CCD591B-2C36-4EED-8CC2-F7B30C786CD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_92:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8B22C0-B8DA-496E-B615-EA8482FC04A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_93:*:*:*:*:*:*:*",
"matchCriteriaId": "B9215B20-2133-4992-928A-9EBD734A12A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_94:*:*:*:*:*:*:*",
"matchCriteriaId": "27E6BE18-F346-46DF-B84C-ED5CFDC5ABE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_95:*:*:*:*:*:*:*",
"matchCriteriaId": "F19F55A5-AAC9-4F7D-83F0-C91F98F6DEB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_96:*:*:*:*:*:*:*",
"matchCriteriaId": "5166BC2D-E3CC-4FA9-91C3-D97948003044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97:*:*:*:*:*:*:*",
"matchCriteriaId": "C89A4BB0-4C93-40A5-87CC-84C6338DF398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97a:*:*:*:*:*:*:*",
"matchCriteriaId": "07A1FD7E-6805-4F78-B15E-955D58FBC9C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97b:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2D805C-D3EC-4A9E-BD80-D448A719BFAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97c:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7EB8B6-0AB4-481F-8720-C6DB61EACB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97d:*:*:*:*:*:*:*",
"matchCriteriaId": "918B183C-AEAD-477D-871D-2582271D940A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97e:*:*:*:*:*:*:*",
"matchCriteriaId": "6B63EC1F-3311-44DD-8CCA-4D04C0F53E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97f:*:*:*:*:*:*:*",
"matchCriteriaId": "7DABDF1C-7793-4716-A7E8-895354874AC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97g:*:*:*:*:*:*:*",
"matchCriteriaId": "07D18688-D419-40FA-BBD6-C3DE46F5093C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97h:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE475CA-40C1-4851-A157-57BC56626B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97i:*:*:*:*:*:*:*",
"matchCriteriaId": "580002B3-C356-45DA-8C60-B5DFACED6DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97j:*:*:*:*:*:*:*",
"matchCriteriaId": "132AB295-0768-4927-AD64-1BB962BF406E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_98:*:*:*:*:*:*:*",
"matchCriteriaId": "58C6E5A0-45FD-4ECF-94A5-593C27051E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_99:*:*:*:*:*:*:*",
"matchCriteriaId": "75B905E8-76E7-45C8-B761-BD608C5465DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_99a:*:*:*:*:*:*:*",
"matchCriteriaId": "7666AD83-03A2-42D8-8D39-6377D0AB1A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.004:*:*:*:*:*:*:*",
"matchCriteriaId": "47B622FF-B240-48AE-898C-5EB0F612563F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.004_01:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9678C4-63EF-4717-A1C2-439A6726914B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.004_02:*:*:*:*:*:*:*",
"matchCriteriaId": "5807630D-4939-49D1-886D-9B5B35BDE131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.004_03:*:*:*:*:*:*:*",
"matchCriteriaId": "A10B1AFC-4BB0-432D-89F7-0EB1E74C99FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.004_04:*:*:*:*:*:*:*",
"matchCriteriaId": "13D67525-0514-4ED9-ACC7-D807225A6F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.004_05:*:*:*:*:*:*:*",
"matchCriteriaId": "B34949C7-F77A-4EC3-A757-21B7A2A44116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.005:*:*:*:*:*:*:*",
"matchCriteriaId": "1628FEAE-D96C-47C9-BF90-72506D8B9E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.005_01:*:*:*:*:*:*:*",
"matchCriteriaId": "35728909-A140-4531-AEF6-3A11722B4648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.005_02:*:*:*:*:*:*:*",
"matchCriteriaId": "F05D8B69-C077-41B0-8E1B-5DE25C5974DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.005_03:*:*:*:*:*:*:*",
"matchCriteriaId": "5B5FF9A9-5E08-47F5-81C3-94522DA40187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.005_04:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA7EA98-01E5-40A9-B8A4-7768E96B46D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3579E04-215F-4B7D-BC6B-5AA7F98715AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BBDE0711-1423-4E75-A902-1DA04DC8C352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD62DA82-0EB3-4ACA-ACC8-A1E63C031D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66F27F6D-ED2A-42C4-96A0-2F6536D9DA22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B476B28F-8F98-4794-A915-C47AB0C2A857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0EEC7CCD-459E-41CF-B819-696AB6C9BB39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4932278D-A661-42D9-AA36-4233B174EF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70CBBC87-F6F7-45AF-9B54-95402D03C75F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B34EA51-64A3-483A-AF99-01358F6BE8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E0DBA5-360F-463E-A840-365168A1FCC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA80F25-A108-4B65-BE25-56DE17B930EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ECB2B6E2-890E-4B6E-833F-DF40E6D77E22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53F0358E-0722-48A6-A2C6-470229602089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8DFDF97-EF44-448F-A5CA-021B2D64605F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E98D2706-99B7-4153-925B-77A8CECD7CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B10AD15E-6275-48AB-8757-FB5A735C82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2AFF98CD-FAF3-4016-BF69-FBCAACF570B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DF54207-7CF6-4204-9AA2-C705865797A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D37C95-2AB2-4827-A106-16D93ED21BBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF69341A-4D00-424E-AD0F-FA7515278770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "60C1DB87-F7F4-4D1D-9182-5922BAC7E55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "074987BF-A9E8-44BE-B9B8-C58C53A41EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5CFBA1-E202-4AF9-A26D-D66830C070B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "777EC860-FB16-4B15-A8BE-3EAE9FD8A99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B84C088-F29F-4498-A390-187505361962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D67E248-C0B8-4713-9D9A-47097885A2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B32436EE-DA64-41AD-B967-26C6D4973FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CF46E50D-AE29-49FD-884B-488D9EB879D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77B23E85-8167-4B17-8D76-BD807067BB4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8355C16E-16D4-4A68-BFD3-125892E3FA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85FFA753-4B14-4B52-941F-C33D41451EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B99FD006-688D-43BB-901A-FB9192157947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD582A1-DCCF-4D54-8177-45E861A0C263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E5AF4FAA-A591-43FB-A9B1-FD47EF0AC622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC3F8EA-BE60-4EAB-A9B9-DB1368B5430C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "C0D13359-AC5F-40CB-B906-8E03526CE045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A5E92FB2-7C21-4F06-AE3F-562551A758AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D213529E-33EF-43D1-A673-3C94191427D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6539E09-4DC5-4C53-AFF1-70D06BBA9E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "52D8DF08-AE73-4529-B212-CA31F02A719E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "EA054FCE-FABC-4EB5-9759-F77C6F250B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5DDFC6-4EDF-452A-B561-C9115D91FB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc0:*:*:*:*:*:*",
"matchCriteriaId": "2BCC9FF2-71D7-4873-AE3C-432EFBE642BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1DBAB61-4BFB-4664-98CF-77C617F982A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8A7580C2-44DE-48E5-AC26-A221537C95D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54E04A5E-BE90-4A31-8C1D-09A91DD3E7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1A52ADD6-05DE-4A16-9745-D92CD5F46502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF99954-5B94-4092-83B9-7D17EEDB30A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38A25AC3-1C81-4234-8B7E-0D59EA1F103B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "93E670B7-6956-4A13-A2A8-F675C0B093FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "23F1C64E-1446-409D-9F53-1C03724A10E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8E8FCF-4358-42D9-8C04-EBF78CC21583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E044E615-78CC-49BD-87D6-06710D857AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8A1D2576-41C9-433A-B483-BE11A2E08B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC45A04-5E81-4938-A247-A31E826FDABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74DDAB7D-1344-4C2E-B39D-05D2B9770333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B8197E63-97EE-471C-B6A8-F2FFA9841515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93813F8D-F22F-43E3-B894-BEB7FA6204F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B280339A-1CED-4FBD-8B3C-A48B07FE9BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC85766E-3A59-4711-85C9-62AC01F2A87D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC9AA38-4A25-4825-9EDD-E93353A8B195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "388E8952-47B7-426E-AE35-0216FD60CC8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "105AB2DD-5E61-4369-8383-B7BF13B85444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2F4C5C-2B56-450A-813F-254019FBB854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "226424B4-7299-4E28-BBB1-0FCC9E2602E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C16C918C-A1C4-425B-9C0C-B239B3482A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5393E265-60C1-43A6-9EFE-505A115053DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD50D93-8395-4698-A12B-D9CAAB022BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.11:*:*:*:*:*:*:*",
"matchCriteriaId": "04EE04B4-71DD-4A87-BA2D-79954AEF5DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A968B30-8456-49C2-A9B0-6CF55CB3C7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "66BF9787-C734-43DA-B8BF-FF6D6F4E802A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D94BF151-572F-4C50-8E47-9B8BCDD16A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5114F054-E5AF-4905-83DD-459E1D56B5DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91B91435-67DA-49E1-A37F-7839728F17BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "18CB92C4-A966-48F6-8B52-355A39A86F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "851028B9-65A4-4A4F-9C40-930B0B9A8797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9F8228A7-A933-470A-A72F-14B7F15C20EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AD4720-7A84-4D02-8DDC-1B91A08D98D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4D8DBCF-CB0C-4E5C-8CE0-F43A4769463C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "72589C2C-9ACC-4A48-8CCA-FD5410A51FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47B99644-442E-457D-A934-521E82F5DA22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7EE0482C-9845-4CEA-9E22-E74B6A44537D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A4B961F2-346B-4459-8363-B3C7CA6F17D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "02575484-8DC7-4B4D-8CA0-2766A47CFC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3CE102-2E66-4720-A1E6-7C937245BF15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE375DE-45CF-4867-BCA8-2655CA5CE06F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "189AEAEA-5853-4597-BF3C-82B2942CD62B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D385CF65-BE9E-4269-A558-D67C037F3662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ED8BF0A6-90DE-4B43-9D5B-52D1E2FDDC16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "94D93987-6891-4003-9FDA-5E0E31E6CDB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3935C006-C2D5-4568-BCA7-C949E2DF6DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3EDE7322-68A5-4924-9612-B1D3B72809FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5044A2-8BE6-4319-B042-B64B5FACE926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E3D711-A503-480F-B1EC-EC433F7DD644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "99D451CD-5278-4501-A0D2-1419A9ACB619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E2B2BDE6-597D-4C7F-AE7F-3D7A64813336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38179468-F93E-4E3C-8213-5F4A903B186A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE4A28C-360F-4527-B596-7467FF10579F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "45C4E830-5173-41C4-8E06-D17F0BDA8774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1857347B-E3A5-41BA-B6CB-1D9C2AA27BAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D119DB-B1C8-406E-8E2E-5BAC3BC61206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA9232E-21A1-43E8-8BFB-031A2904331F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB99136F-4B16-4C3C-84FE-8A49DC545694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A0D9FB9B-1CEE-4360-B92C-7CE69160CF70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "532B5841-0249-4EDE-AA52-292150DEC0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E84E6D66-D4EC-47DF-9C80-5D1F41545ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB61BB5A-BE61-4BB6-9CF1-48947C780F15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8240432C-DBFB-4977-8562-3F225BA745A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "596EA807-1994-4282-80EF-47F7C784327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.8:*:*:*:*:*:*:*",
"matchCriteriaId": "910E6121-7D96-492D-8E23-A6C87E463C65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C7F6649D-36EF-4F8C-A831-1A03854ECF6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "255CF66E-6FAA-4723-82DC-389449904ED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D6FC93-97C7-4B17-81CF-CCDAA4C6AE9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41488C64-89AF-47DE-9B7E-E0CE4E417E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2685AEF2-D96C-4571-A4D3-B95496D1ECD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "83066A81-9B80-478D-BAA2-614655272226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6819B0BE-16FA-4FFD-8EBB-43725162C4FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "C103F31D-1C0D-49A3-9639-E294BFCCC070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B398B96D-0C50-4FCE-9819-BC599ECB2208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "092191BC-4135-4437-84CF-F2E8C3FC1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D731DA65-C2C1-4954-92CB-B0DD9042E247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7DB4CB39-5A63-4D97-A5C3-CF61F7E171A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EF7EB508-710C-4064-9C94-3558C4AB43FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "42DF1C61-82E5-4D84-A027-1CFDB4F9DD02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C09081B7-56AC-4D30-BC39-5FC5503DAB2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "40A7771E-C770-4494-9DB2-15E7F8D15C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D4C89268-1858-4F09-AF4E-5BB2CB8794CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5E931F-85AB-4D99-BDC4-80C666187C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "277580B4-8F5E-43A3-A9A9-46D2D3E30BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C745ED42-1290-4AF4-9A64-1D681DE392DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "17CAEB2B-2F87-43CF-AA6D-DED035CF340C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9CAE1166-C49F-47D2-9235-0BC6CCC92FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8E733A-F9AA-4A17-89E4-F3F25732A198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17AA261B-1CBD-4052-923C-3964B53EB740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4B664952-4144-4D7A-B841-949ED6BE7397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87F7FEDE-D7F4-4B73-A7A7-D65F1AFFEC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C1FF482-9D80-4695-936E-0AAB3CB37072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD3F63E-9A8F-4A6C-90BA-8C9D7ADE7B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2BDD85-7ABB-4E73-B2BD-F3796DF137F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1F82F7EA-48CE-4EDC-8C91-B1E1CA9CF213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "069761F3-ADA6-4F9A-A42D-9CBFCA3329C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CD42D433-7822-4697-BE03-2867134DF70B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F67D144-A456-4A54-899A-77B15A2D6B17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1B6F92DD-B408-4826-9407-80E157B12839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "63892648-AC91-41FE-8258-83FBE6BEC019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "971901BB-B633-4F51-9E36-BBA997278DA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E5D07F59-CCBB-4372-ABFB-8C6E3509FC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2C0993E1-AF16-4D43-ACF1-7A1D8C1914FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "88D6873B-B718-4BA3-875F-AF2247D1DECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3EDCDB3E-4710-4FFD-AF24-FE3F06B75ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99267332-20F0-416B-8F01-ED45280BD2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AE652-51F8-4C37-B7CE-04A82202A723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F82B8B-1B85-4742-8ACE-5B46DD59A39F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A0B035B-B17C-4A1E-ADF1-1F90F65120C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B28B883C-BB67-4775-B17A-2A01E0468350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.5:*:*:*:*:*:*:*",
"matchCriteriaId": "917BF173-034B-4085-AB67-10EA9B770E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.6:*:*:*:*:*:*:*",
"matchCriteriaId": "94C06A0B-5A3A-48B5-8E39-42F5C9CEF193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6F242F60-5267-4B30-90E7-BAE119AE0B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.8:*:*:*:*:*:*:*",
"matchCriteriaId": "185BCB23-EC77-41CD-A75D-25B2A351A72D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.9:*:*:*:*:*:*:*",
"matchCriteriaId": "38513AFB-DB85-44C2-93CC-199A2759ACA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.10:*:*:*:*:*:*:*",
"matchCriteriaId": "51F325D8-6BAC-4CDE-A6A7-9DE8E7F8E6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E146059C-714F-4DF5-A9DA-A9672F7BA1FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88FABC18-1DEB-4732-9E0C-B0F3DE4EEAD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E09087D-3852-426A-A5E1-0081DFC17F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DE19639C-2939-45E6-9977-930E1D68E1A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E31817-A94D-48DE-A81E-2417AF5FA775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F0DC1981-0997-4B3E-9058-611F7D0789C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C6131602-C488-4932-8FE1-0CCA24E9F917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "46A8B43D-4177-4258-A2EC-DE7AEA366B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "81991993-3AFC-4462-8707-1B5CD796B500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F2E723-9520-4BAC-BD22-58D8042965A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BA0E5830-4D61-43A9-AC9C-14338553EF68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F4192D6D-5466-47B5-9733-02F95CE0AAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D972BFFE-84F9-47D0-B8F2-E1817DA8732D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.24.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D504C3E-EEEA-4023-89C3-FCEC0B763E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.24.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "19D5E676-9653-4B39-9C51-3A249724EF06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.24.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "300C59DD-95F7-49B9-833D-3463F6F98701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.24.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "7EB29593-0EEB-4F28-8293-6D1CC0A99887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.24.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "CB12C8AF-9C04-4581-895E-D684C759F657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.24.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3C7CC6EC-E04C-47E3-B350-7171A7B7CD0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:spamassassin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B11FE5D-8764-42A3-A534-0EBA21F550D6",
"versionEndExcluding": "3.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory."
},
{
"lang": "es",
"value": "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL y (25) utils/splain.PL en Perl 5.x en versiones anteriores a 5.22.3-RC2 y 5.24 en versiones anteriores a 5.24.1 1-RC2 no elimina adecuadamente caracteres . (period) del final de la matriz de directorio incluida, lo que podr\u00eda permitir a usuarios locales obtener privilegios a trav\u00e9s de un m\u00f3dulo Troyano bajo el directorio de trabajo actual."
}
],
"id": "CVE-2016-1238",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-02T14:59:00.130",
"references": [
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking"
],
"url": "http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3628"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92136"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036440"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"source": "security@debian.org",
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"source": "security@debian.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/"
},
{
"source": "security@debian.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/"
},
{
"source": "security@debian.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/"
},
{
"source": "security@debian.org",
"tags": [
"Permissions Required"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=127834"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=127834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201812-07"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-07 21:29
Modified
2024-11-21 03:55
Severity ?
Summary
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Mar/49 | Third Party Advisory | |
| cve@mitre.org | http://www.securitytracker.com/id/1042181 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:0001 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:0010 | Third Party Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1646738 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62 | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/ | ||
| cve@mitre.org | https://metacpan.org/changes/release/SHAY/perl-5.26.3 | Third Party Advisory | |
| cve@mitre.org | https://rt.perl.org/Ticket/Display.html?id=133192 | Exploit, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/bugtraq/2019/Mar/42 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201909-01 | ||
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20190221-0003/ | Third Party Advisory | |
| cve@mitre.org | https://support.apple.com/kb/HT209600 | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3834-1/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3834-2/ | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4347 | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujul2020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Mar/49 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1042181 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0001 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0010 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1646738 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://metacpan.org/changes/release/SHAY/perl-5.26.3 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rt.perl.org/Ticket/Display.html?id=133192 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/Mar/42 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201909-01 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190221-0003/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT209600 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3834-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3834-2/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4347 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2020.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| debian | debian_linux | 9.0 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 7.4 | |
| redhat | enterprise_linux | 7.5 | |
| redhat | enterprise_linux | 7.6 | |
| netapp | e-series_santricity_os_controller | * | |
| netapp | snap_creator_framework | - | |
| netapp | snapcenter | - | |
| netapp | snapdrive | - | |
| apple | mac_os_x | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0FEAD21-C9A0-40F3-8F2E-489750B07760",
"versionEndExcluding": "5.26.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "041F9200-4C01-4187-AE34-240E8277B54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB48767-F095-444F-9E05-D9AC345AB803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6FA12B-504C-4DBF-A32E-0548557AA2ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C82200F-A26E-4AD4-82FF-DC5601A28D52",
"versionEndIncluding": "11.40",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
"matchCriteriaId": "61D7EF01-F618-497F-9375-8003CEA3D380",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09CDBB72-2A0D-4321-BA1F-4FB326A5646A",
"versionEndExcluding": "10.14.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory."
},
{
"lang": "es",
"value": "Perl, en versiones anteriores a la 5.26.3, tiene una sobrelectura de b\u00fafer mediante una expresi\u00f3n regular manipulada que desencadena la divulgaci\u00f3n de informaci\u00f3n sensible de la memoria del proceso."
}
],
"id": "CVE-2018-18313",
"lastModified": "2024-11-21T03:55:41.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-07T21:29:00.717",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646738"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://rt.perl.org/Ticket/Display.html?id=133192"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3834-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://rt.perl.org/Ticket/Display.html?id=133192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3834-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-02 06:15
Modified
2024-11-21 08:29
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2023-47039 | Third Party Advisory | |
| secalert@redhat.com | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 | Mailing List, Patch | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2249525 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2023-47039 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 | Mailing List, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2249525 | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://perldoc.perl.org/perl5382delta#CVE-2023-47039-Perl-for-Windows-binary-hijacking-vulnerability | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20240208-0005/ |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "941F7B31-C194-4B93-AA3E-4F84C0DB4AF5",
"versionEndExcluding": "5.32.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Perl. Este problema de seguridad ocurre mientras Perl para Windows depende de la variable de entorno de ruta del sistema para encontrar el shell (`cmd.exe`). Cuando se ejecuta un ejecutable que utiliza el int\u00e9rprete de Windows Perl, Perl intenta buscar y ejecutar `cmd.exe` dentro del sistema operativo. Sin embargo, debido a problemas con el orden de b\u00fasqueda de rutas, Perl inicialmente busca cmd.exe en el directorio de trabajo actual. Esta falla permite que un atacante con privilegios limitados coloque `cmd.exe` en ubicaciones con permisos d\u00e9biles, como `C:\\ProgramData`. Al hacerlo, se puede ejecutar c\u00f3digo arbitrario cuando un administrador intenta utilizar este ejecutable desde estas ubicaciones comprometidas."
}
],
"id": "CVE-2023-47039",
"lastModified": "2024-11-21T08:29:39.083",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-02T06:15:13.737",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-47039"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-47039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://perldoc.perl.org/perl5382delta#CVE-2023-47039-Perl-for-Windows-binary-hijacking-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240208-0005/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-17 20:29
Modified
2024-11-21 04:11
Severity ?
Summary
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/103953 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1040681 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2018/04/msg00009.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://rt.perl.org/Public/Bug/Display.html?id=131844 | Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201909-01 | ||
| cve@mitre.org | https://usn.ubuntu.com/3625-1/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3625-2/ | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4172 | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujul2020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/103953 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040681 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/04/msg00009.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rt.perl.org/Public/Bug/Display.html?id=131844 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201909-01 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3625-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3625-2/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4172 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2020.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| perl | perl | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7440C4F0-6C9A-402A-B5F4-197245762A7B",
"versionEndExcluding": "5.26.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en la funci\u00f3n pack de Perl, en versiones anteriores a la 5.26.2, permite que atacantes dependientes del contexto ejecuten c\u00f3digo arbitrario mediante un conteo de items largo."
}
],
"id": "CVE-2018-6913",
"lastModified": "2024-11-21T04:11:24.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-17T20:29:00.660",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103953"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040681"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131844"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3625-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103953"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3625-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-05 14:15
Modified
2024-11-21 04:56
Severity ?
