CPANSA-perl-2005-3962: perl vulnerability
| Publisher | giterlizzi | Document category | csaf_security_advisory |
|---|---|---|---|
| Initial release date | 2005-12-01T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
| Current release date | 2005-12-01T00:00:00 | Build Date | |
| Current version | 1 | Status | final |
| CVSS v3.1 Base Score | Severity | ||
| Original language | Language | en | |
| Also referred to | |||
Vulnerability Description
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
Vulnerabilities
CVE-2005-3962
Vulnerability DescriptionInteger overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
| Weakness | CWE-189 : Numeric Errors |
|---|
Product status
Known affected
| Product | Score | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| perl less than 5.10.0 |
|
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-perl-2005-3962 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2005/cpansa-perl-2005-3962.json - http://www.dyadsecurity.com/perl-0002.html external
http://www.dyadsecurity.com/perl-0002.html - http://www.kb.cert.org/vuls/id/948385 external
http://www.kb.cert.org/vuls/id/948385 - http://www.securityfocus.com/bid/15629 external
http://www.securityfocus.com/bid/15629 - http://secunia.com/advisories/17802 external
http://secunia.com/advisories/17802 - http://secunia.com/advisories/17844 external
http://secunia.com/advisories/17844 - http://secunia.com/advisories/17762 external
http://secunia.com/advisories/17762 - http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html external
http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html - http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml external
http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml - http://www.trustix.org/errata/2005/0070 external
http://www.trustix.org/errata/2005/0070 - http://secunia.com/advisories/17941 external
http://secunia.com/advisories/17941 - http://secunia.com/advisories/17952 external
http://secunia.com/advisories/17952 - http://www.redhat.com/support/errata/RHSA-2005-880.html external
http://www.redhat.com/support/errata/RHSA-2005-880.html - http://www.novell.com/linux/security/advisories/2005_71_perl.html external
http://www.novell.com/linux/security/advisories/2005_71_perl.html - http://secunia.com/advisories/18183 external
http://secunia.com/advisories/18183 - http://secunia.com/advisories/18187 external
http://secunia.com/advisories/18187 - http://www.redhat.com/support/errata/RHSA-2005-881.html external
http://www.redhat.com/support/errata/RHSA-2005-881.html - http://secunia.com/advisories/18075 external
http://secunia.com/advisories/18075 - http://www.openbsd.org/errata37.html#perl external
http://www.openbsd.org/errata37.html#perl - http://secunia.com/advisories/18295 external
http://secunia.com/advisories/18295 - ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch external
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch - http://www.osvdb.org/21345 external
http://www.osvdb.org/21345 - http://www.osvdb.org/22255 external
http://www.osvdb.org/22255 - ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U external
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U - http://secunia.com/advisories/18517 external
http://secunia.com/advisories/18517 - http://secunia.com/advisories/17993 external
http://secunia.com/advisories/17993 - https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html external
https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html - http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1 external
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1 - http://secunia.com/advisories/19041 external
http://secunia.com/advisories/19041 - http://www.debian.org/security/2006/dsa-943 external
http://www.debian.org/security/2006/dsa-943 - http://secunia.com/advisories/18413 external
http://secunia.com/advisories/18413 - http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056 external
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056 - http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm external
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm - http://www.novell.com/linux/security/advisories/2005_29_sr.html external
http://www.novell.com/linux/security/advisories/2005_29_sr.html - http://secunia.com/advisories/20894 external
http://secunia.com/advisories/20894 - http://docs.info.apple.com/article.html?artnum=304829 external
http://docs.info.apple.com/article.html?artnum=304829 - http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html external
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html - http://www.us-cert.gov/cas/techalerts/TA06-333A.html external
http://www.us-cert.gov/cas/techalerts/TA06-333A.html - http://secunia.com/advisories/23155 external
http://secunia.com/advisories/23155 - http://www.mandriva.com/security/advisories?name=MDKSA-2005:225 external
http://www.mandriva.com/security/advisories?name=MDKSA-2005:225 - http://www.ipcop.org/index.php?name=News&file=article&sid=41 external
http://www.ipcop.org/index.php?name=News&file=article&sid=41 - http://secunia.com/advisories/31208 external
http://secunia.com/advisories/31208 - http://www.vupen.com/english/advisories/2006/2613 external
http://www.vupen.com/english/advisories/2006/2613 - http://www.vupen.com/english/advisories/2006/0771 external
http://www.vupen.com/english/advisories/2006/0771 - http://www.vupen.com/english/advisories/2006/4750 external
http://www.vupen.com/english/advisories/2006/4750 - ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch external
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch - http://www.vupen.com/english/advisories/2005/2688 external
http://www.vupen.com/english/advisories/2005/2688 - http://marc.info/?l=full-disclosure&m=113342788118630&w=2 external
http://marc.info/?l=full-disclosure&m=113342788118630&w=2 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074 external
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074 - https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598 external
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598 - https://usn.ubuntu.com/222-1/ external
https://usn.ubuntu.com/222-1/ - http://www.securityfocus.com/archive/1/438726/100/0/threaded external
http://www.securityfocus.com/archive/1/438726/100/0/threaded - http://www.securityfocus.com/archive/1/418333/100/0/threaded external
http://www.securityfocus.com/archive/1/418333/100/0/threaded - CVE-2005-3962 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2005-3962
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1 | Thu Dec 1 00:00:00 2005 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/