Summary
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod | Third Party Advisory | |
| cve@mitre.org | https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/ | ||
| cve@mitre.org | https://security.gentoo.org/glsa/202006-03 | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20200611-0001/ | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com//security-alerts/cpujul2021.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuApr2021.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujan2021.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujan2022.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuoct2020.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202006-03 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20200611-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com//security-alerts/cpujul2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuApr2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2020.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | * | |
| fedoraproject | fedora | 31 | |
| opensuse | leap | 15.1 | |
| netapp | oncommand_workflow_automation | - | |
| netapp | snap_creator_framework | - | |
| oracle | communications_billing_and_revenue_management | 12.0.0.2.0 | |
| oracle | communications_billing_and_revenue_management | 12.0.0.3.0 | |
| oracle | communications_diameter_signaling_router | * | |
| oracle | communications_eagle_application_processor | * | |
| oracle | communications_eagle_lnp_application_processor | 10.1 | |
| oracle | communications_eagle_lnp_application_processor | 10.2 | |
| oracle | communications_eagle_lnp_application_processor | 46.7 | |
| oracle | communications_eagle_lnp_application_processor | 46.8 | |
| oracle | communications_eagle_lnp_application_processor | 46.9 | |
| oracle | communications_lsms | * | |
| oracle | communications_offline_mediation_controller | 12.0.0.3.0 | |
| oracle | communications_performance_intelligence_center | * | |
| oracle | communications_performance_intelligence_center | * | |
| oracle | communications_pricing_design_center | 12.0.0.3.0 | |
| oracle | configuration_manager | 12.1.2.0.8 | |
| oracle | enterprise_manager_base_platform | 13.4.0.0 | |
| oracle | sd-wan_aware | 8.2 | |
| oracle | sd-wan_aware | 9.0 | |
| oracle | sd-wan_aware | 9.1 | |
| oracle | tekelec_platform_distribution | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C171B203-3DAA-43B7-A0BE-DDB0895EB744",
"versionEndExcluding": "5.30.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ECD5E79-5C1B-42E9-BE0B-A034EE2D632D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C88D46AF-459D-4917-9403-0F63FEC83512",
"versionEndIncluding": "8.5.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0E3537-CB5A-40BF-B42C-CED9211B8892",
"versionEndIncluding": "16.4.0",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "996861FC-0089-4BED-8E46-F2B76037EA65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "37764AF5-E42E-461E-AA43-763D21B3DCE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.7:*:*:*:*:*:*:*",
"matchCriteriaId": "879FE18D-6B1C-4CF7-B409-C379E9F60D0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BE3FB3-5619-4381-BE4E-FBADB3C747F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB3C447-DA3F-44FF-91FD-8985C0527940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "806AF4AF-12FB-4222-84E4-BC9D44EFF09F",
"versionEndIncluding": "13.4",
"versionStartIncluding": "13.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49ACFC73-A509-4D1C-8FC3-F68F495AB055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "977CA754-6CE0-4FCB-9683-D81B7A15449D",
"versionEndIncluding": "10.3.0.2.1",
"versionStartIncluding": "10.3.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29A3F7EF-2A69-427F-9F75-DDDBEE34BA2B",
"versionEndIncluding": "10.4.0.3.1",
"versionStartIncluding": "10.4.0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B49D71-6A31-497A-B6A9-06E84F086E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "495DECD7-B14F-4D59-B3E1-30BF9B267475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "667A06DE-E173-406F-94DA-1FE64BCFAE18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_aware:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B003D11-398F-486C-941D-698FB5BE5BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_aware:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D13834B9-C48B-4C72-A27B-F9A8ACB50098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26F05F85-7458-4C8F-B93F-93C92E506A40",
"versionEndIncluding": "7.7.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection."
},
{
"lang": "es",
"value": "Perl versiones anteriores a 5.30.3, presenta un desbordamiento de enteros relacionado con un manejo inapropiado de una situaci\u00f3n \"PL_regkind[OP(n)] == NOTHING\". Una expresi\u00f3n regular dise\u00f1ada podr\u00eda conllevar a un bytecode malformado con la posibilidad de inyecci\u00f3n de instrucciones"
}
],
"id": "CVE-2020-10878",
"lastModified": "2024-11-21T04:56:16.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-05T14:15:10.527",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-29 14:30
Modified
2025-04-09 00:30
Severity ?
Summary
Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4 | Patch | |
| secalert@redhat.com | http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973 | ||
| secalert@redhat.com | http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/ | ||
| secalert@redhat.com | http://secunia.com/advisories/37144 | Vendor Advisory | |
| secalert@redhat.com | http://securitytracker.com/id?1023077 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2009/10/23/8 | ||
| secalert@redhat.com | http://www.osvdb.org/59283 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/36812 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2009/3023 | Patch, Vendor Advisory | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/53939 | ||
| secalert@redhat.com | https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/37144 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1023077 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2009/10/23/8 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/59283 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36812 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2009/3023 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/53939 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D67E248-C0B8-4713-9D9A-47097885A2C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match."
},
{
"lang": "es",
"value": "Perl v5.10.1 permite a atacantes dependientes de contexto producir una denegaci\u00f3n de servicio (caida de aplicaci\u00f3n) a trav\u00e9s de un car\u00e1cter UTF-8 con un codepoint largo invalido, lo que no es adecuadamente gestionado cuando se produce una coincidencia de expresiones regulares."
}
],
"id": "CVE-2009-3626",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-29T14:30:01.170",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4"
},
{
"source": "secalert@redhat.com",
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973"
},
{
"source": "secalert@redhat.com",
"url": "http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37144"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1023077"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2009/10/23/8"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/59283"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/36812"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3023"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53939"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/10/23/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/59283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of perl as shipped with Red Hat Enterprise Linux 3, 4, or 5.",
"lastModified": "2009-10-30T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-01 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905 | Exploit | |
| cve@mitre.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36 | Exploit | |
| cve@mitre.org | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 | ||
| cve@mitre.org | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html | ||
| cve@mitre.org | http://secunia.com/advisories/32980 | ||
| cve@mitre.org | http://secunia.com/advisories/33314 | ||
| cve@mitre.org | http://secunia.com/advisories/40052 | ||
| cve@mitre.org | http://support.apple.com/kb/HT4077 | ||
| cve@mitre.org | http://wiki.rpath.com/Advisories:rPSA-2009-0011 | ||
| cve@mitre.org | http://www.debian.org/security/2008/dsa-1678 | ||
| cve@mitre.org | http://www.gossamer-threads.com/lists/perl/porters/233695#233695 | Exploit | |
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2010:116 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2008/11/28/2 | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2010-0458.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/500210/100/0/threaded | ||
| cve@mitre.org | http://www.ubuntu.com/usn/usn-700-1 | ||
| cve@mitre.org | http://www.ubuntu.com/usn/usn-700-2 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/47043 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/32980 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/33314 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/40052 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4077 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/Advisories:rPSA-2009-0011 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1678 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gossamer-threads.com/lists/perl/porters/233695#233695 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:116 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2008/11/28/2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2010-0458.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/500210/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-700-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-700-2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/47043 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E98D2706-99B7-4153-925B-77A8CECD7CFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B84C088-F29F-4498-A390-187505361962",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:file\\:\\:path:1.08:*:*:*:*:*:*:*",
"matchCriteriaId": "EA2DEBED-F663-4F03-A7AA-601293DE48BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:file\\:\\:path:2.07:*:*:*:*:*:*:*",
"matchCriteriaId": "768FC916-07E3-4D66-B1B7-C36B40B64F35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en la funci\u00f3n rmtree de File::Path 1.08 y 2.07 (lib/File/Path.pm) en Perl 5.8.8 y 5.10.0 permite a usuarios locales crear binarios setuid arbitrarios a trav\u00e9s de un ataque por enlace simb\u00f3lico. Se trata de una vulnerabilidad diferente que CVE-2005-0448, CVE-2004-0452 y CVE-2008-2827. NOTA: Esto es un error de regresi\u00f3n relacionado con CVE-2005-0448. Es diferente de CVE-2008-5303 por las versiones afectadas."
}
],
"id": "CVE-2008-5302",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-01T17:30:01.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32980"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33314"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/40052"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT4077"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1678"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.gossamer-threads.com/lists/perl/porters/233695#233695"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47043"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/40052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT4077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.gossamer-threads.com/lists/perl/porters/233695#233695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue has been addressed in perl packages as shipped in Red Hat Enterprise Linux 3 and 4 via https://rhn.redhat.com/errata/RHSA-2010-0457.html and Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0458.html.\n",
"lastModified": "2010-06-07T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-08 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076 | Vendor Advisory | |
| cve@mitre.org | http://www.debian.org/security/2016/dsa-3501 | Third Party Advisory | |
| cve@mitre.org | http://www.gossamer-threads.com/lists/perl/porters/326387 | Third Party Advisory | |
| cve@mitre.org | http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | Third Party Advisory | |
| cve@mitre.org | http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | Third Party Advisory | |
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html | Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/83802 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.ubuntu.com/usn/USN-2916-1 | Third Party Advisory | |
| cve@mitre.org | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 | Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201701-75 | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuapr2020.html | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujul2020.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3501 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gossamer-threads.com/lists/perl/porters/326387 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/83802 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2916-1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201701-75 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2020.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2020.html | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| oracle | communications_billing_and_revenue_management | 7.5 | |
| oracle | configuration_manager | * | |
| oracle | configuration_manager | 12.1.2.0.6 | |
| oracle | database_server | 11.2.0.4 | |
| oracle | database_server | 12.1.0.2 | |
| oracle | database_server | 12.2.0.1 | |
| oracle | database_server | 18c | |
| oracle | database_server | 19c | |
| oracle | enterprise_manager_base_platform | 13.2.0.0.0 | |
| oracle | enterprise_manager_base_platform | 13.3.0.0.0 | |
| oracle | timesten_in-memory_database | * | |
| oracle | solaris | 11.3 | |
| opensuse | opensuse | 13.2 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA7A9701-8475-4AD0-A669-0B61883E0081",
"versionEndExcluding": "5.23.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E6039DC7-08F2-4DD9-B5B5-B6B22DD2409F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:configuration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF5D151-5CD2-4C36-939F-829FA976EA6E",
"versionEndExcluding": "12.1.2.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "655DB795-DD05-4A47-AE82-85EEF7AD1DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E11A25-C7CE-49DF-99CA-352FD21B8230",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F3D40B7-925C-413D-AFF3-60BF330D5BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C614BA7-7103-4ED7-ADD0-56064FE256A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*",
"matchCriteriaId": "6833701E-5510-4180-9523-9CFD318DEE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*",
"matchCriteriaId": "B2204841-585F-40C7-A1D9-C34E612808CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDCE0E90-495E-4437-8529-3C36441FB69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F06877B6-A08F-4305-874E-6CD691B88D12",
"versionEndExcluding": "18.1.2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp."
},
{
"lang": "es",
"value": "Perl podr\u00eda permitir a atacantes dependientes de contexto eludir los mecanismos de protecci\u00f3n taint en un proceso hijo a trav\u00e9s de variables de entorno duplicadas en envp."
}
],
"id": "CVE-2016-2381",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-08T15:59:05.183",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3501"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gossamer-threads.com/lists/perl/porters/326387"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/83802"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gossamer-threads.com/lists/perl/porters/326387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/83802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-02 23:15
Modified
2025-06-30 17:15
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010 | ||
| cve@mitre.org | https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6 | ||
| cve@mitre.org | https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3 | Patch |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14B8DD8C-B79A-41F6-B743-6D319ACD6741",
"versionEndExcluding": "5.38.2",
"versionStartIncluding": "5.30.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \\p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0."
},
{
"lang": "es",
"value": "En Perl anterior a 5.38.2, S_parse_uniprop_string en regcomp.c puede escribir en espacio no asignado porque un nombre de propiedad asociado con una construcci\u00f3n de expresi\u00f3n regular \\p{...} est\u00e1 mal manejado. La primera versi\u00f3n afectada es la 5.30.0."
}
],
"id": "CVE-2023-47100",
"lastModified": "2025-06-30T17:15:30.870",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-12-02T23:15:07.187",
"references": [
{
"source": "cve@mitre.org",
"url": "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-14 03:13
Modified
2025-04-11 00:51
Severity ?
Summary
The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296 | ||
| cve@mitre.org | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 | ||
| cve@mitre.org | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html | ||
| cve@mitre.org | http://marc.info/?l=bugtraq&m=137891988921058&w=2 | ||
| cve@mitre.org | http://marc.info/?l=bugtraq&m=137891988921058&w=2 | ||
| cve@mitre.org | http://osvdb.org/90892 | ||
| cve@mitre.org | http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5 | ||
| cve@mitre.org | http://perl5.git.perl.org/perl.git/commitdiff/9d83adc | ||
| cve@mitre.org | http://perl5.git.perl.org/perl.git/commitdiff/d59e31f | ||
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2013-0685.html | ||
| cve@mitre.org | http://secunia.com/advisories/52472 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/52499 | Vendor Advisory | |
| cve@mitre.org | http://www.debian.org/security/2013/dsa-2641 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2013:113 | ||
| cve@mitre.org | http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html | ||
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/58311 | ||
| cve@mitre.org | http://www.ubuntu.com/usn/USN-1770-1 | ||
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=912276 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/82598 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771 | ||
| cve@mitre.org | https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=137891988921058&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=bugtraq&m=137891988921058&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/90892 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://perl5.git.perl.org/perl.git/commitdiff/9d83adc | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://perl5.git.perl.org/perl.git/commitdiff/d59e31f | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2013-0685.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/52472 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/52499 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2013/dsa-2641 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2013:113 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/58311 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1770-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=912276 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/82598 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | 5.8.2 | |
| perl | perl | 5.8.3 | |
| perl | perl | 5.8.4 | |
| perl | perl | 5.8.5 | |
| perl | perl | 5.8.6 | |
| perl | perl | 5.8.7 | |
| perl | perl | 5.8.8 | |
| perl | perl | 5.8.9 | |
| perl | perl | 5.8.10 | |
| perl | perl | 5.10 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.11.0 | |
| perl | perl | 5.11.1 | |
| perl | perl | 5.11.2 | |
| perl | perl | 5.11.3 | |
| perl | perl | 5.11.4 | |
| perl | perl | 5.11.5 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.4 | |
| perl | perl | 5.13.0 | |
| perl | perl | 5.13.1 | |
| perl | perl | 5.13.2 | |
| perl | perl | 5.13.3 | |
| perl | perl | 5.13.4 | |
| perl | perl | 5.13.5 | |
| perl | perl | 5.13.6 | |
| perl | perl | 5.13.7 | |
| perl | perl | 5.13.8 | |
| perl | perl | 5.13.9 | |
| perl | perl | 5.13.10 | |
| perl | perl | 5.13.11 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.1 | |
| perl | perl | 5.14.2 | |
| perl | perl | 5.14.3 | |
| perl | perl | 5.16.0 | |
| perl | perl | 5.16.1 | |
| perl | perl | 5.16.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B34EA51-64A3-483A-AF99-01358F6BE8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E0DBA5-360F-463E-A840-365168A1FCC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA80F25-A108-4B65-BE25-56DE17B930EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ECB2B6E2-890E-4B6E-833F-DF40E6D77E22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53F0358E-0722-48A6-A2C6-470229602089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8DFDF97-EF44-448F-A5CA-021B2D64605F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E98D2706-99B7-4153-925B-77A8CECD7CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B10AD15E-6275-48AB-8757-FB5A735C82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7B358BF3-55AC-477E-A4B5-3960C449C011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "777EC860-FB16-4B15-A8BE-3EAE9FD8A99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B84C088-F29F-4498-A390-187505361962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17E86767-47EB-4A39-B8E1-A4B9AB4BC20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DB77E3D6-9F24-4C51-86E4-CD014DF0F66E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D67E248-C0B8-4713-9D9A-47097885A2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B32436EE-DA64-41AD-B967-26C6D4973FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CF46E50D-AE29-49FD-884B-488D9EB879D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77B23E85-8167-4B17-8D76-BD807067BB4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8355C16E-16D4-4A68-BFD3-125892E3FA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85FFA753-4B14-4B52-941F-C33D41451EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B99FD006-688D-43BB-901A-FB9192157947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD582A1-DCCF-4D54-8177-45E861A0C263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E5AF4FAA-A591-43FB-A9B1-FD47EF0AC622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC3F8EA-BE60-4EAB-A9B9-DB1368B5430C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "C0D13359-AC5F-40CB-B906-8E03526CE045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A5E92FB2-7C21-4F06-AE3F-562551A758AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D213529E-33EF-43D1-A673-3C94191427D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6539E09-4DC5-4C53-AFF1-70D06BBA9E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "52D8DF08-AE73-4529-B212-CA31F02A719E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "EA054FCE-FABC-4EB5-9759-F77C6F250B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5DDFC6-4EDF-452A-B561-C9115D91FB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1DBAB61-4BFB-4664-98CF-77C617F982A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8A7580C2-44DE-48E5-AC26-A221537C95D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54E04A5E-BE90-4A31-8C1D-09A91DD3E7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1A52ADD6-05DE-4A16-9745-D92CD5F46502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF99954-5B94-4092-83B9-7D17EEDB30A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38A25AC3-1C81-4234-8B7E-0D59EA1F103B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "93E670B7-6956-4A13-A2A8-F675C0B093FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "23F1C64E-1446-409D-9F53-1C03724A10E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8E8FCF-4358-42D9-8C04-EBF78CC21583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93813F8D-F22F-43E3-B894-BEB7FA6204F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B280339A-1CED-4FBD-8B3C-A48B07FE9BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC85766E-3A59-4711-85C9-62AC01F2A87D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC9AA38-4A25-4825-9EDD-E93353A8B195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "388E8952-47B7-426E-AE35-0216FD60CC8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "105AB2DD-5E61-4369-8383-B7BF13B85444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2F4C5C-2B56-450A-813F-254019FBB854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "226424B4-7299-4E28-BBB1-0FCC9E2602E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C16C918C-A1C4-425B-9C0C-B239B3482A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5393E265-60C1-43A6-9EFE-505A115053DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD50D93-8395-4698-A12B-D9CAAB022BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.11:*:*:*:*:*:*:*",
"matchCriteriaId": "04EE04B4-71DD-4A87-BA2D-79954AEF5DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A968B30-8456-49C2-A9B0-6CF55CB3C7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "66BF9787-C734-43DA-B8BF-FF6D6F4E802A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D94BF151-572F-4C50-8E47-9B8BCDD16A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5114F054-E5AF-4905-83DD-459E1D56B5DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91B91435-67DA-49E1-A37F-7839728F17BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "851028B9-65A4-4A4F-9C40-930B0B9A8797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AD4720-7A84-4D02-8DDC-1B91A08D98D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E3D711-A503-480F-B1EC-EC433F7DD644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38179468-F93E-4E3C-8213-5F4A903B186A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE4A28C-360F-4527-B596-7467FF10579F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key."
},
{
"lang": "es",
"value": "El mecanismo de rehash en Perl v5.8.2 a trav\u00e9s v5.16.x permite a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (consumo de memoria y ca\u00edda) mediante una tecla de almohadilla dise\u00f1ada."
}
],
"id": "CVE-2013-1667",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-14T03:13:36.873",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=137891988921058\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=137891988921058\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/90892"
},
{
"source": "cve@mitre.org",
"url": "http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5"
},
{
"source": "cve@mitre.org",
"url": "http://perl5.git.perl.org/perl.git/commitdiff/9d83adc"
},
{
"source": "cve@mitre.org",
"url": "http://perl5.git.perl.org/perl.git/commitdiff/d59e31f"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52472"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52499"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2013/dsa-2641"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"source": "cve@mitre.org",
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/58311"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1770-1"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=912276"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82598"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771"
},
{
"source": "cve@mitre.org",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=137891988921058\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=137891988921058\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/90892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://perl5.git.perl.org/perl.git/commitdiff/9d83adc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://perl5.git.perl.org/perl.git/commitdiff/d59e31f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1770-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=912276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-19 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch | Patch, Third Party Advisory | |
| cve@mitre.org | http://www.debian.org/security/2017/dsa-3982 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/100852 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1492093 | Issue Tracking, Patch, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1 | Patch, Vendor Advisory | |
| cve@mitre.org | https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://rt.perl.org/Public/Bug/Display.html?id=131598 | ||
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20180426-0001/ | ||
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujul2020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3982 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100852 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1492093 | Issue Tracking, Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rt.perl.org/Public/Bug/Display.html?id=131598 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20180426-0001/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2020.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB276E2C-622C-45EB-8378-35751366049F",
"versionEndIncluding": "5.24.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71CAECA-2A6A-4604-863F-3C1C055FB1CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid \u0027\\N{U+...}\u0027 escape."
},
{
"lang": "es",
"value": "Un Desbordamiento de b\u00fafer en la funci\u00f3n S_grok_bslash_N en el archivo regcomp.c en Perl versi\u00f3n 5 anterior a 5.24.3-RC1 y versi\u00f3n 5.26.x anterior a 5.26.1-RC1, permite a los atacantes remotos divulgar informaci\u00f3n confidencial o causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) por medio de una expresi\u00f3n creada con un escape \u0027\\N{U+...}\u0027 inv\u00e1lido."
}
],
"id": "CVE-2017-12883",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-19T18:29:00.197",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100852"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492093"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"source": "cve@mitre.org",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131598"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-17 20:29
Modified
2024-11-21 04:11
Severity ?
Summary
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securitytracker.com/id/1040681 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1042004 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:1192 | Third Party Advisory | |
| cve@mitre.org | https://rt.perl.org/Public/Bug/Display.html?id=132227 | Patch, Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201909-01 | ||
| cve@mitre.org | https://usn.ubuntu.com/3625-1/ | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4172 | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujul2020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040681 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1042004 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:1192 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rt.perl.org/Public/Bug/Display.html?id=132227 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201909-01 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3625-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4172 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2020.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| perl | perl | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server | 7.3 | |
| redhat | enterprise_linux_server | 7.4 | |
| redhat | enterprise_linux_server | 7.5 | |
| redhat | enterprise_linux_server | 7.6 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC823E6-D243-4B29-99D9-5301FA579891",
"versionEndIncluding": "5.26",
"versionStartIncluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BB520389-84EE-477C-A9C8-74721592A320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4AB18C-40FC-4E48-830D-481A97B34256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "24D3235A-DB42-4868-90D9-712C3B3693AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5E92F9B3-3841-4C05-88F0-CEB0735EA4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Perl 5.26. Una expresi\u00f3n regular manipulada puede provocar un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap), con control sobre los bytes que se escriben."
}
],
"id": "CVE-2018-6797",
"lastModified": "2024-11-21T04:11:13.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-17T20:29:00.520",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040681"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1192"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=132227"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=132227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-17 20:29
Modified
2024-11-21 04:11
Severity ?
Summary
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securitytracker.com/id/1040681 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:1192 | Third Party Advisory | |
| cve@mitre.org | https://rt.perl.org/Public/Bug/Display.html?id=132063 | Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201909-01 | ||
| cve@mitre.org | https://usn.ubuntu.com/3625-1/ | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4172 | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujul2020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1040681 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:1192 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rt.perl.org/Public/Bug/Display.html?id=132063 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201909-01 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3625-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4172 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2020.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| perl | perl | * | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server | 7.3 | |
| redhat | enterprise_linux_server | 7.4 | |
| redhat | enterprise_linux_server | 7.5 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3118FEF0-4ECD-4C0F-B441-76C8D92084BD",
"versionEndIncluding": "5.26",
"versionStartIncluding": "5.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BB520389-84EE-477C-A9C8-74721592A320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4AB18C-40FC-4E48-830D-481A97B34256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "24D3235A-DB42-4868-90D9-712C3B3693AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Perl, de la versi\u00f3n 5.22 a la 5.26. Si se hace que coincida una expresi\u00f3n regular dependiente de una locale manipulada, se puede provocar una sobrelectura de b\u00fafer basada en memoria din\u00e1mica (heap) y una potencial divulgaci\u00f3n de informaci\u00f3n."
}
],
"id": "CVE-2018-6798",
"lastModified": "2024-11-21T04:11:13.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-17T20:29:00.580",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040681"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1192"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=132063"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=132063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-02 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@debian.org | http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7 | Issue Tracking, Vendor Advisory | |
| security@debian.org | http://www.debian.org/security/2016/dsa-3628 | Third Party Advisory | |
| security@debian.org | http://www.openwall.com/lists/oss-security/2016/07/07/1 | Mailing List, Third Party Advisory | |
| security@debian.org | http://www.openwall.com/lists/oss-security/2016/07/08/5 | Mailing List, Third Party Advisory | |
| security@debian.org | http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html | Third Party Advisory | |
| security@debian.org | http://www.securityfocus.com/bid/91685 | Third Party Advisory, VDB Entry | |
| security@debian.org | http://www.securitytracker.com/id/1036260 | Third Party Advisory, VDB Entry | |
| security@debian.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/ | ||
| security@debian.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/ | ||
| security@debian.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/ | ||
| security@debian.org | https://rt.cpan.org/Public/Bug/Display.html?id=115808 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| security@debian.org | https://security.gentoo.org/glsa/201701-75 | Third Party Advisory | |
| security@debian.org | https://usn.ubuntu.com/3625-1/ | Third Party Advisory | |
| security@debian.org | https://usn.ubuntu.com/3625-2/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7 | Issue Tracking, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3628 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/07/07/1 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/07/08/5 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/91685 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1036260 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rt.cpan.org/Public/Bug/Display.html?id=115808 | Exploit, Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201701-75 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3625-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3625-2/ | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | * | |
| perl | perl | * | |
| fedoraproject | fedora | 22 | |
| fedoraproject | fedora | 23 | |
| fedoraproject | fedora | 24 | |
| debian | debian_linux | 8.0 | |
| oracle | solaris | 10 | |
| oracle | solaris | 11.3 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53A440FA-0362-4663-9934-BE37A2008CCC",
"versionEndExcluding": "5.24.1",
"versionStartIncluding": "5.23.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF80D08-9B2A-4C22-B692-32A78571266A",
"versionEndExcluding": "5.25.3",
"versionStartIncluding": "5.25.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
"matchCriteriaId": "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
"matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory."
},
{
"lang": "es",
"value": "El m\u00e9todo XSLoader::load en XSLoader en Perl no localiza adecuadamente archivos .so cuando se le llama en una cadena eval, lo que podr\u00eda permitir a usuarios locales ejecutar c\u00f3digo arbitrario a trav\u00e9s de una librer\u00eda Troyano bajo el directorio de trabajo actual."
}
],
"id": "CVE-2016-6185",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-02T14:59:02.943",
"references": [
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3628"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/07/1"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/08/5"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91685"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036260"
},
{
"source": "security@debian.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/"
},
{
"source": "security@debian.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/"
},
{
"source": "security@debian.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/"
},
{
"source": "security@debian.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=115808"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3625-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/07/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/08/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=115808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3625-2/"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-05 22:29
Modified
2024-11-21 03:55
Severity ?
Summary
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/106179 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1042181 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:0001 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:0010 | Third Party Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1646734 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/ | ||
| cve@mitre.org | https://metacpan.org/changes/release/SHAY/perl-5.26.3 | Third Party Advisory | |
| cve@mitre.org | https://metacpan.org/changes/release/SHAY/perl-5.28.1 | Third Party Advisory | |
| cve@mitre.org | https://rt.perl.org/Public/Bug/Display.html?id=133423 | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201909-01 | ||
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20190221-0003/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3834-1/ | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4347 | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujul2020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106179 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1042181 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0001 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0010 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1646734 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://metacpan.org/changes/release/SHAY/perl-5.26.3 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://metacpan.org/changes/release/SHAY/perl-5.28.1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rt.perl.org/Public/Bug/Display.html?id=133423 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201909-01 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190221-0003/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3834-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4347 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2020.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | * | |
| perl | perl | * | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| debian | debian_linux | 9.0 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 7.4 | |
| redhat | enterprise_linux | 7.5 | |
| redhat | enterprise_linux | 7.6 | |
| netapp | e-series_santricity_os_controller | * | |
| netapp | snap_creator_framework | - | |
| netapp | snapcenter | - | |
| netapp | snapdrive | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0FEAD21-C9A0-40F3-8F2E-489750B07760",
"versionEndExcluding": "5.26.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "054E1C6A-1EC3-4877-839C-1C28FCEC501A",
"versionEndExcluding": "5.28.1",
"versionStartIncluding": "5.28.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "041F9200-4C01-4187-AE34-240E8277B54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB48767-F095-444F-9E05-D9AC345AB803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6FA12B-504C-4DBF-A32E-0548557AA2ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C82200F-A26E-4AD4-82FF-DC5601A28D52",
"versionEndIncluding": "11.40",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
"matchCriteriaId": "61D7EF01-F618-497F-9375-8003CEA3D380",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations."
},
{
"lang": "es",
"value": "Perl, en versiones anteriores a la 5.26.3 y versiones 5.28.0 anteriores a la 5.28.1, tiene un desbordamiento de b\u00fafer mediante una expresi\u00f3n regular manipulada que desencadena operaciones inv\u00e1lidas de escritura."
}
],
"id": "CVE-2018-18312",
"lastModified": "2024-11-21T03:55:40.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-05T22:29:00.303",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106179"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646734"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.28.1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=133423"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.28.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=133423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-16 23:59
Modified
2025-04-12 10:46
Severity ?
Summary
Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html | Vendor Advisory | |
| secalert@redhat.com | http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/75704 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-2916-1 | ||
| secalert@redhat.com | https://security.gentoo.org/glsa/201507-11 | ||
| secalert@redhat.com | https://support.apple.com/kb/HT205031 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/75704 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2916-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201507-11 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT205031 | Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7883E465-932D-4C11-AA54-97E44181F906",
"versionEndIncluding": "10.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.18.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5E931F-85AB-4D99-BDC4-80C666187C26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression."
},
{
"lang": "es",
"value": "Desbordamiento inferior de enteros en regcomp.c en Perl en versiones anteriores a 5.20, tal como se utiliza en Apple OS X en versiones anteriores a 10.10.5 y otros productos, permite a atacantes dependientes del contexto ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una cadena larga de d\u00edgitos asociados con una referencia inversa no v\u00e1lida dentro de una expresi\u00f3n regular."
}
],
"id": "CVE-2013-7422",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-16T23:59:00.097",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/75704"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201507-11"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201507-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT205031"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-07 13:29
Modified
2024-11-21 03:44
Severity ?
Summary
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Mar/49 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/104423 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1041048 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:2097 | ||
| cve@mitre.org | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834 | Exploit, Mailing List, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/bugtraq/2019/Mar/42 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20180927-0001/ | Patch, Third Party Advisory | |
| cve@mitre.org | https://support.apple.com/kb/HT209600 | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3684-1/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3684-2/ | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4226 | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujul2020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Mar/49 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/104423 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041048 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2097 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834 | Exploit, Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/Mar/42 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20180927-0001/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT209600 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3684-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3684-2/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4226 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2020.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| canonical | ubuntu_linux | 18.04 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| perl | perl | * | |
| archive\ | \ | tar_project | |
| apple | mac_os_x | * | |
| netapp | data_ontap_edge | - | |
| netapp | oncommand_workflow_automation | - | |
| netapp | snap_creator_framework | - | |
| netapp | snapdrive | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA33F373-89C1-4FAD-9B80-7B2BD4388162",
"versionEndIncluding": "5.26.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:archive\\:\\:tar_project:archive\\:\\:tar:*:*:*:*:*:perl:*:*",
"matchCriteriaId": "52784FCD-EC91-4EF7-998B-E28F95B99B7D",
"versionEndIncluding": "2.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09CDBB72-2A0D-4321-BA1F-4FB326A5646A",
"versionEndExcluding": "10.14.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
"matchCriteriaId": "61D7EF01-F618-497F-9375-8003CEA3D380",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name."
},
{
"lang": "es",
"value": "En Perl hasta la versi\u00f3n 5.26.2, el m\u00f3dulo Archive::Tar permite que atacantes remotos omitan un mecanismo de protecci\u00f3n de salto de directorio y sobrescriban archivos arbitrarios mediante un archivo comprimido que contiene un symlink y un archivo normal con el mismo nombre."
}
],
"id": "CVE-2018-12015",
"lastModified": "2024-11-21T03:44:24.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-07T13:29:00.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104423"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041048"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2097"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180927-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3684-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3684-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4226"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180927-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3684-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3684-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-04 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224 | ||
| cve@mitre.org | http://code.activestate.com/lists/perl5-porters/187746/ | ||
| cve@mitre.org | http://code.activestate.com/lists/perl5-porters/187763/ | ||
| cve@mitre.org | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 | ||
| cve@mitre.org | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 | ||
| cve@mitre.org | http://openwall.com/lists/oss-security/2012/12/11/4 | ||
| cve@mitre.org | http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod | ||
| cve@mitre.org | http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8 | Patch | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2013-0685.html | ||
| cve@mitre.org | http://sourceforge.net/mailarchive/message.php?msg_id=30219695 | ||
| cve@mitre.org | http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2013:113 | ||
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/56950 | ||
| cve@mitre.org | http://www.ubuntu.com/usn/USN-2099-1 | ||
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=884354 | ||
| cve@mitre.org | https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://code.activestate.com/lists/perl5-porters/187746/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://code.activestate.com/lists/perl5-porters/187763/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2012/12/11/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2013-0685.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://sourceforge.net/mailarchive/message.php?msg_id=30219695 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2013:113 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/56950 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2099-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=884354 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | * | |
| perl | perl | 5.10 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.11.0 | |
| perl | perl | 5.11.1 | |
| perl | perl | 5.11.2 | |
| perl | perl | 5.11.3 | |
| perl | perl | 5.11.4 | |
| perl | perl | 5.11.5 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.13.0 | |
| perl | perl | 5.13.1 | |
| perl | perl | 5.13.2 | |
| perl | perl | 5.13.3 | |
| perl | perl | 5.13.4 | |
| perl | perl | 5.13.5 | |
| perl | perl | 5.13.6 | |
| perl | perl | 5.13.7 | |
| perl | perl | 5.13.8 | |
| perl | perl | 5.13.9 | |
| perl | perl | 5.13.10 | |
| perl | perl | 5.13.11 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.1 | |
| perl | perl | 5.14.2 | |
| perl | perl | 5.14.3 | |
| perl | perl | 5.16.0 | |
| perl | perl | 5.16.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA2D667-D3E6-4BC2-8477-3C938C9C0CA7",
"versionEndIncluding": "5.16.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "777EC860-FB16-4B15-A8BE-3EAE9FD8A99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B84C088-F29F-4498-A390-187505361962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17E86767-47EB-4A39-B8E1-A4B9AB4BC20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DB77E3D6-9F24-4C51-86E4-CD014DF0F66E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D67E248-C0B8-4713-9D9A-47097885A2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B32436EE-DA64-41AD-B967-26C6D4973FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CF46E50D-AE29-49FD-884B-488D9EB879D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77B23E85-8167-4B17-8D76-BD807067BB4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8355C16E-16D4-4A68-BFD3-125892E3FA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85FFA753-4B14-4B52-941F-C33D41451EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B99FD006-688D-43BB-901A-FB9192157947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD582A1-DCCF-4D54-8177-45E861A0C263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E5AF4FAA-A591-43FB-A9B1-FD47EF0AC622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC3F8EA-BE60-4EAB-A9B9-DB1368B5430C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "C0D13359-AC5F-40CB-B906-8E03526CE045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A5E92FB2-7C21-4F06-AE3F-562551A758AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D213529E-33EF-43D1-A673-3C94191427D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6539E09-4DC5-4C53-AFF1-70D06BBA9E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "52D8DF08-AE73-4529-B212-CA31F02A719E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "EA054FCE-FABC-4EB5-9759-F77C6F250B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5DDFC6-4EDF-452A-B561-C9115D91FB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1DBAB61-4BFB-4664-98CF-77C617F982A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8A7580C2-44DE-48E5-AC26-A221537C95D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54E04A5E-BE90-4A31-8C1D-09A91DD3E7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1A52ADD6-05DE-4A16-9745-D92CD5F46502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF99954-5B94-4092-83B9-7D17EEDB30A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38A25AC3-1C81-4234-8B7E-0D59EA1F103B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "93E670B7-6956-4A13-A2A8-F675C0B093FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "23F1C64E-1446-409D-9F53-1C03724A10E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93813F8D-F22F-43E3-B894-BEB7FA6204F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B280339A-1CED-4FBD-8B3C-A48B07FE9BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC85766E-3A59-4711-85C9-62AC01F2A87D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC9AA38-4A25-4825-9EDD-E93353A8B195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "388E8952-47B7-426E-AE35-0216FD60CC8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "105AB2DD-5E61-4369-8383-B7BF13B85444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2F4C5C-2B56-450A-813F-254019FBB854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "226424B4-7299-4E28-BBB1-0FCC9E2602E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C16C918C-A1C4-425B-9C0C-B239B3482A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5393E265-60C1-43A6-9EFE-505A115053DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD50D93-8395-4698-A12B-D9CAAB022BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.11:*:*:*:*:*:*:*",
"matchCriteriaId": "04EE04B4-71DD-4A87-BA2D-79954AEF5DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A968B30-8456-49C2-A9B0-6CF55CB3C7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "66BF9787-C734-43DA-B8BF-FF6D6F4E802A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D94BF151-572F-4C50-8E47-9B8BCDD16A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5114F054-E5AF-4905-83DD-459E1D56B5DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91B91435-67DA-49E1-A37F-7839728F17BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "851028B9-65A4-4A4F-9C40-930B0B9A8797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AD4720-7A84-4D02-8DDC-1B91A08D98D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E3D711-A503-480F-B1EC-EC433F7DD644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38179468-F93E-4E3C-8213-5F4A903B186A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6."
},
{
"lang": "es",
"value": "La funci\u00f3n _compile en Maketext.pm en la implementaci\u00f3n de Locale::Maketext en Perl anteriores a v5.17.7 no gestionan de forma adecuada los slash cruzados (\\) y lo nombres de m\u00e9todos cualificados durante la compilaci\u00f3n o notaci\u00f3n de comillas, lo que permite a atacantes dependiendo del contexto a ejecutar comandos a trav\u00e9s de entradas manipulados sobre una aplicaci\u00f3n que acepta la traslaci\u00f3n de cadenas desde usuarios, como se demostr\u00f3 por la aplicaci\u00f3n TWiki anteriores a v5.1.3, y la aplicaci\u00f3n Foswiki v1.0.x hasta v1.0.10 y v1.1.x hasta v1.1.6."
}
],
"id": "CVE-2012-6329",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-04T21:55:01.710",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224"
},
{
"source": "cve@mitre.org",
"url": "http://code.activestate.com/lists/perl5-porters/187746/"
},
{
"source": "cve@mitre.org",
"url": "http://code.activestate.com/lists/perl5-porters/187763/"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2012/12/11/4"
},
{
"source": "cve@mitre.org",
"url": "http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"source": "cve@mitre.org",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/56950"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2099-1"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884354"
},
{
"source": "cve@mitre.org",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.activestate.com/lists/perl5-porters/187746/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.activestate.com/lists/perl5-porters/187763/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2012/12/11/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2099-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-01 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905 | Exploit | |
| cve@mitre.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36 | ||
| cve@mitre.org | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 | ||
| cve@mitre.org | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 | ||
| cve@mitre.org | http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html | ||
| cve@mitre.org | http://secunia.com/advisories/32980 | ||
| cve@mitre.org | http://secunia.com/advisories/33314 | ||
| cve@mitre.org | http://secunia.com/advisories/40052 | ||
| cve@mitre.org | http://support.apple.com/kb/HT4077 | ||
| cve@mitre.org | http://wiki.rpath.com/Advisories:rPSA-2009-0011 | ||
| cve@mitre.org | http://www.debian.org/security/2008/dsa-1678 | ||
| cve@mitre.org | http://www.gossamer-threads.com/lists/perl/porters/233695#233695 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2010:116 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2008/11/28/2 | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2010-0458.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/500210/100/0/threaded | ||
| cve@mitre.org | http://www.ubuntu.com/usn/usn-700-1 | ||
| cve@mitre.org | http://www.ubuntu.com/usn/usn-700-2 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/47044 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6680 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9699 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/32980 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/33314 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/40052 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.apple.com/kb/HT4077 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://wiki.rpath.com/Advisories:rPSA-2009-0011 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2008/dsa-1678 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gossamer-threads.com/lists/perl/porters/233695#233695 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:116 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2008/11/28/2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2010-0458.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/500210/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-700-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/usn-700-2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/47044 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6680 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9699 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E98D2706-99B7-4153-925B-77A8CECD7CFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:file\\:\\:path:1.08:*:*:*:*:*:*:*",
"matchCriteriaId": "EA2DEBED-F663-4F03-A7AA-601293DE48BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en la funci\u00f3n rmtree en File::Path 1.08 (lib/File/Path.pm) en Perl 5.8.8 permite a usuarios locales borrar archivos arbitrarios a trav\u00e9s de un ataque de enlace simb\u00f3lico, una vulnerabilidad diferente a CVE-2005-0448, CVE-2004-0452 y CVE-2008-2827. NOTA: esto es un error de regresi\u00f3n relacionado con CVE-2005-0448. Es diferente a CVE-2008-5302 debido a las versiones afectadas."
}
],
"id": "CVE-2008-5303",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-12-01T17:30:01.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32980"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33314"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/40052"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT4077"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1678"
},
{
"source": "cve@mitre.org",
"url": "http://www.gossamer-threads.com/lists/perl/porters/233695#233695"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47044"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6680"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/40052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT4077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gossamer-threads.com/lists/perl/porters/233695#233695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9699"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue has been addressed in perl packages as shipped in Red Hat Enterprise Linux 3 and 4 via https://rhn.redhat.com/errata/RHSA-2010-0457.html and Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0458.html.\n",
"lastModified": "2010-06-07T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-07 15:59
Modified
2025-04-20 01:37
Severity ?
Summary
The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | ||
| cve@mitre.org | https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html | Exploit, Third Party Advisory | |
| cve@mitre.org | https://rt.perl.org/Public/Bug/Display.html?id=126755 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujul2020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rt.perl.org/Public/Bug/Display.html?id=126755 | Exploit, Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2020.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B77AB85D-D07A-4B50-BA07-A8BD256964D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument."
},
{
"lang": "es",
"value": "Las funciones VDir::MapPathA y VDir::MapPathW en Perl 5.22 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un argumento (1) letra de unidad o (2) pInName manipulados."
}
],
"id": "CVE-2015-8608",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-07T15:59:00.177",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=126755"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=126755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-07 21:29
Modified
2024-11-21 03:55
Severity ?
Summary
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/106145 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1042181 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:0001 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:0010 | Third Party Advisory | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1646751 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/ | ||
| cve@mitre.org | https://metacpan.org/changes/release/SHAY/perl-5.26.3 | Third Party Advisory | |
| cve@mitre.org | https://rt.perl.org/Ticket/Display.html?id=131649 | Exploit, Patch, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201909-01 | ||
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20190221-0003/ | Patch, Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3834-1/ | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4347 | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujul2020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106145 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1042181 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0001 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0010 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1646751 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://metacpan.org/changes/release/SHAY/perl-5.26.3 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rt.perl.org/Ticket/Display.html?id=131649 | Exploit, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201909-01 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190221-0003/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3834-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4347 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2020.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | * | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| debian | debian_linux | 9.0 | |
| netapp | e-series_santricity_os_controller | * | |
| netapp | snap_creator_framework | - | |
| netapp | snapcenter | - | |
| netapp | snapdrive | - | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 7.4 | |
| redhat | enterprise_linux | 7.5 | |
| redhat | enterprise_linux | 7.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0FEAD21-C9A0-40F3-8F2E-489750B07760",
"versionEndExcluding": "5.26.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C82200F-A26E-4AD4-82FF-DC5601A28D52",
"versionEndIncluding": "11.40",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
"matchCriteriaId": "61D7EF01-F618-497F-9375-8003CEA3D380",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "041F9200-4C01-4187-AE34-240E8277B54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB48767-F095-444F-9E05-D9AC345AB803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6FA12B-504C-4DBF-A32E-0548557AA2ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations."
},
{
"lang": "es",
"value": "Perl, en versiones anteriores a la 5.26.3, tiene un desbordamiento de b\u00fafer mediante una expresi\u00f3n regular manipulada que desencadena operaciones inv\u00e1lidas de escritura."
}
],
"id": "CVE-2018-18314",
"lastModified": "2024-11-21T03:55:41.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-07T21:29:00.920",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106145"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646751"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://rt.perl.org/Ticket/Display.html?id=131649"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://rt.perl.org/Ticket/Display.html?id=131649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-13 17:05
Modified
2025-04-11 00:51
Severity ?
Summary
Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cret@cert.org | http://securityreason.com/securityalert/8248 | ||
| cret@cert.org | http://securitytracker.com/id?1025507 | Exploit | |
| cret@cert.org | http://www.securityfocus.com/archive/1/517916/100/0/threaded | ||
| cret@cert.org | http://www.securityfocus.com/bid/47766 | Exploit | |
| cret@cert.org | http://www.toucan-system.com/advisories/tssa-2011-03.txt | Exploit | |
| cret@cert.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/67355 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securityreason.com/securityalert/8248 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1025507 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/517916/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/47766 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.toucan-system.com/advisories/tssa-2011-03.txt | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/67355 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B84C088-F29F-4498-A390-187505361962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17E86767-47EB-4A39-B8E1-A4B9AB4BC20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DB77E3D6-9F24-4C51-86E4-CD014DF0F66E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D67E248-C0B8-4713-9D9A-47097885A2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B32436EE-DA64-41AD-B967-26C6D4973FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CF46E50D-AE29-49FD-884B-488D9EB879D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call."
},
{
"lang": "es",
"value": "Perl v5.10.x permite a atacantes dependientes de contexto provocar una denegaci\u00f3n del servicio (desreferencia a un puntero NULL y bloqueo de la aplicaci\u00f3n) elevando una habilidad para inyectar argumentos en una llamada a la funci\u00f3n (1) \"getpeername\", (2) \"readdir\", (3) \"closedir\", (4) \"getsockname\", (5) \"rewinddir\", (6) \"tell\", o (7) \"telldir\"."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
"id": "CVE-2011-0761",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-13T17:05:41.847",
"references": [
{
"source": "cret@cert.org",
"url": "http://securityreason.com/securityalert/8248"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1025507"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/archive/1/517916/100/0/threaded"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/47766"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://www.toucan-system.com/advisories/tssa-2011-03.txt"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1025507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/517916/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/47766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.toucan-system.com/advisories/tssa-2011-03.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67355"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-13 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod | ||
| secalert@redhat.com | http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5 | Exploit, Patch | |
| secalert@redhat.com | http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_%28CVE-2011-2939%29 | ||
| secalert@redhat.com | http://secunia.com/advisories/46172 | ||
| secalert@redhat.com | http://secunia.com/advisories/46989 | ||
| secalert@redhat.com | http://secunia.com/advisories/51457 | ||
| secalert@redhat.com | http://secunia.com/advisories/55314 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2012:008 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2011/08/18/8 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2011/08/19/17 | Patch | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2011-1424.html | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/49858 | ||
| secalert@redhat.com | http://www.ubuntu.com/usn/USN-1643-1 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=731246 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_%28CVE-2011-2939%29 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/46172 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/46989 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/51457 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/55314 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2012:008 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/08/18/8 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/08/19/17 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2011-1424.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/49858 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1643-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=731246 | Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dan_kogai | encode_module | * | |
| dan_kogai | encode_module | 0.93 | |
| dan_kogai | encode_module | 0.94 | |
| dan_kogai | encode_module | 0.95 | |
| dan_kogai | encode_module | 0.96 | |
| dan_kogai | encode_module | 0.97 | |
| dan_kogai | encode_module | 0.98 | |
| dan_kogai | encode_module | 0.99 | |
| dan_kogai | encode_module | 1.00 | |
| dan_kogai | encode_module | 1.01 | |
| dan_kogai | encode_module | 1.10 | |
| dan_kogai | encode_module | 1.11 | |
| dan_kogai | encode_module | 1.20 | |
| dan_kogai | encode_module | 1.21 | |
| dan_kogai | encode_module | 1.25 | |
| dan_kogai | encode_module | 1.26 | |
| dan_kogai | encode_module | 1.28 | |
| dan_kogai | encode_module | 1.30 | |
| dan_kogai | encode_module | 1.31 | |
| dan_kogai | encode_module | 1.32 | |
| dan_kogai | encode_module | 1.33 | |
| dan_kogai | encode_module | 1.34 | |
| dan_kogai | encode_module | 1.40 | |
| dan_kogai | encode_module | 1.41 | |
| dan_kogai | encode_module | 1.42 | |
| dan_kogai | encode_module | 1.50 | |
| dan_kogai | encode_module | 1.51 | |
| dan_kogai | encode_module | 1.52 | |
| dan_kogai | encode_module | 1.53 | |
| dan_kogai | encode_module | 1.54 | |
| dan_kogai | encode_module | 1.55 | |
| dan_kogai | encode_module | 1.56 | |
| dan_kogai | encode_module | 1.57 | |
| dan_kogai | encode_module | 1.58 | |
| dan_kogai | encode_module | 1.59 | |
| dan_kogai | encode_module | 1.60 | |
| dan_kogai | encode_module | 1.61 | |
| dan_kogai | encode_module | 1.62 | |
| dan_kogai | encode_module | 1.63 | |
| dan_kogai | encode_module | 1.64 | |
| dan_kogai | encode_module | 1.65 | |
| dan_kogai | encode_module | 1.66 | |
| dan_kogai | encode_module | 1.67 | |
| dan_kogai | encode_module | 1.68 | |
| dan_kogai | encode_module | 1.69 | |
| dan_kogai | encode_module | 1.70 | |
| dan_kogai | encode_module | 1.71 | |
| dan_kogai | encode_module | 1.72 | |
| dan_kogai | encode_module | 1.73 | |
| dan_kogai | encode_module | 1.74 | |
| dan_kogai | encode_module | 1.75 | |
| dan_kogai | encode_module | 1.76 | |
| dan_kogai | encode_module | 1.77 | |
| dan_kogai | encode_module | 1.78 | |
| dan_kogai | encode_module | 1.79 | |
| dan_kogai | encode_module | 1.80 | |
| dan_kogai | encode_module | 1.81 | |
| dan_kogai | encode_module | 1.82 | |
| dan_kogai | encode_module | 1.83 | |
| dan_kogai | encode_module | 1.84 | |
| dan_kogai | encode_module | 1.85 | |
| dan_kogai | encode_module | 1.86 | |
| dan_kogai | encode_module | 1.87 | |
| dan_kogai | encode_module | 1.88 | |
| dan_kogai | encode_module | 1.89 | |
| dan_kogai | encode_module | 1.90 | |
| dan_kogai | encode_module | 1.91 | |
| dan_kogai | encode_module | 1.92 | |
| dan_kogai | encode_module | 1.93 | |
| dan_kogai | encode_module | 1.94 | |
| dan_kogai | encode_module | 1.95 | |
| dan_kogai | encode_module | 1.96 | |
| dan_kogai | encode_module | 1.97 | |
| dan_kogai | encode_module | 1.98 | |
| dan_kogai | encode_module | 1.99 | |
| dan_kogai | encode_module | 2.0 | |
| dan_kogai | encode_module | 2.01 | |
| dan_kogai | encode_module | 2.02 | |
| dan_kogai | encode_module | 2.03 | |
| dan_kogai | encode_module | 2.04 | |
| dan_kogai | encode_module | 2.05 | |
| dan_kogai | encode_module | 2.06 | |
| dan_kogai | encode_module | 2.07 | |
| dan_kogai | encode_module | 2.08 | |
| dan_kogai | encode_module | 2.09 | |
| dan_kogai | encode_module | 2.10 | |
| dan_kogai | encode_module | 2.11 | |
| dan_kogai | encode_module | 2.12 | |
| dan_kogai | encode_module | 2.13 | |
| dan_kogai | encode_module | 2.14 | |
| dan_kogai | encode_module | 2.15 | |
| dan_kogai | encode_module | 2.16 | |
| dan_kogai | encode_module | 2.17 | |
| dan_kogai | encode_module | 2.18 | |
| dan_kogai | encode_module | 2.19 | |
| dan_kogai | encode_module | 2.20 | |
| dan_kogai | encode_module | 2.21 | |
| dan_kogai | encode_module | 2.22 | |
| dan_kogai | encode_module | 2.23 | |
| dan_kogai | encode_module | 2.24 | |
| dan_kogai | encode_module | 2.25 | |
| dan_kogai | encode_module | 2.26 | |
| dan_kogai | encode_module | 2.27 | |
| dan_kogai | encode_module | 2.28 | |
| dan_kogai | encode_module | 2.29 | |
| dan_kogai | encode_module | 2.30 | |
| dan_kogai | encode_module | 2.31 | |
| dan_kogai | encode_module | 2.32 | |
| dan_kogai | encode_module | 2.33 | |
| dan_kogai | encode_module | 2.34 | |
| dan_kogai | encode_module | 2.35 | |
| dan_kogai | encode_module | 2.36 | |
| dan_kogai | encode_module | 2.37 | |
| dan_kogai | encode_module | 2.38 | |
| dan_kogai | encode_module | 2.39 | |
| dan_kogai | encode_module | 2.40 | |
| dan_kogai | encode_module | 2.41 | |
| dan_kogai | encode_module | 2.42 | |
| perl | perl | * | |
| perl | perl | 5.8.1 | |
| perl | perl | 5.8.2 | |
| perl | perl | 5.8.3 | |
| perl | perl | 5.8.4 | |
| perl | perl | 5.8.5 | |
| perl | perl | 5.8.6 | |
| perl | perl | 5.8.7 | |
| perl | perl | 5.8.8 | |
| perl | perl | 5.8.9 | |
| perl | perl | 5.8.10 | |
| perl | perl | 5.9.2 | |
| perl | perl | 5.10 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.11.0 | |
| perl | perl | 5.11.1 | |
| perl | perl | 5.11.2 | |
| perl | perl | 5.11.3 | |
| perl | perl | 5.11.4 | |
| perl | perl | 5.11.5 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.13.0 | |
| perl | perl | 5.13.1 | |
| perl | perl | 5.13.2 | |
| perl | perl | 5.13.3 | |
| perl | perl | 5.13.4 | |
| perl | perl | 5.13.5 | |
| perl | perl | 5.13.6 | |
| perl | perl | 5.13.7 | |
| perl | perl | 5.13.8 | |
| perl | perl | 5.13.9 | |
| perl | perl | 5.13.10 | |
| perl | perl | 5.13.11 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23343380-F5F0-4DB9-B36D-9BD9A856DCDD",
"versionEndIncluding": "2.43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0FAA45-165C-49B6-8FA3-45014E968CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "8EEAA1BA-E531-4119-8723-D46420636D79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "B14AD913-D028-4D04-A55E-4FD7DB11F76E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "3B36219E-A5FC-41ED-80AC-007E43E95B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D3B13C-7333-4FFE-9C20-645560B76F26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D4DA4E-8B1B-49C6-A2C0-1FC800633282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "6337FDFD-262E-40D0-80D4-B8D3C9070718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "D27B48BF-A9AE-4AA5-897D-5D0F4705F361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "5E90A39E-23A7-4387-B17C-3EFAC440B9FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0F228758-CA6D-4228-ACCF-D2483535E9E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9761D4BA-4307-4EF7-9BB9-F5576806FDDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC64031-55DA-4B54-ABCD-EBD80A1A0040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2EDB2F-775B-4CBD-9F14-7DC9E6FE1289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "7015226C-63CC-4F17-ADA4-7F7DD6DF47EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.26:*:*:*:*:*:*:*",
"matchCriteriaId": "EF91D347-7305-4FBA-8334-A34BF6E1EBFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.28:*:*:*:*:*:*:*",
"matchCriteriaId": "97EE437D-ADCD-4AD4-846A-0C5B8D2664F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "905DAED7-33EE-4EEF-99A3-81BA9F3E3124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.31:*:*:*:*:*:*:*",
"matchCriteriaId": "BC222DEE-AE58-411B-8EAC-57234FF70BBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.32:*:*:*:*:*:*:*",
"matchCriteriaId": "49931341-5E98-4295-A6A7-0BC1B6F9ADE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.33:*:*:*:*:*:*:*",
"matchCriteriaId": "F3095E4F-6BA2-4F87-BABC-4D6340294575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.34:*:*:*:*:*:*:*",
"matchCriteriaId": "FCFDA3D7-0E68-4319-8DBA-467C32C4128E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "E52CBCA7-F8CC-461A-936F-AB2498D88FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.41:*:*:*:*:*:*:*",
"matchCriteriaId": "1EE81428-9030-417D-A557-A2B6F7061372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.42:*:*:*:*:*:*:*",
"matchCriteriaId": "7E60DB35-48DD-4660-8BB5-A307193688DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "B5D2BEEC-F6A0-411E-A524-7BF0A6CF26E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.51:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC200E4-4EA8-4891-9540-3D6D7B62D497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.52:*:*:*:*:*:*:*",
"matchCriteriaId": "9E90392A-ED00-48C4-B091-A5A5438A2D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.53:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF8384C-283F-4B18-9E39-579397F3E418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.54:*:*:*:*:*:*:*",
"matchCriteriaId": "0185F681-2BA2-4DCF-B737-5A5065D32D76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.55:*:*:*:*:*:*:*",
"matchCriteriaId": "C0A8712D-8C6A-498A-8F35-79CD0642137F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.56:*:*:*:*:*:*:*",
"matchCriteriaId": "6EA599B4-E7F0-421C-BF64-F74E827D27C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.57:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA4200C-0355-429A-82F8-4BC90091D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.58:*:*:*:*:*:*:*",
"matchCriteriaId": "BB647828-E946-4627-98F5-01218FAE65D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.59:*:*:*:*:*:*:*",
"matchCriteriaId": "9B540908-5419-4F32-B252-E62A67403452",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.60:*:*:*:*:*:*:*",
"matchCriteriaId": "50836D06-5FC5-4E71-AFA7-2487A5E841F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.61:*:*:*:*:*:*:*",
"matchCriteriaId": "DD5F10EC-70A9-4D5D-97D6-66D2A3F2BA5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.62:*:*:*:*:*:*:*",
"matchCriteriaId": "E03B165C-421F-4B94-8B02-D2582FF780F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.63:*:*:*:*:*:*:*",
"matchCriteriaId": "59F862D3-A61D-4CA1-8FAF-4A6368C515C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.64:*:*:*:*:*:*:*",
"matchCriteriaId": "4D88707B-2345-42F2-B906-EED96926E14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.65:*:*:*:*:*:*:*",
"matchCriteriaId": "F5449D0E-E7AB-4DE0-A657-2285046F84BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.66:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBFF477-F35D-4AE0-BCD3-E50C66502E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.67:*:*:*:*:*:*:*",
"matchCriteriaId": "31D8A6EB-1A14-456C-BDB3-47EA202980D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.68:*:*:*:*:*:*:*",
"matchCriteriaId": "22EB2CE5-88D7-41B2-948C-B7A4D37DEDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.69:*:*:*:*:*:*:*",
"matchCriteriaId": "27E8C6E6-DDD2-483B-8CA9-5FA10E10B08A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.70:*:*:*:*:*:*:*",
"matchCriteriaId": "95D6FD71-53C6-4AAF-9F97-D42E80C6F69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.71:*:*:*:*:*:*:*",
"matchCriteriaId": "431FF64D-03C1-4E66-B5C0-DD373778B08D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.72:*:*:*:*:*:*:*",
"matchCriteriaId": "59B57F16-18AF-40F1-BFCB-FC3E7200FD25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.73:*:*:*:*:*:*:*",
"matchCriteriaId": "37CF6920-9E2E-4A4C-A271-47CD1075EB9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.74:*:*:*:*:*:*:*",
"matchCriteriaId": "47618894-4544-4F22-8005-2C2F58793AA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.75:*:*:*:*:*:*:*",
"matchCriteriaId": "5C73DA11-31A0-416F-9853-59C82F72D822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.76:*:*:*:*:*:*:*",
"matchCriteriaId": "4C04B436-B71D-467D-95A9-254C59E5FAC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.77:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC5667E-D4AA-4645-BCC7-C148F60EEF55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.78:*:*:*:*:*:*:*",
"matchCriteriaId": "CA110759-1728-4BCD-93CA-052037CF1599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.79:*:*:*:*:*:*:*",
"matchCriteriaId": "25438F7D-A683-47D5-AB8C-16B1FC266383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.80:*:*:*:*:*:*:*",
"matchCriteriaId": "962B545B-A962-4143-A24A-7FC066B390E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.81:*:*:*:*:*:*:*",
"matchCriteriaId": "238741B3-A4A5-4A19-9573-74D5DF7FF40B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.82:*:*:*:*:*:*:*",
"matchCriteriaId": "7016CC69-8034-413A-BD79-14047B0C3847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.83:*:*:*:*:*:*:*",
"matchCriteriaId": "108CCE2F-50A0-406B-B082-536556EC5D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.84:*:*:*:*:*:*:*",
"matchCriteriaId": "FB3A78B9-B1BC-4EFA-BA05-4D671F4C308A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.85:*:*:*:*:*:*:*",
"matchCriteriaId": "7143F1DC-20A2-42E1-9132-B5C3097BC41B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.86:*:*:*:*:*:*:*",
"matchCriteriaId": "3F558DE5-F39C-47E0-A369-CC515DCB2678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.87:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D58BC3-9DFA-4EE4-86C0-49068246C04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.88:*:*:*:*:*:*:*",
"matchCriteriaId": "F3515296-AC71-4EC8-A59B-209078314757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.89:*:*:*:*:*:*:*",
"matchCriteriaId": "49927F8D-D387-4742-B0CA-F9101497DAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.90:*:*:*:*:*:*:*",
"matchCriteriaId": "C6AF0CAA-C03A-449A-8E75-F12E8721A964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.91:*:*:*:*:*:*:*",
"matchCriteriaId": "5E144DD8-EB87-4D42-AE6E-1CEDE2614332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.92:*:*:*:*:*:*:*",
"matchCriteriaId": "EF5B388A-D7D1-4371-9A08-E792EC918C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.93:*:*:*:*:*:*:*",
"matchCriteriaId": "C81AD6D9-80A3-4218-B3FD-8B3ED48F44E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.94:*:*:*:*:*:*:*",
"matchCriteriaId": "983E0EE0-DA5C-447D-B6E2-2D165C74C0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.95:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F86D10-83C4-488C-9380-D4A7C056879E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.96:*:*:*:*:*:*:*",
"matchCriteriaId": "BADA05F7-DA93-40F3-A281-890002D8BA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.97:*:*:*:*:*:*:*",
"matchCriteriaId": "CD150F64-462B-420C-BC88-B8BF30C2B296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.98:*:*:*:*:*:*:*",
"matchCriteriaId": "133C7F0C-E3C2-4733-8004-05714DC643B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.99:*:*:*:*:*:*:*",
"matchCriteriaId": "963C689B-72F8-4310-BDAD-1860560EB726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE081501-0933-4C1D-88F2-182134E03EB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "B2405CC1-9009-4E00-88D5-4CC24F5BFBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "39B2262D-01E7-4748-A567-5BF66EF90526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "04866020-8327-4F5F-907E-ED404A5B91C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.04:*:*:*:*:*:*:*",
"matchCriteriaId": "15F5F4A0-3B46-4E05-AE11-3953E1A83332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.05:*:*:*:*:*:*:*",
"matchCriteriaId": "8B40204C-F16F-4108-A065-C7F1FE5FE598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.06:*:*:*:*:*:*:*",
"matchCriteriaId": "499AFE0E-6B9C-44CE-BDC1-9445A5F46D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.07:*:*:*:*:*:*:*",
"matchCriteriaId": "4B23AD9C-F4FB-40EB-829D-4DD8869EB9CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.08:*:*:*:*:*:*:*",
"matchCriteriaId": "D2956E57-2FC9-4B01-83CD-B793136D4658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.09:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BFB614-13DC-48AD-A9B2-18785AD91FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AB086C28-A86B-4DA2-A03C-45729469B441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "93659981-81CD-408C-A4BC-0E7EB9F6F056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A5AE4F9D-8302-469A-B564-B050581EEA1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1D845C-B499-42FD-A5F1-E39A215A56FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "98567153-1D89-44E1-9C19-B7EC9AB1A31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "9F16E666-8B84-4A7B-A71E-92AF341CC9F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B009EBDA-D9C8-4B8A-99D1-EA51A2BE91C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "88AE4748-F054-4D9C-BCD4-89160237AB10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A7030EEC-7426-44E1-900C-A4B381EFF4A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC0EBF0-6804-424A-A131-23965F4874A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "AEDA775A-9AD8-4B1F-B6B6-F7B89AF3945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B1861342-EB74-44CD-BB51-78F2233E0F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "22BB1E7B-AFEF-4BD6-9B5A-267326963595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F47C0CF2-2D3A-4309-82A5-87E733271B24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "8B4A90A7-6D67-4373-B220-7B9BFFFBA1FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "E1FCB23B-5B66-421B-8B10-DD05DAA344A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "95B47D61-F2AE-4A68-BF96-5E176D21EF4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "E1C8332F-1E58-44D0-B076-AC4340303EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "B057F456-189A-49F1-952D-0EFBC16D5A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "FAC64DAE-208E-4FFD-BD03-43917CE4CC7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "A48E88B4-0663-4C8E-A48B-FDA4087E24E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "81E890C2-2657-4BD6-B3AD-F9023D4AF08F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E95C665C-B2E4-4129-A107-E6897969CF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2244E758-9D3F-4D0F-A2CA-023E62B49F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "7C199B35-4F8F-4AA6-864E-81B2F0BF4DD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1C5B8993-43F4-45D2-B7E9-AA6722EF555F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.36:*:*:*:*:*:*:*",
"matchCriteriaId": "B477187B-559C-4011-BF92-3A7F2AF8B301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.37:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8C5D47-DC01-4202-B9FF-32024E329848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.38:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF82AC9-AE7B-4B65-A170-D085267E0EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.39:*:*:*:*:*:*:*",
"matchCriteriaId": "428762B2-E0BE-4804-BF28-F1292AC87FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5F5682F2-5E0B-4D9E-BF7F-04D8C5EE12F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B2D4B6-BE40-45E3-9AE9-568E1DD3D1C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.42:*:*:*:*:*:*:*",
"matchCriteriaId": "F148F0BF-49F1-4E5E-B92F-FEB83C1B0157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE55A238-C38C-4C74-B2D4-D4A5EBBA32B2",
"versionEndIncluding": "5.14.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70CBBC87-F6F7-45AF-9B54-95402D03C75F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B34EA51-64A3-483A-AF99-01358F6BE8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E0DBA5-360F-463E-A840-365168A1FCC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA80F25-A108-4B65-BE25-56DE17B930EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ECB2B6E2-890E-4B6E-833F-DF40E6D77E22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53F0358E-0722-48A6-A2C6-470229602089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8DFDF97-EF44-448F-A5CA-021B2D64605F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E98D2706-99B7-4153-925B-77A8CECD7CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B10AD15E-6275-48AB-8757-FB5A735C82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7B358BF3-55AC-477E-A4B5-3960C449C011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF69341A-4D00-424E-AD0F-FA7515278770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "777EC860-FB16-4B15-A8BE-3EAE9FD8A99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B84C088-F29F-4498-A390-187505361962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17E86767-47EB-4A39-B8E1-A4B9AB4BC20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DB77E3D6-9F24-4C51-86E4-CD014DF0F66E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D67E248-C0B8-4713-9D9A-47097885A2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B32436EE-DA64-41AD-B967-26C6D4973FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CF46E50D-AE29-49FD-884B-488D9EB879D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77B23E85-8167-4B17-8D76-BD807067BB4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8355C16E-16D4-4A68-BFD3-125892E3FA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85FFA753-4B14-4B52-941F-C33D41451EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B99FD006-688D-43BB-901A-FB9192157947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD582A1-DCCF-4D54-8177-45E861A0C263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E5AF4FAA-A591-43FB-A9B1-FD47EF0AC622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC3F8EA-BE60-4EAB-A9B9-DB1368B5430C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "C0D13359-AC5F-40CB-B906-8E03526CE045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A5E92FB2-7C21-4F06-AE3F-562551A758AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D213529E-33EF-43D1-A673-3C94191427D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6539E09-4DC5-4C53-AFF1-70D06BBA9E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "52D8DF08-AE73-4529-B212-CA31F02A719E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "EA054FCE-FABC-4EB5-9759-F77C6F250B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5DDFC6-4EDF-452A-B561-C9115D91FB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1DBAB61-4BFB-4664-98CF-77C617F982A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8A7580C2-44DE-48E5-AC26-A221537C95D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54E04A5E-BE90-4A31-8C1D-09A91DD3E7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1A52ADD6-05DE-4A16-9745-D92CD5F46502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF99954-5B94-4092-83B9-7D17EEDB30A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38A25AC3-1C81-4234-8B7E-0D59EA1F103B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "93E670B7-6956-4A13-A2A8-F675C0B093FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "23F1C64E-1446-409D-9F53-1C03724A10E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93813F8D-F22F-43E3-B894-BEB7FA6204F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B280339A-1CED-4FBD-8B3C-A48B07FE9BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC85766E-3A59-4711-85C9-62AC01F2A87D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC9AA38-4A25-4825-9EDD-E93353A8B195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "388E8952-47B7-426E-AE35-0216FD60CC8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "105AB2DD-5E61-4369-8383-B7BF13B85444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2F4C5C-2B56-450A-813F-254019FBB854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "226424B4-7299-4E28-BBB1-0FCC9E2602E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C16C918C-A1C4-425B-9C0C-B239B3482A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5393E265-60C1-43A6-9EFE-505A115053DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD50D93-8395-4698-A12B-D9CAAB022BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.11:*:*:*:*:*:*:*",
"matchCriteriaId": "04EE04B4-71DD-4A87-BA2D-79954AEF5DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A968B30-8456-49C2-A9B0-6CF55CB3C7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "66BF9787-C734-43DA-B8BF-FF6D6F4E802A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D94BF151-572F-4C50-8E47-9B8BCDD16A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5114F054-E5AF-4905-83DD-459E1D56B5DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91B91435-67DA-49E1-A37F-7839728F17BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Error \"Off-by-one\" en la funci\u00f3n decode_xs en Unicode/Unicode.xs en el m\u00f3dulo Encode anterior a v2.44, utilizado en Perl anterior a v5.15.6 , podr\u00eda permitir a atacantes dependientes de contexto causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un cadena de Unicode especialmente creada, provocando un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap)."
}
],
"id": "CVE-2011-2939",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-13T18:55:02.987",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5"
},
{
"source": "secalert@redhat.com",
"url": "http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_%28CVE-2011-2939%29"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/46172"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/46989"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/51457"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/55314"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:008"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/08/18/8"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/19/17"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1424.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/49858"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=731246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_%28CVE-2011-2939%29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/51457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/55314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/08/18/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/19/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1424.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=731246"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-10-05 16:59
Modified
2025-04-12 10:46
Severity ?
Summary
Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@debian.org | http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html | Third Party Advisory, Vendor Advisory | |
| security@debian.org | http://www.debian.org/security/2016/dsa-3684 | Third Party Advisory | |
| security@debian.org | http://www.securityfocus.com/bid/93337 | Third Party Advisory, VDB Entry | |
| security@debian.org | https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2 | Issue Tracking, Patch | |
| security@debian.org | https://security.gentoo.org/glsa/201701-51 | Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html | Third Party Advisory, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2016/dsa-3684 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/93337 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2 | Issue Tracking, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201701-51 | Patch, Third Party Advisory, VDB Entry |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dbd-mysql_project | dbd-mysql | * | |
| perl | perl | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0475EE55-6499-48C9-9B0C-0E0A37C0E677",
"versionEndIncluding": "4.036",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB490BCA-8592-4324-BCE3-396BFD647D5E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el m\u00f3dulo DBD::mysql en versiones anteriores a 4.037 para Perl permite a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de vectores relacionados con un mensaje de error."
}
],
"id": "CVE-2016-1246",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-05T16:59:00.243",
"references": [
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3684"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93337"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201701-51"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201701-51"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-28 01:29
Modified
2025-04-20 01:37
Severity ?
Summary
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/101051 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://rt.perl.org/Public/Bug/Display.html?id=131665 | Exploit, Patch, Vendor Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20180426-0001/ | ||
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujul2020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101051 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rt.perl.org/Public/Bug/Display.html?id=131665 | Exploit, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20180426-0001/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2020.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB276E2C-622C-45EB-8378-35751366049F",
"versionEndIncluding": "5.24.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71CAECA-2A6A-4604-863F-3C1C055FB1CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer basado en pila en el m\u00e9todo CPerlHost::Add en win32/perlhost.h en Perl en versiones anteriores a la 5.24.3-RC1 y las versiones 5.26.x anteriores a 5.26.1-RC1 en Windows permite que los atacantes ejecuten c\u00f3digo arbitrario mediante una variable de entorno larga."
}
],
"id": "CVE-2017-12814",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-28T01:29:01.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101051"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131665"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-29 00:15
Modified
2025-01-30 20:15
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2023/04/29/1 | Mailing List, Patch | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2023/05/03/3 | Mailing List, Patch | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2023/05/03/5 | Mailing List | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2023/05/07/2 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/ | Mitigation, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/chansen/p5-http-tiny/pull/153 | Patch | |
| cve@mitre.org | https://hackeriet.github.io/cpan-http-tiny-overview/ | Product | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2023/04/18/14 | Mailing List, Patch | |
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2023/05/03/4 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/ | Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/04/29/1 | Mailing List, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/05/03/3 | Mailing List, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/05/03/5 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/05/07/2 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/ | Mitigation, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/chansen/p5-http-tiny/pull/153 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://hackeriet.github.io/cpan-http-tiny-overview/ | Product | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20241129-0011/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2023/04/18/14 | Mailing List, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2023/05/03/4 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/ | Issue Tracking |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:http\\:\\:tiny_project:http\\:\\:tiny:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9427A16-49FA-4E66-9641-A9CC9CA57222",
"versionEndExcluding": "0.083",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00980675-EC82-443D-AFFE-B83E5239DAB9",
"versionEndExcluding": "5.38.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates."
}
],
"id": "CVE-2023-31486",
"lastModified": "2025-01-30T20:15:32.297",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-29T00:15:09.083",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/29/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/07/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/chansen/p5-http-tiny/pull/153"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://hackeriet.github.io/cpan-http-tiny-overview/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://www.openwall.com/lists/oss-security/2023/04/18/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2023/05/03/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/29/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/07/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/chansen/p5-http-tiny/pull/153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://hackeriet.github.io/cpan-http-tiny-overview/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20241129-0011/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://www.openwall.com/lists/oss-security/2023/04/18/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2023/05/03/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-20 15:30
Modified
2025-04-11 00:51
Severity ?
Summary
Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://bugs.gentoo.org/show_bug.cgi?id=313565 | Exploit | |
| secalert@redhat.com | http://perldoc.perl.org/perl5100delta.html | ||
| secalert@redhat.com | http://secunia.com/advisories/55314 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2010/04/08/9 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2010/04/14/3 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=580605 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.gentoo.org/show_bug.cgi?id=313565 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://perldoc.perl.org/perl5100delta.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/55314 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2010/04/08/9 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2010/04/14/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=580605 |
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70CBBC87-F6F7-45AF-9B54-95402D03C75F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B34EA51-64A3-483A-AF99-01358F6BE8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E0DBA5-360F-463E-A840-365168A1FCC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA80F25-A108-4B65-BE25-56DE17B930EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ECB2B6E2-890E-4B6E-833F-DF40E6D77E22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53F0358E-0722-48A6-A2C6-470229602089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8DFDF97-EF44-448F-A5CA-021B2D64605F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E98D2706-99B7-4153-925B-77A8CECD7CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B10AD15E-6275-48AB-8757-FB5A735C82D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string."
},
{
"lang": "es",
"value": "Desbordamiento de entero en el motor de expresiones regulares de Perl v5.8.x permite a atacantes dependiendo del contexto provocar una denegaci\u00f3n de servicio (consumo de la pila y ca\u00edda de la aplicaci\u00f3n) cotejando una expresi\u00f3n regular modificada contra una cadena de texto extensa."
}
],
"id": "CVE-2010-1158",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-20T15:30:00.427",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=313565"
},
{
"source": "secalert@redhat.com",
"url": "http://perldoc.perl.org/perl5100delta.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/55314"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/04/08/9"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/04/14/3"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=580605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=313565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://perldoc.perl.org/perl5100delta.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/55314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/04/08/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/04/14/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=580605"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "The Red Hat Security Response Team has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, or 5.",
"lastModified": "2010-04-22T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-13 14:15
Modified
2025-04-30 15:21
Severity ?
Summary
A heap buffer overflow vulnerability was discovered in Perl.
Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10.
When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.
$ perl -e '$_ = "\x{FF}" x 1000000; tr/\xFF/\x{100}/;'
Segmentation fault (core dumped)
It is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| 9b29abf9-4ab0-4765-b253-1875cd9b441e | https://github.com/Perl/perl5/commit/87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd.patch | Patch | |
| 9b29abf9-4ab0-4765-b253-1875cd9b441e | https://metacpan.org/release/SHAY/perl-5.38.4/changes | Release Notes | |
| 9b29abf9-4ab0-4765-b253-1875cd9b441e | https://metacpan.org/release/SHAY/perl-5.40.2/changes | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/04/13/3 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/04/13/4 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2025/04/13/5 | Mailing List |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F34096A4-1439-4582-8133-8134388418D1",
"versionEndExcluding": "5.38.4",
"versionStartIncluding": "5.33.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "91EF91EF-222F-42C0-A506-0A57B98F1DA5",
"versionEndExcluding": "5.40.2",
"versionStartIncluding": "5.39.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "87807B8D-271E-4B95-ADBC-2383FBD07335",
"versionEndIncluding": "5.41.10",
"versionStartIncluding": "5.41.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A heap buffer overflow vulnerability was discovered in Perl. \n\nRelease branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10.\n\nWhen there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destination pointer `d`.\n\n\u00a0 \u00a0$ perl -e \u0027$_ = \"\\x{FF}\" x 1000000; tr/\\xFF/\\x{100}/;\u0027 \n\u00a0 \u00a0Segmentation fault (core dumped)\n\nIt is believed that this vulnerability can enable Denial of Service and possibly Code Execution attacks on platforms that lack sufficient defenses."
},
{
"lang": "es",
"value": "Se descubri\u00f3 una vulnerabilidad de desbordamiento del b\u00fafer de mont\u00f3n en Perl. Las versiones 5.34, 5.36, 5.38 y 5.40 se ven afectadas, incluyendo las versiones de desarrollo de la 5.33.1 a la 5.41.10. Cuando hay bytes no ASCII en el lado izquierdo del operador `tr`, `S_do_trans_invmap` puede desbordar el puntero de destino `d`. $ perl -e \u0027$_ = \"\\x{FF}\" x 1000000; tr/\\xFF/\\x{100}/;\u0027 Fallo de segmentaci\u00f3n (volcado de n\u00facleo). Se cree que esta vulnerabilidad puede permitir ataques de denegaci\u00f3n de servicio y, posiblemente, de ejecuci\u00f3n de c\u00f3digo en plataformas que carecen de defensas suficientes."
}
],
"id": "CVE-2024-56406",
"lastModified": "2025-04-30T15:21:11.547",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2025-04-13T14:15:14.527",
"references": [
{
"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"tags": [
"Patch"
],
"url": "https://github.com/Perl/perl5/commit/87f42aa0e0096e9a346c9672aa3a0bd3bef8c1dd.patch"
},
{
"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"tags": [
"Release Notes"
],
"url": "https://metacpan.org/release/SHAY/perl-5.38.4/changes"
},
{
"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"tags": [
"Release Notes"
],
"url": "https://metacpan.org/release/SHAY/perl-5.40.2/changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2025/04/13/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2025/04/13/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2025/04/13/5"
}
],
"sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-18 00:55
Modified
2025-04-11 00:51
Severity ?
Summary
Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673 | ||
| cve@mitre.org | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 | ||
| cve@mitre.org | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 | ||
| cve@mitre.org | http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44 | Patch, Vendor Advisory | |
| cve@mitre.org | http://rhn.redhat.com/errata/RHSA-2013-0685.html | ||
| cve@mitre.org | http://secunia.com/advisories/51457 | Vendor Advisory | |
| cve@mitre.org | http://secunia.com/advisories/55314 | ||
| cve@mitre.org | http://www.debian.org/security/2012/dsa-2586 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2013:113 | ||
| cve@mitre.org | http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2012/10/26/2 | ||
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2012/10/27/1 | ||
| cve@mitre.org | http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/56287 | ||
| cve@mitre.org | http://www.ubuntu.com/usn/USN-1643-1 | ||
| cve@mitre.org | https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2013-0685.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/51457 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/55314 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2586 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2013:113 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/10/26/2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/10/27/1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/56287 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-1643-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.4 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.1 | |
| perl | perl | 5.14.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC3F8EA-BE60-4EAB-A9B9-DB1368B5430C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "C0D13359-AC5F-40CB-B906-8E03526CE045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A5E92FB2-7C21-4F06-AE3F-562551A758AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D213529E-33EF-43D1-A673-3C94191427D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6539E09-4DC5-4C53-AFF1-70D06BBA9E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "52D8DF08-AE73-4529-B212-CA31F02A719E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "EA054FCE-FABC-4EB5-9759-F77C6F250B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5DDFC6-4EDF-452A-B561-C9115D91FB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1DBAB61-4BFB-4664-98CF-77C617F982A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8A7580C2-44DE-48E5-AC26-A221537C95D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54E04A5E-BE90-4A31-8C1D-09A91DD3E7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1A52ADD6-05DE-4A16-9745-D92CD5F46502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF99954-5B94-4092-83B9-7D17EEDB30A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38A25AC3-1C81-4234-8B7E-0D59EA1F103B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "93E670B7-6956-4A13-A2A8-F675C0B093FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "23F1C64E-1446-409D-9F53-1C03724A10E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8E8FCF-4358-42D9-8C04-EBF78CC21583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A968B30-8456-49C2-A9B0-6CF55CB3C7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "66BF9787-C734-43DA-B8BF-FF6D6F4E802A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D94BF151-572F-4C50-8E47-9B8BCDD16A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5114F054-E5AF-4905-83DD-459E1D56B5DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91B91435-67DA-49E1-A37F-7839728F17BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "851028B9-65A4-4A4F-9C40-930B0B9A8797",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the \u0027x\u0027 string repeat operator."
},
{
"lang": "es",
"value": "Desbordamiento de bufer en memoria din\u00e1mica en la funci\u00f3n Perl_repeatcpy en util.c en Perl v5.12.x antes de v5.12.5, v5.14.x antes de v5.14.3, y v5.15.x antes de v5.15.5 permite a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (consumo de memoria y ca\u00edda) o posiblemente ejecutar c\u00f3digo arbitrario mediante el operador \u0027x\u0027 string repeat."
}
],
"id": "CVE-2012-5195",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-18T00:55:01.587",
"references": [
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51457"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/55314"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2586"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"source": "cve@mitre.org",
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/10/26/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/10/27/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/56287"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"source": "cve@mitre.org",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/55314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/10/26/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/10/27/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-10 18:15
Modified
2025-04-11 00:51
Severity ?
Summary
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836 | ||
| cve@mitre.org | http://forums.ocsinventory-ng.org/viewtopic.php?id=7215 | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html | ||
| cve@mitre.org | http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html | ||
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=694166 | ||
| cve@mitre.org | https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html | ||
| cve@mitre.org | https://rt.perl.org/Public/Bug/Display.html?id=76538 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://forums.ocsinventory-ng.org/viewtopic.php?id=7215 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=694166 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rt.perl.org/Public/Bug/Display.html?id=76538 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "777EC860-FB16-4B15-A8BE-3EAE9FD8A99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC3F8EA-BE60-4EAB-A9B9-DB1368B5430C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A968B30-8456-49C2-A9B0-6CF55CB3C7B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash."
},
{
"lang": "es",
"value": "La funci\u00f3n Perl_reg_numbered_buff_fetch en Perl 5.10.0, 5.12.0, 5.14.0 y otras versiones, cuando funciona con debugging activado, permite a atacantes dependientes de contexto causar una denegaci\u00f3n de servicio (fallo de aserci\u00f3n y cierre de la aplicaci\u00f3n) a trav\u00e9s de una entrada manipulada que no es manejada adecuadamente cuando hace uso de ciertas expresiones regulares, como se ha demostrado causando la ca\u00edda de SpamAssassin y OCSInventory."
}
],
"id": "CVE-2010-4777",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-10T18:15:08.967",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836"
},
{
"source": "cve@mitre.org",
"url": "http://forums.ocsinventory-ng.org/viewtopic.php?id=7215"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694166"
},
{
"source": "cve@mitre.org",
"url": "https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html"
},
{
"source": "cve@mitre.org",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=76538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forums.ocsinventory-ng.org/viewtopic.php?id=7215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=76538"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-05 15:15
Modified
2024-11-21 05:00
Severity ?
Summary
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod | Third Party Advisory | |
| cve@mitre.org | https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/Perl/perl5/issues/16947 | Third Party Advisory | |
| cve@mitre.org | https://github.com/Perl/perl5/issues/17743 | Third Party Advisory | |
| cve@mitre.org | https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/ | ||
| cve@mitre.org | https://security.gentoo.org/glsa/202006-03 | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20200611-0001/ | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com//security-alerts/cpujul2021.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuApr2021.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujan2021.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujan2022.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuoct2020.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Perl/perl5/issues/16947 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Perl/perl5/issues/17743 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202006-03 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20200611-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com//security-alerts/cpujul2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuApr2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2020.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | * | |
| netapp | oncommand_workflow_automation | - | |
| netapp | snap_creator_framework | - | |
| fedoraproject | fedora | 31 | |
| opensuse | leap | 15.1 | |
| oracle | communications_billing_and_revenue_management | 12.0.0.2.0 | |
| oracle | communications_billing_and_revenue_management | 12.0.0.3.0 | |
| oracle | communications_diameter_signaling_router | * | |
| oracle | communications_eagle_application_processor | * | |
| oracle | communications_eagle_lnp_application_processor | 10.1 | |
| oracle | communications_eagle_lnp_application_processor | 10.2 | |
| oracle | communications_lsms | * | |
| oracle | communications_offline_mediation_controller | 12.0.0.3.0 | |
| oracle | communications_performance_intelligence_center | * | |
| oracle | communications_performance_intelligence_center | * | |
| oracle | configuration_manager | 12.1.2.0.8 | |
| oracle | enterprise_manager_base_platform | 13.4.0.0 | |
| oracle | sd-wan_edge | 8.2 | |
| oracle | sd-wan_edge | 9.0 | |
| oracle | sd-wan_edge | 9.1 | |
| oracle | tekelec_platform_distribution | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C171B203-3DAA-43B7-A0BE-DDB0895EB744",
"versionEndExcluding": "5.30.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ECD5E79-5C1B-42E9-BE0B-A034EE2D632D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C88D46AF-459D-4917-9403-0F63FEC83512",
"versionEndIncluding": "8.5.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0E3537-CB5A-40BF-B42C-CED9211B8892",
"versionEndIncluding": "16.4.0",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "996861FC-0089-4BED-8E46-F2B76037EA65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "37764AF5-E42E-461E-AA43-763D21B3DCE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "806AF4AF-12FB-4222-84E4-BC9D44EFF09F",
"versionEndIncluding": "13.4",
"versionStartIncluding": "13.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49ACFC73-A509-4D1C-8FC3-F68F495AB055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "977CA754-6CE0-4FCB-9683-D81B7A15449D",
"versionEndIncluding": "10.3.0.2.1",
"versionStartIncluding": "10.3.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29A3F7EF-2A69-427F-9F75-DDDBEE34BA2B",
"versionEndIncluding": "10.4.0.3.1",
"versionStartIncluding": "10.4.0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "495DECD7-B14F-4D59-B3E1-30BF9B267475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78C99571-0F3C-43E6-84B3-7D80E045EF8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77E39D5C-5EFA-4FEB-909E-0A92004F2563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06816711-7C49-47B9-A9D7-FB18CC3F42F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26F05F85-7458-4C8F-B93F-93C92E506A40",
"versionEndIncluding": "7.7.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls."
},
{
"lang": "es",
"value": "En el archivo regcomp.c en Perl versiones anteriores a 5.30.3, permite un desbordamiento del b\u00fafer por medio de una expresi\u00f3n regular dise\u00f1ada debido a llamadas recursivas de la funci\u00f3n S_study_chunk"
}
],
"id": "CVE-2020-12723",
"lastModified": "2024-11-21T05:00:08.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-05T15:15:10.800",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/issues/16947"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/issues/17743"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/issues/16947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/issues/17743"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-06-23 19:41
Modified
2025-04-09 00:30
Severity ?
Summary
The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319 | Exploit | |
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html | ||
| cve@mitre.org | http://rt.cpan.org/Public/Bug/Display.html?id=36982 | Exploit | |
| cve@mitre.org | http://secunia.com/advisories/30790 | ||
| cve@mitre.org | http://secunia.com/advisories/30837 | ||
| cve@mitre.org | http://secunia.com/advisories/31687 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2008:165 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/29902 | ||
| cve@mitre.org | http://www.securitytracker.com/id?1020373 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/43308 | ||
| cve@mitre.org | https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01025.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rt.cpan.org/Public/Bug/Display.html?id=36982 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30790 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/30837 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31687 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2008:165 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/29902 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1020373 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/43308 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01025.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "777EC860-FB16-4B15-A8BE-3EAE9FD8A99D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452."
},
{
"lang": "es",
"value": "La funci\u00f3n rmtree en lib/File/Path.pm de Perl 5.10 no comprueba correctamente los permisos antes de realizar chmod, lo que permite a usuarios locales modificar los permisos de archivos de su elecci\u00f3n mediante un ataque de enlaces simb\u00f3licos, una vulnerabilidad distinta a CVE-2005-0448 y CVE-2004-0452."
}
],
"id": "CVE-2008-2827",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-06-23T19:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://rt.cpan.org/Public/Bug/Display.html?id=36982"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30790"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30837"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31687"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:165"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29902"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020373"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43308"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://rt.cpan.org/Public/Bug/Display.html?id=36982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01025.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of perl as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, Red Hat Application Stack 1, or Solaris versions of Red Hat Directory Server 7.1 and 8, Certificate System 7.x.",
"lastModified": "2008-06-24T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-11 18:55
Modified
2025-04-11 00:51
Severity ?
Summary
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html | ||
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html | ||
| secalert@redhat.com | http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html | ||
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/04/01/3 | Exploit, Patch | |
| secalert@redhat.com | http://openwall.com/lists/oss-security/2011/04/04/35 | Exploit, Patch | |
| secalert@redhat.com | http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99 | Patch | |
| secalert@redhat.com | http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336 | Exploit | |
| secalert@redhat.com | http://secunia.com/advisories/43921 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/44168 | ||
| secalert@redhat.com | http://www.debian.org/security/2011/dsa-2265 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2011:091 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/47124 | Exploit | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=692844 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=692898 | Exploit, Patch | |
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/66528 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/04/01/3 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://openwall.com/lists/oss-security/2011/04/04/35 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/43921 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/44168 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2011/dsa-2265 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2011:091 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/47124 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=692844 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=692898 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/66528 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.13.0 | |
| perl | perl | 5.13.1 | |
| perl | perl | 5.13.2 | |
| perl | perl | 5.13.3 | |
| perl | perl | 5.13.4 | |
| perl | perl | 5.13.5 | |
| perl | perl | 5.13.6 | |
| perl | perl | 5.13.7 | |
| perl | perl | 5.13.8 | |
| perl | perl | 5.13.9 | |
| perl | perl | 5.13.10 | |
| perl | perl | 5.13.11 | |
| perl | perl | 5.11.0 | |
| perl | perl | 5.11.1 | |
| perl | perl | 5.11.2 | |
| perl | perl | 5.11.3 | |
| perl | perl | 5.11.4 | |
| perl | perl | 5.11.5 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B84C088-F29F-4498-A390-187505361962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17E86767-47EB-4A39-B8E1-A4B9AB4BC20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DB77E3D6-9F24-4C51-86E4-CD014DF0F66E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D67E248-C0B8-4713-9D9A-47097885A2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B32436EE-DA64-41AD-B967-26C6D4973FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CF46E50D-AE29-49FD-884B-488D9EB879D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93813F8D-F22F-43E3-B894-BEB7FA6204F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B280339A-1CED-4FBD-8B3C-A48B07FE9BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC85766E-3A59-4711-85C9-62AC01F2A87D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC9AA38-4A25-4825-9EDD-E93353A8B195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "388E8952-47B7-426E-AE35-0216FD60CC8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "105AB2DD-5E61-4369-8383-B7BF13B85444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2F4C5C-2B56-450A-813F-254019FBB854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "226424B4-7299-4E28-BBB1-0FCC9E2602E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C16C918C-A1C4-425B-9C0C-B239B3482A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5393E265-60C1-43A6-9EFE-505A115053DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD50D93-8395-4698-A12B-D9CAAB022BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.11:*:*:*:*:*:*:*",
"matchCriteriaId": "04EE04B4-71DD-4A87-BA2D-79954AEF5DD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77B23E85-8167-4B17-8D76-BD807067BB4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8355C16E-16D4-4A68-BFD3-125892E3FA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85FFA753-4B14-4B52-941F-C33D41451EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B99FD006-688D-43BB-901A-FB9192157947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD582A1-DCCF-4D54-8177-45E861A0C263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E5AF4FAA-A591-43FB-A9B1-FD47EF0AC622",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC3F8EA-BE60-4EAB-A9B9-DB1368B5430C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "C0D13359-AC5F-40CB-B906-8E03526CE045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A5E92FB2-7C21-4F06-AE3F-562551A758AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D213529E-33EF-43D1-A673-3C94191427D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6539E09-4DC5-4C53-AFF1-70D06BBA9E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "52D8DF08-AE73-4529-B212-CA31F02A719E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "EA054FCE-FABC-4EB5-9759-F77C6F250B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5DDFC6-4EDF-452A-B561-C9115D91FB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1DBAB61-4BFB-4664-98CF-77C617F982A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8A7580C2-44DE-48E5-AC26-A221537C95D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54E04A5E-BE90-4A31-8C1D-09A91DD3E7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1A52ADD6-05DE-4A16-9745-D92CD5F46502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF99954-5B94-4092-83B9-7D17EEDB30A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38A25AC3-1C81-4234-8B7E-0D59EA1F103B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "93E670B7-6956-4A13-A2A8-F675C0B093FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "23F1C64E-1446-409D-9F53-1C03724A10E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string."
},
{
"lang": "es",
"value": "Las funciones (1) lc, (2) lcfirst, (3) uc, y (4) ucfirst en Perl v5.10.x, v5.11.x, y v5.12.x hasta v5.12.3, y v5.13.x hasta v5.13.11, no aplica el atributo taint para devolver el valor sobre el proceso de entrada tainted, lo que puede permitir a atacantes dependientes del contexto evitar el mecanismo de protecci\u00f3n de taint a trav\u00e9s de una cadena manipulada."
}
],
"id": "CVE-2011-1487",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-04-11T18:55:03.773",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/04/01/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/04/04/35"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43921"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/44168"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2265"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:091"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/47124"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=692844"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=692898"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/04/01/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/04/04/35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/47124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=692844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=692898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66528"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-09 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536 | ||
| secalert@redhat.com | http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes | ||
| secalert@redhat.com | http://rhn.redhat.com/errata/RHSA-2012-1116.html | ||
| secalert@redhat.com | http://secunia.com/advisories/48307 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/48319 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/48824 | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-201204-08.xml | ||
| secalert@redhat.com | http://www.debian.org/security/2012/dsa-2431 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2012:112 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2012/03/09/6 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2012/03/10/4 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=801733 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/73854 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/73855 | ||
| secalert@redhat.com | https://rt.cpan.org/Public/Bug/Display.html?id=75642 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://rhn.redhat.com/errata/RHSA-2012-1116.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48307 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48319 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/48824 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-201204-08.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2012/dsa-2431 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2012:112 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/03/09/6 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2012/03/10/4 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=801733 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/73854 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/73855 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rt.cpan.org/Public/Bug/Display.html?id=75642 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | * | |
| perl | perl | 0.1 | |
| perl | perl | 0.2 | |
| perl | perl | 0.3 | |
| perl | perl | 0.4 | |
| perl | perl | 0.5 | |
| perl | perl | 0.52 | |
| perl | perl | 0.61 | |
| perl | perl | 0.62 | |
| perl | perl | 0.63 | |
| perl | perl | 0.64 | |
| perl | perl | 0.65 | |
| perl | perl | 0.66 | |
| perl | perl | 0.67 | |
| perl | perl | 0.68 | |
| perl | perl | 0.69 | |
| perl | perl | 0.70 | |
| perl | perl | 0.71 | |
| perl | perl | 0.72 | |
| perl | perl | 0.73 | |
| perl | perl | 0.80 | |
| perl | perl | 0.81 | |
| perl | perl | 0.82 | |
| perl | perl | 0.83 | |
| perl | perl | 0.84 | |
| perl | perl | 0.85 | |
| perl | perl | 0.86 | |
| perl | perl | 0.87 | |
| perl | perl | 0.88 | |
| perl | perl | 0.89 | |
| perl | perl | 0.90 | |
| perl | perl | 0.91 | |
| perl | perl | 0.92 | |
| perl | perl | 0.93 | |
| perl | perl | 0.94 | |
| perl | perl | 0.95 | |
| perl | perl | 0.96 | |
| perl | perl | 0.97 | |
| perl | perl | 0.98 | |
| perl | perl | 0.99 | |
| perl | perl | 1.00 | |
| perl | perl | 1.01 | |
| perl | perl | 1.20 | |
| perl | perl | 1.21 | |
| perl | perl | 1.22 | |
| perl | perl | 1.31 | |
| perl | perl | 1.32 | |
| perl | perl | 1.40 | |
| perl | perl | 1.41 | |
| perl | perl | 1.42 | |
| perl | perl | 1.43 | |
| perl | perl | 1.44 | |
| perl | perl | 1.45 | |
| perl | perl | 1.46 | |
| perl | perl | 1.47 | |
| perl | perl | 1.48 | |
| perl | perl | 1.49 | |
| perl | perl | 2.0.0 | |
| perl | perl | 2.1.0 | |
| perl | perl | 2.1.1 | |
| perl | perl | 2.1.2 | |
| perl | perl | 2.1.3 | |
| perl | perl | 2.2.0 | |
| perl | perl | 2.2.1 | |
| perl | perl | 2.2.2 | |
| perl | perl | 2.3.0 | |
| perl | perl | 2.4.0 | |
| perl | perl | 2.5.0 | |
| perl | perl | 2.5.1 | |
| perl | perl | 2.6.0 | |
| perl | perl | 2.6.1 | |
| perl | perl | 2.6.2 | |
| perl | perl | 2.6.3 | |
| perl | perl | 2.6.4 | |
| perl | perl | 2.6.5 | |
| perl | perl | 2.6.6 | |
| perl | perl | 2.7.0 | |
| perl | perl | 2.7.1 | |
| perl | perl | 2.7.2 | |
| perl | perl | 2.8.0 | |
| perl | perl | 2.8.1 | |
| perl | perl | 2.8.2 | |
| perl | perl | 2.8.3 | |
| perl | perl | 2.8.4 | |
| perl | perl | 2.8.5 | |
| perl | perl | 2.8.6 | |
| perl | perl | 2.8.7 | |
| perl | perl | 2.8.8 | |
| perl | perl | 2.9.0 | |
| perl | perl | 2.9.1 | |
| perl | perl | 2.9.2 | |
| perl | perl | 2.10.0 | |
| perl | perl | 2.10.1 | |
| perl | perl | 2.10.2 | |
| perl | perl | 2.10.3 | |
| perl | perl | 2.10.4 | |
| perl | perl | 2.10.5 | |
| perl | perl | 2.10.6 | |
| perl | perl | 2.10.7 | |
| perl | perl | 2.11.0 | |
| perl | perl | 2.11.1 | |
| perl | perl | 2.11.2 | |
| perl | perl | 2.11.3 | |
| perl | perl | 2.11.4 | |
| perl | perl | 2.11.5 | |
| perl | perl | 2.11.6 | |
| perl | perl | 2.11.7 | |
| perl | perl | 2.11.8 | |
| perl | perl | 2.12.0 | |
| perl | perl | 2.13.0 | |
| perl | perl | 2.14.0 | |
| perl | perl | 2.14.1 | |
| perl | perl | 2.15.0 | |
| perl | perl | 2.15.1 | |
| perl | perl | 2.16.0 | |
| perl | perl | 2.16.1 | |
| perl | perl | 2.17.0 | |
| perl | perl | 2.17.1 | |
| perl | perl | 2.17.2 | |
| perl | perl | 2.18.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "736230E6-7071-4650-8FB0-DD5624C9172C",
"versionEndIncluding": "2.18.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1EF38B8-36B2-4F21-8F41-D0CDE28CDE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE4F0BB5-7DB7-4CC6-83C5-D8C84DC2A863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEC53956-98C5-4355-8670-9BB4A479BCC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB8269B-270B-455F-94B1-0F1025041EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3460B9A-89F5-4F3C-80DB-0DE6099D64E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "40C34F0C-B9A4-4AB4-8B34-44A65103DBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.61:*:*:*:*:*:*:*",
"matchCriteriaId": "65434B07-D9FB-4D3A-B63C-48DA7ED603EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.62:*:*:*:*:*:*:*",
"matchCriteriaId": "0C634C91-BFD6-480A-ABC9-557066A11E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "C92F2903-486A-4656-8E43-AF6D9E475A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "47C86A61-CBDF-40A1-AC66-AB452C1C4FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "519DD527-BFE9-4166-A391-127FB8EDFA81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.66:*:*:*:*:*:*:*",
"matchCriteriaId": "66842472-632B-4505-B3E0-32C59AA73AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "34774222-0D33-41F0-A917-09B044A53800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4C35D3-8169-41AA-8719-5E2D32DEF265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.69:*:*:*:*:*:*:*",
"matchCriteriaId": "2880F00C-B64E-4B69-9FFD-FFAF00E0EA31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "978875E8-61E6-43C8-8E1B-BAA9BFE696E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "45A9FB3A-ABF7-44E5-B3F3-C24E3FC2E440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "2E2B3B94-DA75-44A8-B13B-004989615B4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "E758B292-C06F-4AF7-99B9-2BC49533C25A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "49F89A9B-4EAA-41A0-AEB6-16B7A7C13127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "110AB146-D842-49AE-A6FB-15574D94F556",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "187FE6D6-7785-45C3-9FAF-C55AC370FD7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "F05B9866-08CD-4A32-8B59-4AA3818B2B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "C662A095-27AD-41B1-B92C-3352A68001DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "890F038F-7668-4D67-8787-385145DE7F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "27C2A9DD-5A7D-489F-B2B2-BA2DD1FE5385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "98419B2D-7EF8-4F16-A95D-93D4C097F10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "F071074B-25A2-4ADA-AA51-DD5E07E44EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.89:*:*:*:*:*:*:*",
"matchCriteriaId": "3795B65D-4B65-419E-8ADC-8806BE12E0F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "17578EF4-677D-4C0D-AE02-0B59EDF19CE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "93DEF1EF-0286-4603-B9D8-05908189184A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6A170ED4-8B94-4C09-A5D5-B6A9A5D04AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "0990BD24-ED47-44EF-962D-4737DD295D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B0D454-CD0E-4BF1-A516-A4A5E19A447D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "6D12BD17-3FBE-4917-9D44-4135FC857CBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "AF110E96-77E7-4BF9-9309-606E02871360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "1C44DEA9-D1CC-4D6F-BFB4-F20BA8CBD837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "00ABCC48-9B7E-4312-8B64-44399409EDE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "CB8D8793-F072-4C7A-84B5-79EB6D0541BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA44592-DC6D-4FB7-AC1D-A300643922C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBE0151-85BA-449C-880F-E23D8C446D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "83F3ED90-9586-41DB-9B83-C6B05C605213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0DB562AC-B665-4F2B-B004-9E848ACC7C20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "8305CB5A-A64A-4F11-B912-B2E428513E22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.31:*:*:*:*:*:*:*",
"matchCriteriaId": "367FF98C-12FF-4CEC-9870-6356FAD3C523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.32:*:*:*:*:*:*:*",
"matchCriteriaId": "191EDFB5-F9AB-4A8B-BFC7-9BB7BCE7AAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "A253AEB7-A581-4E1F-9410-E056390C0BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.41:*:*:*:*:*:*:*",
"matchCriteriaId": "2696ACCA-47FC-4D25-8A08-17F7CD640040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.42:*:*:*:*:*:*:*",
"matchCriteriaId": "50F9F981-903A-48F8-ACD9-48308E639261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.43:*:*:*:*:*:*:*",
"matchCriteriaId": "99E7410D-A498-49FB-818E-309BDBDB7A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.44:*:*:*:*:*:*:*",
"matchCriteriaId": "85BE0085-3E86-4A39-8AE4-76ED06D2534B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.45:*:*:*:*:*:*:*",
"matchCriteriaId": "2614B8FD-F7A5-4C70-AE1E-2255FCAB1154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.46:*:*:*:*:*:*:*",
"matchCriteriaId": "58387159-A167-4032-9F3F-B517EF2185F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.47:*:*:*:*:*:*:*",
"matchCriteriaId": "CB414CE9-5EFA-45F7-BB0B-B8B3893444DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.48:*:*:*:*:*:*:*",
"matchCriteriaId": "93FBE9FB-99AC-4800-BB1F-4F0689E0A07A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.49:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB83944-0183-4DDB-B20E-0C8A7646A07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80151ACD-28DC-4383-9B7E-F2B759299341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C15294D-F2AC-4E81-A612-14A31510449D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF2EE2D3-A942-4CAE-8F14-213BB6CBD62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05630C5E-263A-4974-81A0-2DC178B9708C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4B372AF6-29BB-4DAA-B3DA-3F8AE7BBC5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C17CD4D0-DFE5-4C01-BEEA-891C865E18AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEB7512-D7E2-4F24-B96F-4FFE9E650262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "307F457C-4015-4857-ADB8-637BC53DEB54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B645F9A1-44FB-4504-BF6C-2810EE841025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E91B29C4-3709-473E-8F69-69D77ECEB221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB3068F9-9A65-4DC4-88C2-19C8E1807CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ADDA896A-8EA8-4924-A648-6001F83F8AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "91611ED9-FFDE-42B2-8E02-5B089A34DB33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "638055BA-CB01-404E-B9CD-D9EEB284ACE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54F33281-2EA9-49EF-A074-E0AE93D4DC72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2EA4A6E5-F1A0-42E8-BB49-E06497DA582B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "085763C4-D71A-47AF-B64C-829E6EC8E6D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9805F52C-B9F4-4531-A478-C3FA03D1EA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1183DBED-4EF7-4942-9400-D57BC0C63773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4FCE3D75-98D9-4D95-9EB9-F33E37CC047B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58228B5F-7FA1-42B5-BC4A-A5F6535E2C39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D4C885-1FDB-479C-9626-B006E1C84E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6574874E-EE2A-43B0-9D4B-9106C46BF8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62A4C415-6408-4A7E-A1C9-8A327B0DEA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B35E250-F525-4EF5-9DBD-D80D68E5C00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79388C94-3306-4FD2-880E-56D42830B822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E181D243-AFF0-41E3-A969-3DC67E81E8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D445C68D-BFB8-4BAB-B995-FADF7CA5DF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D8982A13-3F5E-4B52-932C-00BD7CEA7625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B0518BBC-BE6F-4949-A39B-1BE1FFA9442D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5F66A1-E3C6-4D89-B3E3-AF46CC98BB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8090363F-1850-4095-A212-0A554EA37A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26FA77D7-CE3B-4ED2-8117-E6CC1BA39B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4687A27-D41C-489D-AA95-E6999ABB696D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C03AD0EA-BFB8-480D-9B9C-6D6BD0DABDB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59BADDB6-D48A-4DC0-A758-902F0EBC51CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D12770F8-8729-4712-9023-64CB2B374BCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4A7FD104-1DE9-4A2A-AB2B-CD4AD9E70A93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A33D85D8-AA73-4120-9DB0-85B9E0BC14F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "079B9B47-194A-4047-AFEB-ABAD9CA5E53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "98034760-4DF2-4D7B-92D8-02EDCF56E618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7EB7B211-AFE1-4D1A-B46F-86394981D5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "930C1B45-2ABE-42DD-8D10-B375ED796F4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B5811AB6-ED08-40C9-A0CD-77793A495E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82185F66-9E19-4C56-8E77-5C153275A542",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E51FAC0-BEF4-4839-B3C0-CCC9ED015582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D902DF16-5F3A-485E-9409-BC47A4E46014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8FA7E4-B406-4587-86A7-F560FE64A3B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "77C35F36-AD3C-418C-ACED-486FF06EFFC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B28DF2CD-1BEC-4F5E-AD30-7F84E58DF223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3960D793-C3C8-40FC-83B2-710ED2F5D658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5DDE4919-FA8A-485B-9F0E-BD015B1D4D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC022C7A-35DD-445D-B9D3-6024CF28610E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88D408D9-B90D-495A-BC09-E322FBE78E06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D00E45-E017-43AB-AAF9-9B4721CD8E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDB7238-FD06-4872-A736-9D988A0433E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "676C7999-B586-40E0-83E8-EB09E3F107C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31B80A50-5766-4ED7-9254-5CDDB74C7C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF88AD1-AECE-4227-AE63-EA3E279238C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED441D3-6D17-4F8E-AF0E-27D813B2C68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22CAAB68-FD86-49DB-8DA7-F16FC3F6B878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF19BA4-1BF5-4F1E-BE6C-318B581D1EB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6EE9535-B8AB-4DC8-A012-405FDEF88CA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de formato de cadena en dbdimp.c en el m\u00f3dulo DBD::Pg (tambi\u00e9n conocido como DBD-Pg o libdbd-pg-perl) anteriores a c2.19.0 en Perl, permite a servidores remotos de bases de datos a provocar una denegaci\u00f3n de servicio (ca\u00edda de proceso) a trav\u00e9s de unos especificadores de formato de cadena en (1) una advertencia de la base de datos sobre la funci\u00f3n pg_warn o (2) una declaraci\u00f3n DBD manipulada sobre la funci\u00f3n dbd_st_prepare."
}
],
"id": "CVE-2012-1151",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-09T21:55:05.213",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536"
},
{
"source": "secalert@redhat.com",
"url": "http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1116.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48307"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48319"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48824"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201204-08.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2431"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:112"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/09/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/10/4"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=801733"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73854"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73855"
},
{
"source": "secalert@redhat.com",
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=75642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1116.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201204-08.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/09/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/10/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=801733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=75642"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-21 16:30
Modified
2025-04-11 00:51
Severity ?
Summary
The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html | ||
| secalert@redhat.com | http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in | ||
| secalert@redhat.com | http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes | ||
| secalert@redhat.com | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 | ||
| secalert@redhat.com | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 | ||
| secalert@redhat.com | http://secunia.com/advisories/40049 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/40052 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/42402 | ||
| secalert@redhat.com | http://securitytracker.com/id?1024062 | Vendor Advisory | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2010:115 | ||
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDVSA-2010:116 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2010/05/20/5 | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2010-0457.html | Vendor Advisory | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2010-0458.html | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2010/3075 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=576508 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7424 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9807 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/40049 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/40052 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/42402 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1024062 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:115 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2010:116 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2010/05/20/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2010-0457.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2010-0458.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2010/3075 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=576508 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7424 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9807 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rafael_garcia-suarez | safe | 2.08 | |
| rafael_garcia-suarez | safe | 2.09 | |
| rafael_garcia-suarez | safe | 2.11 | |
| rafael_garcia-suarez | safe | 2.13 | |
| rafael_garcia-suarez | safe | 2.14 | |
| rafael_garcia-suarez | safe | 2.15 | |
| rafael_garcia-suarez | safe | 2.16 | |
| rafael_garcia-suarez | safe | 2.17 | |
| rafael_garcia-suarez | safe | 2.18 | |
| rafael_garcia-suarez | safe | 2.19 | |
| rafael_garcia-suarez | safe | 2.20 | |
| rafael_garcia-suarez | safe | 2.21 | |
| rafael_garcia-suarez | safe | 2.22 | |
| rafael_garcia-suarez | safe | 2.23 | |
| rafael_garcia-suarez | safe | 2.24 | |
| perl | perl | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.08:*:*:*:*:*:*:*",
"matchCriteriaId": "7746745C-8CD2-4D73-BC6E-F1DAF00B7E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.09:*:*:*:*:*:*:*",
"matchCriteriaId": "4C790645-E23C-4F3B-951D-6BEC15D5B47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "864B8E5A-497B-4C89-ABC4-2D0ECEE854D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D494C134-889D-4C56-A518-2EF02EBB1411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C2720A-DF3D-4162-ACB5-66A3D09D5A52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFFCE6E-E9BA-4913-9913-5A3623580871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A174CC-76C2-4228-A940-5E5C0F9536C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F5B051FD-5421-4A12-80DB-AA257A4C0552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B9EAA44E-54E7-432A-85EF-BAEE98FA4705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9D8473-B0F3-49D8-BB4B-80868B815D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "EE3853FB-92DE-4FF5-AE31-451E0FF69358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB616A7-9CDA-4C19-B9B9-21EE88D0B50F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "CE932500-4916-40DD-832E-47A6DD052F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "AF506158-4F67-4086-9A41-E6C43D922D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "99A89508-2CB2-4373-9450-FCAF04A64A5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB490BCA-8592-4324-BCE3-396BFD647D5E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to \"automagic methods.\""
},
{
"lang": "es",
"value": "El m\u00f3dulo Safe (Safe.pm) en versiones anteriores a la v2.25 de Perl permite a atacantes, dependiendo del contexto, evitar las restricciones de acceso previstas (1) Safe::reval y (2) Safe::rdo, e inyectar y ejecutar c\u00f3digo de su elecci\u00f3n, a trav\u00e9s de vectores de ataque que involucran m\u00e9todos llamados impl\u00edcitamente y objetos impl\u00edcitamente \"blessed\", como se ha demostrado por los m\u00e9todos (a) DESTROY y (b) AUTOLOAD. Relacionado con los \"automagic methods\"."
}
],
"id": "CVE-2010-1168",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-06-21T16:30:01.133",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html"
},
{
"source": "secalert@redhat.com",
"url": "http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in"
},
{
"source": "secalert@redhat.com",
"url": "http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes"
},
{
"source": "secalert@redhat.com",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "secalert@redhat.com",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40049"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40052"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42402"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1024062"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:115"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/05/20/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0457.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/3075"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=576508"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7424"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42402"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1024062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/05/20/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0457.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/3075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=576508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9807"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-19 18:29
Modified
2025-04-20 01:37
Severity ?
Summary
Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.debian.org/security/2017/dsa-3982 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/100860 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1492091 | Issue Tracking, Patch, Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5 | Patch, Vendor Advisory | |
| cve@mitre.org | https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1 | Release Notes, Vendor Advisory | |
| cve@mitre.org | https://rt.perl.org/Public/Bug/Display.html?id=131582 | ||
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20180426-0001/ | ||
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujul2020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3982 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100860 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1492091 | Issue Tracking, Patch, Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1 | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rt.perl.org/Public/Bug/Display.html?id=131582 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20180426-0001/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2020.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB276E2C-622C-45EB-8378-35751366049F",
"versionEndIncluding": "5.24.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71CAECA-2A6A-4604-863F-3C1C055FB1CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a \u0027\\N{}\u0027 escape and the case-insensitive modifier."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n S_regatom en el archivo regcomp.c en Perl 5 anterior a versi\u00f3n 5.24.3-RC1 y versi\u00f3n 5.26.x anterior a 5.26.1-RC1, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (escritura fuera de l\u00edmites) por medio de una expresi\u00f3n regular con un escape \u0027\\N{}\u0027 y el modificador que no distingue entre may\u00fasculas y min\u00fasculas."
}
],
"id": "CVE-2017-12837",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-19T18:29:00.167",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100860"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492091"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"source": "cve@mitre.org",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131582"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-07 21:29
Modified
2024-11-21 03:55
Severity ?
Summary
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://seclists.org/fulldisclosure/2019/Mar/49 | Mailing List, Third Party Advisory | |
| cve@mitre.org | http://www.securityfocus.com/bid/106145 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1042181 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHBA-2019:0327 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:0001 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:0010 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:0109 | Third Party Advisory | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:1790 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:1942 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2019:2400 | ||
| cve@mitre.org | https://bugzilla.redhat.com/show_bug.cgi?id=1646730 | Issue Tracking, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be | Patch, Third Party Advisory | |
| cve@mitre.org | https://kc.mcafee.com/corporate/index?page=content&id=SB10278 | Third Party Advisory | |
| cve@mitre.org | https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/ | ||
| cve@mitre.org | https://metacpan.org/changes/release/SHAY/perl-5.26.3 | Third Party Advisory | |
| cve@mitre.org | https://metacpan.org/changes/release/SHAY/perl-5.28.1 | Third Party Advisory | |
| cve@mitre.org | https://rt.perl.org/Ticket/Display.html?id=133204 | Issue Tracking, Third Party Advisory | |
| cve@mitre.org | https://seclists.org/bugtraq/2019/Mar/42 | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201909-01 | ||
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20190221-0003/ | Third Party Advisory | |
| cve@mitre.org | https://support.apple.com/kb/HT209600 | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3834-1/ | Third Party Advisory | |
| cve@mitre.org | https://usn.ubuntu.com/3834-2/ | Third Party Advisory | |
| cve@mitre.org | https://www.debian.org/security/2018/dsa-4347 | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuapr2020.html | ||
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujul2020.html | ||
| cve@mitre.org | https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2019/Mar/49 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106145 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1042181 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHBA-2019:0327 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0001 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0010 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:0109 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:1790 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:1942 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:2400 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1646730 | Issue Tracking, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://kc.mcafee.com/corporate/index?page=content&id=SB10278 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://metacpan.org/changes/release/SHAY/perl-5.26.3 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://metacpan.org/changes/release/SHAY/perl-5.28.1 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rt.perl.org/Ticket/Display.html?id=133204 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://seclists.org/bugtraq/2019/Mar/42 | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201909-01 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190221-0003/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/kb/HT209600 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3834-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3834-2/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2018/dsa-4347 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2020.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | * | |
| perl | perl | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| netapp | e-series_santricity_os_controller | - | |
| netapp | snap_creator_framework | - | |
| netapp | snapcenter | - | |
| netapp | snapdriver | - | |
| redhat | openshift_container_platform | 3.11 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 7.4 | |
| redhat | enterprise_linux | 7.5 | |
| redhat | enterprise_linux | 7.6 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_eus | 7.6 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| apple | mac_os_x | * | |
| fedoraproject | fedora | 29 | |
| mcafee | web_gateway | * | |
| mcafee | web_gateway | * | |
| mcafee | web_gateway | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0FEAD21-C9A0-40F3-8F2E-489750B07760",
"versionEndExcluding": "5.26.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "054E1C6A-1EC3-4877-839C-1C28FCEC501A",
"versionEndExcluding": "5.28.1",
"versionStartIncluding": "5.28.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2EBD848-26BA-4EF6-81C8-83B6DFFC75DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapdriver:-:*:*:*:*:unix:*:*",
"matchCriteriaId": "19F76A75-CFAE-4E1B-A845-E9E2E236C5DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "041F9200-4C01-4187-AE34-240E8277B54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB48767-F095-444F-9E05-D9AC345AB803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6FA12B-504C-4DBF-A32E-0548557AA2ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09CDBB72-2A0D-4321-BA1F-4FB326A5646A",
"versionEndExcluding": "10.14.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F4117D-97ED-4DD8-843F-F4147342AAE0",
"versionEndExcluding": "7.7.2.21",
"versionStartIncluding": "7.7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70504EAB-FC1C-4E0B-859E-49BD13685E13",
"versionEndExcluding": "7.8.2.8",
"versionStartIncluding": "7.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D943214-14D8-47BC-BCF4-76B78EE95028",
"versionEndExcluding": "8.1.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations."
},
{
"lang": "es",
"value": "Perl, en versiones anteriores a la 5.26.3 y versiones 5.28.0.x anteriores a la 5.28.1, tiene un desbordamiento de b\u00fafer mediante una expresi\u00f3n regular manipulada que desencadena operaciones inv\u00e1lidas de escritura."
}
],
"id": "CVE-2018-18311",
"lastModified": "2024-11-21T03:55:40.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-07T21:29:00.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106145"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0109"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:1790"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:1942"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2400"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646730"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.28.1"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://rt.perl.org/Ticket/Display.html?id=133204"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3834-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:1790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:1942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.28.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://rt.perl.org/Ticket/Display.html?id=133204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3834-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-07 21:55
Modified
2025-04-11 00:51
Severity ?
Summary
ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500 | ||
| secalert@redhat.com | http://secunia.com/advisories/47015 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2011/11/30/2 | ||
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2011/11/30/3 | ||
| secalert@redhat.com | http://www.osvdb.org/77428 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/50868 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4363 | ||
| secalert@redhat.com | https://rt.cpan.org/Public/Bug/Display.html?id=72862 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/47015 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/11/30/2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/11/30/3 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/77428 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/50868 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4363 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rt.cpan.org/Public/Bug/Display.html?id=72862 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:frii:proc\\:\\:processtable:0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "F99BC44D-5322-411E-9B58-77BCB68E0E8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3CC502-19A6-4C80-B68F-71107CE9196C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS."
},
{
"lang": "es",
"value": "ProcessTable.pm en el m\u00f3dulo Proc::ProcessTable v0.45 para Perl, cuando el cach\u00e9 de informaci\u00f3n TTY est\u00e1 activado, permite a usuarios locales sobrescribir ficheros a trav\u00e9s de un ataque de enlaces simb\u00f3licos en /tmp/TTYDEVS."
}
],
"id": "CVE-2011-4363",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-10-07T21:55:00.940",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/47015"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/11/30/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/11/30/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/77428"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/50868"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4363"
},
{
"source": "secalert@redhat.com",
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=72862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/47015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/11/30/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/11/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/77428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/50868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=72862"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 16:55
Modified
2025-04-12 10:46
Severity ?
Summary
The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://advisories.mageia.org/MGASA-2014-0406.html | ||
| cve@mitre.org | http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139441.html | ||
| cve@mitre.org | http://packetstormsecurity.com/files/128422/Perl-5.20.1-Deep-Recursion-Stack-Overflow.html | Exploit | |
| cve@mitre.org | http://seclists.org/fulldisclosure/2014/Sep/84 | Exploit | |
| cve@mitre.org | http://seclists.org/oss-sec/2014/q3/692 | Exploit | |
| cve@mitre.org | http://secunia.com/advisories/61441 | ||
| cve@mitre.org | http://secunia.com/advisories/61961 | ||
| cve@mitre.org | http://www.mandriva.com/security/advisories?name=MDVSA-2015:136 | ||
| cve@mitre.org | http://www.nntp.perl.org/group/perl.perl5.porters/2014/09/msg220118.html | ||
| cve@mitre.org | http://www.securityfocus.com/archive/1/533543/100/0/threaded | ||
| cve@mitre.org | http://www.securityfocus.com/bid/70142 | ||
| cve@mitre.org | http://www.ubuntu.com/usn/USN-2916-1 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/96216 | ||
| cve@mitre.org | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 | ||
| cve@mitre.org | https://metacpan.org/pod/distribution/Data-Dumper/Changes | ||
| cve@mitre.org | https://www.lsexperts.de/advisories/lse-2014-06-10.txt | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://advisories.mageia.org/MGASA-2014-0406.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139441.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://packetstormsecurity.com/files/128422/Perl-5.20.1-Deep-Recursion-Stack-Overflow.html | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/fulldisclosure/2014/Sep/84 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://seclists.org/oss-sec/2014/q3/692 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/61441 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/61961 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDVSA-2015:136 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.nntp.perl.org/group/perl.perl5.porters/2014/09/msg220118.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/533543/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/70142 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ubuntu.com/usn/USN-2916-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/96216 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://metacpan.org/pod/distribution/Data-Dumper/Changes | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.lsexperts.de/advisories/lse-2014-06-10.txt | Exploit |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | * | |
| data_dumper_project | data_dumper | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77A06910-39E5-4216-9299-BD5924666B34",
"versionEndIncluding": "5.20.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:data_dumper_project:data_dumper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E15A758B-D662-454B-B5ED-707D4490E448",
"versionEndIncluding": "2.151",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function."
},
{
"lang": "es",
"value": "El m\u00e9todo Dumper en Data::Dumper anterior a 2.154, utilizado en Perl 5.20.1 y anteriores, permite a atacantes dependientes de contexto causar una denegaci\u00f3n de servicio (consumo de la pila y ca\u00edda) a trav\u00e9s de una referencia de array con muchas referencias de array anidadas, lo que provoca un n\u00famero grande de llamadas recursivas a la funci\u00f3n DD_dump."
}
],
"id": "CVE-2014-4330",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-30T16:55:06.543",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2014-0406.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139441.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/128422/Perl-5.20.1-Deep-Recursion-Stack-Overflow.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/84"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/oss-sec/2014/q3/692"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/61441"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/61961"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:136"
},
{
"source": "cve@mitre.org",
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2014/09/msg220118.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/533543/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/70142"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96216"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"source": "cve@mitre.org",
"url": "https://metacpan.org/pod/distribution/Data-Dumper/Changes"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.lsexperts.de/advisories/lse-2014-06-10.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0406.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139441.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/128422/Perl-5.20.1-Deep-Recursion-Stack-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/84"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/oss-sec/2014/q3/692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2014/09/msg220118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/533543/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://metacpan.org/pod/distribution/Data-Dumper/Changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.lsexperts.de/advisories/lse-2014-06-10.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-25 15:59
Modified
2025-04-12 10:46
Severity ?
Summary
The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."
References
| ▶ | URL | Tags | |
|---|---|---|---|
| security@debian.org | http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html | ||
| security@debian.org | http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5 | Vendor Advisory | |
| security@debian.org | http://www.openwall.com/lists/oss-security/2016/04/20/5 | ||
| security@debian.org | http://www.openwall.com/lists/oss-security/2016/04/20/7 | ||
| security@debian.org | http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | ||
| security@debian.org | http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html | ||
| security@debian.org | http://www.securityfocus.com/bid/86707 | ||
| security@debian.org | https://bugzilla.redhat.com/show_bug.cgi?id=1329106 | ||
| security@debian.org | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 | ||
| security@debian.org | https://rt.perl.org/Public/Bug/Display.html?id=123562 | ||
| security@debian.org | https://security.gentoo.org/glsa/201701-75 | ||
| security@debian.org | https://usn.ubuntu.com/3625-1/ | ||
| security@debian.org | https://usn.ubuntu.com/3625-2/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/04/20/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2016/04/20/7 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/86707 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=1329106 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://rt.perl.org/Public/Bug/Display.html?id=123562 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201701-75 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3625-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3625-2/ |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 22 | |
| perl | perl | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "546DB67C-2B49-4C49-B394-C6B2BD417EB0",
"versionEndIncluding": "5.23.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by \"a\\x80.\""
},
{
"lang": "es",
"value": "Las funciones (1) S_reghop3, (2) S_reghop4 y (3) S_reghopmaybe3 en regexec.c en Perl en versiones anteriores a 5.24.0 permiten a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (bucle infinito) a trav\u00e9s de datos utf-8 manipulados, seg\u00fan lo demostrado por \"a\\x80\"."
}
],
"id": "CVE-2015-8853",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-25T15:59:01.473",
"references": [
{
"source": "security@debian.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5"
},
{
"source": "security@debian.org",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/5"
},
{
"source": "security@debian.org",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/7"
},
{
"source": "security@debian.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "security@debian.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/86707"
},
{
"source": "security@debian.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329106"
},
{
"source": "security@debian.org",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"source": "security@debian.org",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=123562"
},
{
"source": "security@debian.org",
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"source": "security@debian.org",
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"source": "security@debian.org",
"url": "https://usn.ubuntu.com/3625-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/86707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=123562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3625-2/"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-05 14:15
Modified
2024-11-21 04:55
Severity ?
Summary
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html | Mailing List, Third Party Advisory | |
| cve@mitre.org | https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod | Third Party Advisory | |
| cve@mitre.org | https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3 | Third Party Advisory | |
| cve@mitre.org | https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed | Patch, Third Party Advisory | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/ | ||
| cve@mitre.org | https://security.gentoo.org/glsa/202006-03 | Third Party Advisory | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20200611-0001/ | Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com//security-alerts/cpujul2021.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuApr2021.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujan2021.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpujan2022.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuoct2020.html | Patch, Third Party Advisory | |
| cve@mitre.org | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html | Mailing List, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/202006-03 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20200611-0001/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com//security-alerts/cpujul2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuApr2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuapr2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2021.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujan2022.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2020.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpuoct2021.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | * | |
| fedoraproject | fedora | 31 | |
| opensuse | leap | 15.1 | |
| oracle | communications_billing_and_revenue_management | 12.0.0.2.0 | |
| oracle | communications_billing_and_revenue_management | 12.0.0.3.0 | |
| oracle | communications_diameter_signaling_router | * | |
| oracle | communications_eagle_application_processor | * | |
| oracle | communications_eagle_lnp_application_processor | 10.1 | |
| oracle | communications_eagle_lnp_application_processor | 10.2 | |
| oracle | communications_eagle_lnp_application_processor | 46.7 | |
| oracle | communications_eagle_lnp_application_processor | 46.8 | |
| oracle | communications_eagle_lnp_application_processor | 46.9 | |
| oracle | communications_lsms | * | |
| oracle | communications_offline_mediation_controller | 12.0.0.3.0 | |
| oracle | communications_performance_intelligence_center | * | |
| oracle | communications_performance_intelligence_center | * | |
| oracle | communications_pricing_design_center | 12.0.0.3.0 | |
| oracle | configuration_manager | 12.1.2.0.8 | |
| oracle | enterprise_manager_base_platform | 13.4.0.0 | |
| oracle | sd-wan_edge | 8.2 | |
| oracle | sd-wan_edge | 9.0 | |
| oracle | sd-wan_edge | 9.1 | |
| oracle | tekelec_platform_distribution | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "FF17E933-217A-4DDA-91C2-FEF2739550A1",
"versionEndExcluding": "5.30.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ECD5E79-5C1B-42E9-BE0B-A034EE2D632D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C88D46AF-459D-4917-9403-0F63FEC83512",
"versionEndIncluding": "8.5.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0E3537-CB5A-40BF-B42C-CED9211B8892",
"versionEndIncluding": "16.4.0",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "996861FC-0089-4BED-8E46-F2B76037EA65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "37764AF5-E42E-461E-AA43-763D21B3DCE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.7:*:*:*:*:*:*:*",
"matchCriteriaId": "879FE18D-6B1C-4CF7-B409-C379E9F60D0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BE3FB3-5619-4381-BE4E-FBADB3C747F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB3C447-DA3F-44FF-91FD-8985C0527940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "806AF4AF-12FB-4222-84E4-BC9D44EFF09F",
"versionEndIncluding": "13.4",
"versionStartIncluding": "13.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49ACFC73-A509-4D1C-8FC3-F68F495AB055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "977CA754-6CE0-4FCB-9683-D81B7A15449D",
"versionEndIncluding": "10.3.0.2.1",
"versionStartIncluding": "10.3.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29A3F7EF-2A69-427F-9F75-DDDBEE34BA2B",
"versionEndIncluding": "10.4.0.3.1",
"versionStartIncluding": "10.4.0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B49D71-6A31-497A-B6A9-06E84F086E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "495DECD7-B14F-4D59-B3E1-30BF9B267475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78C99571-0F3C-43E6-84B3-7D80E045EF8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77E39D5C-5EFA-4FEB-909E-0A92004F2563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06816711-7C49-47B9-A9D7-FB18CC3F42F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26F05F85-7458-4C8F-B93F-93C92E506A40",
"versionEndIncluding": "7.7.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow."
},
{
"lang": "es",
"value": "Perl versiones anteriores a 5.30.3 en plataformas de 32 bits permite un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria porque los cuantificadores de expresiones regulares anidadas presentan un desbordamiento de enteros"
}
],
"id": "CVE-2020-10543",
"lastModified": "2024-11-21T04:55:32.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-05T14:15:10.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-14 16:05
Modified
2025-04-11 00:51
Severity ?
Summary
The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511 | Exploit, Patch | |
| secalert@redhat.com | http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065416.html | Exploit, Patch | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2011/06/12/3 | Exploit, Patch | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2011/06/13/13 | Exploit, Patch | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2011/06/13/5 | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/48167 | Exploit | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=712694 | Exploit, Patch | |
| secalert@redhat.com | https://rt.cpan.org/Public/Bug/Display.html?id=61792 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065416.html | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/06/12/3 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/06/13/13 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/06/13/5 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/48167 | Exploit | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=712694 | Exploit, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rt.cpan.org/Public/Bug/Display.html?id=61792 | Exploit |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| mark_stosberg | data\ | \ | |
| perl | perl | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFABCFBC-0EC9-4DF4-B36E-C657272183A1",
"versionEndIncluding": "4.66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "672D4776-8D5B-4819-8BF3-AEDF26C3D96C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE0F8CE2-8032-4B42-954A-A2FE17756FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A1F5875-286A-400B-BD54-C126DBF9208D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4AE171E-7047-4028-8111-FBF69A2CA8BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "487D174E-2DE8-43BD-B775-2821D4664FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "564A8717-1CCE-4210-B371-610B3CF77864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F1260F48-15C0-4BB3-B7BF-FAE2FBD48730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AE318DEF-513B-4B8D-A234-BE163F999615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "89D205BE-D742-4835-BA7B-858A1CE1E573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E52CDBF8-F834-4F34-8D4A-05BDF9F0D72A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.91:*:*:*:*:*:*:*",
"matchCriteriaId": "2137D5D4-8007-454F-A212-1766B7F439F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.92:*:*:*:*:*:*:*",
"matchCriteriaId": "76788109-9544-4257-8371-07370FB6D8A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.93:*:*:*:*:*:*:*",
"matchCriteriaId": "405BB5BA-4723-4847-8748-61A69E7F53CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "131D4215-C4DC-4780-AA5B-06C1FEE61BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "4AEF3AE5-D0A4-4C68-89DB-696CBB716434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "0F844F48-EC40-422A-8088-BFC1647D6A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "E4034AF6-877B-477D-9C89-9AF4F5A3B08A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.04:*:*:*:*:*:*:*",
"matchCriteriaId": "18F27023-9062-49BA-A8FC-52DFB1A56E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1A409D95-DFA5-4A59-BC40-F593E280E007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.11_01:*:*:*:*:*:*:*",
"matchCriteriaId": "76DCC3E8-9419-4359-ACA9-88B45881BC9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.11_02:*:*:*:*:*:*:*",
"matchCriteriaId": "225F296B-AA04-426D-85EE-07CF3173F8E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.11_03:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B45194-6487-42A7-AF51-F065E60DF18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.11_04:*:*:*:*:*:*:*",
"matchCriteriaId": "A4485908-3E21-4223-8349-3FBAD619A217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "8998E587-98CA-4D3B-8388-45F181DAE970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "E98A159C-36EF-4764-849E-C548639BF888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DCD58054-2DCB-4CAD-8C4E-22D994E59A0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E44C0AD3-ACB5-41AD-BFF3-C3423C7438E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "18E52F34-8A1B-452B-966E-CD553580028B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9CC2BD62-0445-415D-B8BB-37EB70F4358D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "50A22B36-721E-4D4F-B37C-52927170029A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6C294C-90E6-4150-8976-508693BD3DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.49_1:*:*:*:*:*:*:*",
"matchCriteriaId": "D60A3C8F-E980-451B-BDF5-5D9A712BC3B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "0D4C0776-F778-47AF-9099-D7567AA72C8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "93A9749E-644A-4863-82C9-766AD7CA288D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "727FEE1D-23F9-4451-8072-34DDCBCAAE74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "AA70B179-D7EE-472B-882D-474BBBE23699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "51CD2258-08DF-4383-9B0F-6BB15CD5A5E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "C4C966AF-A159-4B5B-B0D8-6AD08B8929C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.56:*:*:*:*:*:*:*",
"matchCriteriaId": "B3AEBE47-23B4-47A4-8E99-0008400AAF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.57:*:*:*:*:*:*:*",
"matchCriteriaId": "1870B0DC-6BD0-4EFC-8716-772730845ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.58:*:*:*:*:*:*:*",
"matchCriteriaId": "8D302C63-E567-4552-9850-9EDEF4C9956A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.59:*:*:*:*:*:*:*",
"matchCriteriaId": "CE55ACEB-ECC0-4F9E-BAEF-3F8F1B4FFC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "4346B371-A067-45C5-A996-F8E9F6A64335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "FC0B54BA-7C06-40BC-AF06-1FA8DD55EB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "E4B664DE-93D4-4884-9DF4-5EBA1E9FDF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "E48EBC0D-2B32-4478-A453-437B4708C3CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA8D79F-7FD4-49ED-B862-4C5F9F69E189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.01:*:*:*:*:*:*:*",
"matchCriteriaId": "B47A1DEE-DB01-4525-AB1F-0ECB9418FE45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.02:*:*:*:*:*:*:*",
"matchCriteriaId": "E055B23E-E478-4CE9-961C-36FAB8A2D6E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C0DB0A-A0C1-47D4-A480-8CD0DA799751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "51229D5C-47E6-4DE6-8980-C9D463FBD767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "519DC991-4D87-4BF1-84ED-DE2C0B541989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BD26998A-A9A2-4A19-96A4-A63F8565090C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "6487F14B-3779-4612-8582-7E8875425BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC665D0-7F02-4A50-AAB6-6D5AB6CE32A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "D91D8001-0F08-4BF6-9140-F39A94F614F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.40:*:*:*:*:*:*:*",
"matchCriteriaId": "6D3E7868-5992-491F-A17F-D60A60943912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.49_01:*:*:*:*:*:*:*",
"matchCriteriaId": "02FA1232-DBE9-4F7F-A1E4-89E0E2A66F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.50:*:*:*:*:*:*:*",
"matchCriteriaId": "450FCFE6-BDDD-4654-A730-798B298E6DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.51:*:*:*:*:*:*:*",
"matchCriteriaId": "95D6EAC7-1215-426D-BBAB-0CDFB2D9D462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.52:*:*:*:*:*:*:*",
"matchCriteriaId": "D42D9B8C-5FE3-4987-90D2-13252EF9ADE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.53:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C4526E-EEDE-4A91-B1AD-8F8B70047045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.54:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAB3AC5-3629-4A7C-9B97-E463EC58363A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.55:*:*:*:*:*:*:*",
"matchCriteriaId": "16B7B04C-7CF5-4C34-BFBA-57850A70C97A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.56:*:*:*:*:*:*:*",
"matchCriteriaId": "140D6FB5-6EBF-476D-BA63-D75283786EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.57:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEC6A01-0480-413F-8DE4-CDDF5586C277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F5E661-8B88-42D0-8C50-9F7673C5D0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.61:*:*:*:*:*:*:*",
"matchCriteriaId": "698232CE-1461-43A3-9B4E-47698B5F81C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.62:*:*:*:*:*:*:*",
"matchCriteriaId": "08EF5774-2E9C-42E8-8621-8619D6B9A195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D12DA159-B0E2-47BA-A75D-E06FB6ED288E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.65:*:*:*:*:*:*:*",
"matchCriteriaId": "DBE69C8F-F659-43AE-8A7A-D3D02B2D2FE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB490BCA-8592-4324-BCE3-396BFD647D5E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input."
},
{
"lang": "es",
"value": "El m\u00f3dulo Data::FormValidator v4.66 y anteriores para Perl, cuando untaint_all_constraints est\u00e1 activada, no conserva correctamente el atributo taint de los datos, lo que podr\u00eda permitir a atacantes remotos evitar el mecanismo de protecci\u00f3n ante corrupci\u00f3n de datos a trav\u00e9s de un formulario de entrada."
}
],
"id": "CVE-2011-2201",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-14T16:05:23.527",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065416.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/12/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/13/13"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/06/13/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/48167"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=712694"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=61792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065416.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/12/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/13/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/06/13/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/48167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=712694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=61792"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-30 20:30
Modified
2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html | ||
| cve@mitre.org | http://secunia.com/advisories/34909 | ||
| cve@mitre.org | http://secunia.com/advisories/35058 | ||
| cve@mitre.org | http://secunia.com/advisories/35685 | ||
| cve@mitre.org | http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz | Patch | |
| cve@mitre.org | http://www.debian.org/security/2009/dsa-1780 | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2009-0479.html | ||
| cve@mitre.org | http://www.redhat.com/support/errata/RHSA-2009-1067.html | ||
| cve@mitre.org | http://www.securityfocus.com/bid/34755 | ||
| cve@mitre.org | https://exchange.xforce.ibmcloud.com/vulnerabilities/50467 | ||
| cve@mitre.org | https://launchpad.net/bugs/cve/2009-0663 | ||
| cve@mitre.org | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9499 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/34909 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35058 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/35685 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2009/dsa-1780 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-0479.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2009-1067.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/34755 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/50467 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://launchpad.net/bugs/cve/2009-0663 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9499 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB490BCA-8592-4324-BCE3-396BFD647D5E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cmu:dbd\\:\\:pg:1.49:*:*:*:*:*:*:*",
"matchCriteriaId": "0B17A3CD-3BF4-41AE-B755-6C5FA6401DEE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el m\u00f3dulo DBD::Pg (alias DBD-Pg o libdbd-pg-perl) v1.49 para Perl podr\u00eda permitir a atacantes, dependiendo del contexto, ejecutar c\u00f3digo arbitrario a trav\u00e9s de una entrada sin especificar a una aplicaci\u00f3n que utiliza las funciones getline y pg_getline para leer filas de la base de datos."
}
],
"id": "CVE-2009-0663",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-30T20:30:00.187",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34909"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35058"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35685"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1780"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0479.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1067.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34755"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50467"
},
{
"source": "cve@mitre.org",
"url": "https://launchpad.net/bugs/cve/2009-0663"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0479.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpad.net/bugs/cve/2009-0663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9499"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-29 00:15
Modified
2024-11-21 08:01
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2023/04/29/1 | Mailing List, Patch | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2023/05/03/3 | Mailing List, Patch | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2023/05/03/5 | Mailing List | |
| cve@mitre.org | http://www.openwall.com/lists/oss-security/2023/05/07/2 | Mailing List | |
| cve@mitre.org | https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/ | Mitigation, Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/andk/cpanpm/pull/175 | Exploit, Issue Tracking | |
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/ | ||
| cve@mitre.org | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/ | ||
| cve@mitre.org | https://metacpan.org/dist/CPAN/changes | Release Notes | |
| cve@mitre.org | https://security.netapp.com/advisory/ntap-20240621-0007/ | ||
| cve@mitre.org | https://www.openwall.com/lists/oss-security/2023/04/18/14 | Mailing List, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/04/29/1 | Mailing List, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/05/03/3 | Mailing List, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/05/03/5 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2023/05/07/2 | Mailing List | |
| af854a3a-2127-422b-91ae-364da2661108 | https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/ | Mitigation, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/andk/cpanpm/pull/175 | Exploit, Issue Tracking | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://metacpan.org/dist/CPAN/changes | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20240621-0007/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.openwall.com/lists/oss-security/2023/04/18/14 | Mailing List, Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cpanpm_project | cpanpm | * | |
| perl | perl | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanpm_project:cpanpm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90D5B630-223B-4035-89FF-84D4BD0D7C32",
"versionEndExcluding": "2.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00980675-EC82-443D-AFFE-B83E5239DAB9",
"versionEndExcluding": "5.38.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS."
}
],
"id": "CVE-2023-31484",
"lastModified": "2024-11-21T08:01:57.707",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-29T00:15:09.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/29/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/07/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/andk/cpanpm/pull/175"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://metacpan.org/dist/CPAN/changes"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://www.openwall.com/lists/oss-security/2023/04/18/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/29/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/07/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/andk/cpanpm/pull/175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://metacpan.org/dist/CPAN/changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://www.openwall.com/lists/oss-security/2023/04/18/14"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-01 17:03
Modified
2025-04-03 01:03
Severity ?
Summary
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch | ||
| secalert@redhat.com | ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch | ||
| secalert@redhat.com | ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U | ||
| secalert@redhat.com | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056 | ||
| secalert@redhat.com | http://docs.info.apple.com/article.html?artnum=304829 | ||
| secalert@redhat.com | http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html | ||
| secalert@redhat.com | http://marc.info/?l=full-disclosure&m=113342788118630&w=2 | ||
| secalert@redhat.com | http://secunia.com/advisories/17762 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/17802 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/17844 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/17941 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/17952 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/17993 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/18075 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/18183 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/18187 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/18295 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/18413 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/18517 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/19041 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/20894 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/23155 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/31208 | Vendor Advisory | |
| secalert@redhat.com | http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1 | ||
| secalert@redhat.com | http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm | ||
| secalert@redhat.com | http://www.debian.org/security/2006/dsa-943 | ||
| secalert@redhat.com | http://www.dyadsecurity.com/perl-0002.html | Patch, Vendor Advisory | |
| secalert@redhat.com | http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml | ||
| secalert@redhat.com | http://www.ipcop.org/index.php?name=News&file=article&sid=41 | ||
| secalert@redhat.com | http://www.kb.cert.org/vuls/id/948385 | US Government Resource | |
| secalert@redhat.com | http://www.mandriva.com/security/advisories?name=MDKSA-2005:225 | ||
| secalert@redhat.com | http://www.novell.com/linux/security/advisories/2005_29_sr.html | ||
| secalert@redhat.com | http://www.novell.com/linux/security/advisories/2005_71_perl.html | ||
| secalert@redhat.com | http://www.openbsd.org/errata37.html#perl | ||
| secalert@redhat.com | http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html | ||
| secalert@redhat.com | http://www.osvdb.org/21345 | ||
| secalert@redhat.com | http://www.osvdb.org/22255 | ||
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2005-880.html | Vendor Advisory | |
| secalert@redhat.com | http://www.redhat.com/support/errata/RHSA-2005-881.html | Vendor Advisory | |
| secalert@redhat.com | http://www.securityfocus.com/archive/1/418333/100/0/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/438726/100/0/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/archive/1/438726/100/0/threaded | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/15629 | ||
| secalert@redhat.com | http://www.trustix.org/errata/2005/0070 | ||
| secalert@redhat.com | http://www.us-cert.gov/cas/techalerts/TA06-333A.html | US Government Resource | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2005/2688 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2006/0771 | ||
| secalert@redhat.com | http://www.vupen.com/english/advisories/2006/2613 | Vendor Advisory | |
| secalert@redhat.com | http://www.vupen.com/english/advisories/2006/4750 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598 | ||
| secalert@redhat.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074 | ||
| secalert@redhat.com | https://usn.ubuntu.com/222-1/ | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch | ||
| af854a3a-2127-422b-91ae-364da2661108 | ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://docs.info.apple.com/article.html?artnum=304829 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://marc.info/?l=full-disclosure&m=113342788118630&w=2 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17762 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17802 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17844 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17941 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17952 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/17993 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18075 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18183 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18187 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18295 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18413 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/18517 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/19041 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/20894 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/23155 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/31208 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2006/dsa-943 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.dyadsecurity.com/perl-0002.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.ipcop.org/index.php?name=News&file=article&sid=41 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.kb.cert.org/vuls/id/948385 | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.mandriva.com/security/advisories?name=MDKSA-2005:225 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2005_29_sr.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.novell.com/linux/security/advisories/2005_71_perl.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openbsd.org/errata37.html#perl | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/21345 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.osvdb.org/22255 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2005-880.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.redhat.com/support/errata/RHSA-2005-881.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/418333/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/438726/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/archive/1/438726/100/0/threaded | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/15629 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.trustix.org/errata/2005/0070 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.us-cert.gov/cas/techalerts/TA06-333A.html | US Government Resource | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2005/2688 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/0771 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/2613 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.vupen.com/english/advisories/2006/4750 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/222-1/ | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53F0358E-0722-48A6-A2C6-470229602089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF69341A-4D00-424E-AD0F-FA7515278770",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications."
}
],
"id": "CVE-2005-3962",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-01T17:03:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch"
},
{
"source": "secalert@redhat.com",
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch"
},
{
"source": "secalert@redhat.com",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"source": "secalert@redhat.com",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=001056"
},
{
"source": "secalert@redhat.com",
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=full-disclosure\u0026m=113342788118630\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17762"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17802"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17844"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17941"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17952"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17993"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18075"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18183"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18187"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18295"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18413"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18517"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19041"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20894"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23155"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31208"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2006/dsa-943"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.dyadsecurity.com/perl-0002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=41"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/948385"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:225"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_29_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_71_perl.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openbsd.org/errata37.html#perl"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/21345"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/22255"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-880.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-881.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/418333/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/438726/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/438726/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/15629"
},
{
"source": "secalert@redhat.com",
"url": "http://www.trustix.org/errata/2005/0070"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2005/2688"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/0771"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2613"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/222-1/"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=001056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=113342788118630\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.dyadsecurity.com/perl-0002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=41"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/948385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_29_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_71_perl.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openbsd.org/errata37.html#perl"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/21345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-880.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-881.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/418333/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/438726/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/438726/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2005/0070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/222-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-10 10:55
Modified
2025-04-11 00:51
Severity ?
Summary
The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://osvdb.org/76025 | ||
| secalert@redhat.com | http://secunia.com/advisories/46275 | Vendor Advisory | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2011/10/05/5 | Patch | |
| secalert@redhat.com | http://www.openwall.com/lists/oss-security/2011/10/05/9 | Patch | |
| secalert@redhat.com | http://www.securityfocus.com/bid/49928 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=743567 | Patch | |
| secalert@redhat.com | https://rt.cpan.org/Public/Bug/Display.html?id=71421 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://osvdb.org/76025 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/46275 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/10/05/5 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.openwall.com/lists/oss-security/2011/10/05/9 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/49928 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=743567 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://rt.cpan.org/Public/Bug/Display.html?id=71421 | Patch |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adam_kennedy | crypt-dsa | * | |
| adam_kennedy | crypt-dsa | 0.01 | |
| adam_kennedy | crypt-dsa | 0.02 | |
| adam_kennedy | crypt-dsa | 0.03 | |
| adam_kennedy | crypt-dsa | 0.10 | |
| adam_kennedy | crypt-dsa | 0.11 | |
| adam_kennedy | crypt-dsa | 0.12 | |
| adam_kennedy | crypt-dsa | 0.13 | |
| adam_kennedy | crypt-dsa | 0.14 | |
| adam_kennedy | crypt-dsa | 0.15_01 | |
| adam_kennedy | crypt-dsa | 1.16 | |
| perl | perl | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6291000-01BD-4677-A83E-5AD03CA19ED8",
"versionEndIncluding": "1.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.01:*:*:*:*:*:*:*",
"matchCriteriaId": "380B4E21-01EE-4AA7-8C3C-8FF9109AC13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.02:*:*:*:*:*:*:*",
"matchCriteriaId": "64C17BCB-BEFB-463B-9E19-E534739B6143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.03:*:*:*:*:*:*:*",
"matchCriteriaId": "C26BED95-412E-479F-8876-DEB487954F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B8FD92-1C81-4115-82AA-07340ED8788F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC2BBA6-1432-42A0-B8B3-6D79C2881543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5A7EE54C-6B92-48AC-A512-DF3F410034F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D6EE4E97-1BCC-482C-9977-DC57B7E19A59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4D590C83-D144-413B-811C-11E9D19BC0AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.15_01:*:*:*:*:*:*:*",
"matchCriteriaId": "C14C8C9F-BF85-4921-B017-2E3E63AC1FD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "066E1B1A-589B-47E2-AD79-BD24FEF94DBD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB490BCA-8592-4324-BCE3-396BFD647D5E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack."
},
{
"lang": "es",
"value": "El m\u00f3dulo Crypt::DSA (tambi\u00e9n conocido como Crypt-DSA) v1.17 y anterior para Perl, cuando /dev/random est\u00e1 ausente, usa el m\u00f3dulo Data::Random, lo que hace m\u00e1s f\u00e1cil para atacantes remotos falsificar la firma, o determinar una clave de firma en un mensaje firmado, a trav\u00e9s de un ataque de fuerza bruta."
}
],
"id": "CVE-2011-3599",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-10T10:55:06.863",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/76025"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46275"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/9"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/49928"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743567"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=71421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/76025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=71421"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-19 17:30
Modified
2025-04-09 00:30
Severity ?
Summary
Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://secunia.com/advisories/36386 | Vendor Advisory | |
| secalert@redhat.com | http://secunia.com/advisories/36415 | ||
| secalert@redhat.com | http://security.gentoo.org/glsa/glsa-200908-07.xml | ||
| secalert@redhat.com | http://www.securityfocus.com/bid/36082 | Patch | |
| secalert@redhat.com | https://bugs.gentoo.org/show_bug.cgi?id=281955 | ||
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=518278 | ||
| secalert@redhat.com | https://exchange.xforce.ibmcloud.com/vulnerabilities/52628 | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00982.html | ||
| secalert@redhat.com | https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00999.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36386 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://secunia.com/advisories/36415 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://security.gentoo.org/glsa/glsa-200908-07.xml | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/36082 | Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.gentoo.org/show_bug.cgi?id=281955 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=518278 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://exchange.xforce.ibmcloud.com/vulnerabilities/52628 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00982.html | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00999.html |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bzip | compress-raw-bzip2 | * | |
| bzip | compress-raw-bzip2 | 2.0.00_10 | |
| bzip | compress-raw-bzip2 | 2.0.00_12 | |
| bzip | compress-raw-bzip2 | 2.0.00_14 | |
| bzip | compress-raw-bzip2 | 2.0.01 | |
| bzip | compress-raw-bzip2 | 2.0.02 | |
| bzip | compress-raw-bzip2 | 2.0.03 | |
| bzip | compress-raw-bzip2 | 2.0.05 | |
| bzip | compress-raw-bzip2 | 2.0.06 | |
| bzip | compress-raw-bzip2 | 2.0.08 | |
| bzip | compress-raw-bzip2 | 2.0.09 | |
| bzip | compress-raw-bzip2 | 2.010 | |
| bzip | compress-raw-bzip2 | 2.011 | |
| bzip | compress-raw-bzip2 | 2.012 | |
| bzip | compress-raw-bzip2 | 2.014 | |
| bzip | compress-raw-bzip2 | 2.015 | |
| perl | perl | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C58C65A-621E-4EF4-ACD2-2B26ED08EA48",
"versionEndIncluding": "2.017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.00_10:*:*:*:*:*:*:*",
"matchCriteriaId": "60FA80AE-D536-4323-9628-514C262DA129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.00_12:*:*:*:*:*:*:*",
"matchCriteriaId": "B324E22C-0273-42C5-BF76-4C54AF6578A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.00_14:*:*:*:*:*:*:*",
"matchCriteriaId": "CD46A223-9CB9-48A4-B52D-8621B87AAAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.01:*:*:*:*:*:*:*",
"matchCriteriaId": "B51D3C0F-0537-4240-841B-70B21DBD4C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.02:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5A547D-5E85-4257-A71D-63078C5FF30A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.03:*:*:*:*:*:*:*",
"matchCriteriaId": "86CB8226-B0EC-4CB9-9678-6B127679A31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.05:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2C6E05-1CD8-4450-A101-3C2270A64B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.06:*:*:*:*:*:*:*",
"matchCriteriaId": "D38E1A94-AA44-48AE-84A4-5C64451DFE96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.08:*:*:*:*:*:*:*",
"matchCriteriaId": "79442C31-96B2-4CEA-9AEB-DB7F332E938C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.09:*:*:*:*:*:*:*",
"matchCriteriaId": "802DF28F-724C-49E8-920E-E6CBA8E296DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.010:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C1D31B-123E-4294-81B6-46E4241C16DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.011:*:*:*:*:*:*:*",
"matchCriteriaId": "A3F7EC80-16B6-4754-A8BE-28782D2FDC86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.012:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA78C9F-1925-4435-BFBD-129836C12238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.014:*:*:*:*:*:*:*",
"matchCriteriaId": "8E299424-8560-4DCF-BDC1-8F88F0E7E8DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.015:*:*:*:*:*:*:*",
"matchCriteriaId": "3026DDC6-DDCF-4244-A657-B45FAA6E4942",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB490BCA-8592-4324-BCE3-396BFD647D5E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391."
},
{
"lang": "es",
"value": "Error de superaci\u00f3n de l\u00edmite (Off-by-one) en la funci\u00f3n bzinflate en Bzip2.xs en el m\u00f3dulo Compress-Raw-Bzip2 anterior a v2.018 para Perl permite a atacantes dependientes de contexto producir una denegaci\u00f3n de servicio (cuelgue de aplicaci\u00f3n o ca\u00edda) a trav\u00e9s de un stream comprimido de bzip2 que inicia un desbordamiento de b\u00fafer, una situaci\u00f3n parecida a CVE-2009-1391."
}
],
"id": "CVE-2009-1884",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-19T17:30:00.953",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36386"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/36415"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200908-07.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36082"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=281955"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=518278"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52628"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00982.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00999.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200908-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=281955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=518278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00982.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00999.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-18 14:15
Modified
2025-03-27 14:42
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2024:2228 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2024:3128 | Third Party Advisory | |
| secalert@redhat.com | https://access.redhat.com/security/cve/CVE-2023-47038 | Third Party Advisory, Broken Link | |
| secalert@redhat.com | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 | Mailing List, Patch | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=2249523 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2024:2228 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2024:3128 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/security/cve/CVE-2023-47038 | Third Party Advisory, Broken Link | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 | Mailing List, Patch | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=2249523 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | * | |
| fedoraproject | fedora | 39 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 | |
| redhat | enterprise_linux_aus | 9.4 | |
| redhat | enterprise_linux_eus | 9.4 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B51B53EA-B6C9-4B23-AEE4-F365D857C625",
"versionEndIncluding": "5.38.0",
"versionStartIncluding": "5.30.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*",
"matchCriteriaId": "B8EDB836-4E6A-4B71-B9B2-AA3E03E0F646",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_aus:9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "971CFA68-0667-40A0-81B0-51345AF8C1D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B03506D7-0FCD-47B7-90F6-DDEEB5C5A733",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Perl. Este problema ocurre cuando Perl compila una expresi\u00f3n regular manipulada, lo que puede permitir que un atacante controle el desbordamiento de b\u00fafer de bytes en un b\u00fafer asignado en el almacenamiento din\u00e1mico."
}
],
"id": "CVE-2023-47038",
"lastModified": "2025-03-27T14:42:34.873",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-18T14:15:08.933",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2228"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3128"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-47038"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Broken Link"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-47038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}