CPANSA-perl-2007-5116: perl vulnerability

Publisher	giterlizzi	Document category	csaf_security_advisory
Initial release date	2007-11-07T00:00:00	Engine	CSAF Perl Toolkit 0.25
Current release date	2007-11-07T00:00:00	Build Date
Current version	1	Status	final
CVSS v3.1 Base Score		Severity
Original language		Language	en
Also referred to

Vulnerability Description

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.

Vulnerabilities

CVE-2007-5116

Vulnerability Description

Weakness	CWE-119 : Improper Restriction of Operations within the Bounds of a Memory Buffer

Product status

Known affected

Product

Score

perl less than or equal 5.8.8

CVSS Version	CVSS Vector	CVSS Base Score	CVSS Base Severity
2.0	AV:N/AC:L/Au:N/C:P/I:P/A:P	7.5	High

giterlizzi

Namespace: https://github.com/giterlizzi/

gdt@cpan.org

References

CPANSA-perl-2007-5116 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2007/cpansa-perl-2007-5116.json
https://bugzilla.redhat.com/show_bug.cgi?id=323571 external
https://bugzilla.redhat.com/show_bug.cgi?id=323571
http://www.mandriva.com/security/advisories?name=MDKSA-2007:207 external
http://www.mandriva.com/security/advisories?name=MDKSA-2007:207
http://www.redhat.com/support/errata/RHSA-2007-0966.html external
http://www.redhat.com/support/errata/RHSA-2007-0966.html
http://www.redhat.com/support/errata/RHSA-2007-1011.html external
http://www.redhat.com/support/errata/RHSA-2007-1011.html
http://www.securityfocus.com/bid/26350 external
http://www.securityfocus.com/bid/26350
http://secunia.com/advisories/27531 external
http://secunia.com/advisories/27531
http://secunia.com/advisories/27546 external
http://secunia.com/advisories/27546
https://bugzilla.redhat.com/show_bug.cgi?id=378131 external
https://bugzilla.redhat.com/show_bug.cgi?id=378131
https://issues.rpath.com/browse/RPL-1813 external
https://issues.rpath.com/browse/RPL-1813
http://www.debian.org/security/2007/dsa-1400 external
http://www.debian.org/security/2007/dsa-1400
http://www.gentoo.org/security/en/glsa/glsa-200711-28.xml external
http://www.gentoo.org/security/en/glsa/glsa-200711-28.xml
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.023.html external
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.023.html
http://www.novell.com/linux/security/advisories/2007_24_sr.html external
http://www.novell.com/linux/security/advisories/2007_24_sr.html
http://www.ubuntu.com/usn/usn-552-1 external
http://www.ubuntu.com/usn/usn-552-1
http://securitytracker.com/id?1018899 external
http://securitytracker.com/id?1018899
http://secunia.com/advisories/27479 external
http://secunia.com/advisories/27479
http://secunia.com/advisories/27515 external
http://secunia.com/advisories/27515
http://secunia.com/advisories/27548 external
http://secunia.com/advisories/27548
http://secunia.com/advisories/27613 external
http://secunia.com/advisories/27613
http://secunia.com/advisories/27570 external
http://secunia.com/advisories/27570
http://secunia.com/advisories/27936 external
http://secunia.com/advisories/27936
http://docs.info.apple.com/article.html?artnum=307179 external
http://docs.info.apple.com/article.html?artnum=307179
ftp://aix.software.ibm.com/aix/efixes/security/README external
ftp://aix.software.ibm.com/aix/efixes/security/README
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10220 external
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10220
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10244 external
http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10244
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html external
http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html
http://www.us-cert.gov/cas/techalerts/TA07-352A.html external
http://www.us-cert.gov/cas/techalerts/TA07-352A.html
http://secunia.com/advisories/28167 external
http://secunia.com/advisories/28167
http://lists.vmware.com/pipermail/security-announce/2008/000002.html external
http://lists.vmware.com/pipermail/security-announce/2008/000002.html
http://support.avaya.com/elmodocs2/security/ASA-2008-014.htm external
http://support.avaya.com/elmodocs2/security/ASA-2008-014.htm
http://secunia.com/advisories/28368 external
http://secunia.com/advisories/28368
http://secunia.com/advisories/28387 external
http://secunia.com/advisories/28387
http://secunia.com/advisories/27756 external
http://secunia.com/advisories/27756
http://www.vmware.com/security/advisories/VMSA-2008-0001.html external
http://www.vmware.com/security/advisories/VMSA-2008-0001.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-31524-1 external
http://sunsolve.sun.com/search/document.do?assetkey=1-26-31524-1
http://secunia.com/advisories/28993 external
http://secunia.com/advisories/28993
http://secunia.com/advisories/29074 external
http://secunia.com/advisories/29074
http://sunsolve.sun.com/search/document.do?assetkey=1-66-231524-1 external
http://sunsolve.sun.com/search/document.do?assetkey=1-66-231524-1
http://secunia.com/advisories/31208 external
http://secunia.com/advisories/31208
http://www.ipcop.org/index.php?name=News&file=article&sid=41 external
http://www.ipcop.org/index.php?name=News&file=article&sid=41
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018985.1-1 external
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018985.1-1
http://www.vupen.com/english/advisories/2007/4238 external
http://www.vupen.com/english/advisories/2007/4238
http://www.vupen.com/english/advisories/2008/0064 external
http://www.vupen.com/english/advisories/2008/0064
http://www.vupen.com/english/advisories/2008/0641 external
http://www.vupen.com/english/advisories/2008/0641
http://www.vupen.com/english/advisories/2007/3724 external
http://www.vupen.com/english/advisories/2007/3724
http://www.vupen.com/english/advisories/2007/4255 external
http://www.vupen.com/english/advisories/2007/4255
http://marc.info/?l=bugtraq&m=120352263023774&w=2 external
http://marc.info/?l=bugtraq&m=120352263023774&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/38270 external
https://exchange.xforce.ibmcloud.com/vulnerabilities/38270
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10669 external
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10669
http://www.securityfocus.com/archive/1/486859/100/0/threaded external
http://www.securityfocus.com/archive/1/486859/100/0/threaded
http://www.securityfocus.com/archive/1/485936/100/0/threaded external
http://www.securityfocus.com/archive/1/485936/100/0/threaded
http://www.securityfocus.com/archive/1/483584/100/0/threaded external
http://www.securityfocus.com/archive/1/483584/100/0/threaded
http://www.securityfocus.com/archive/1/483563/100/0/threaded external
http://www.securityfocus.com/archive/1/483563/100/0/threaded
CVE-2007-5116 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2007-5116

Revision history

Version	Date of the revision	Summary of the revision
1	Wed Nov 7 00:00:00 2007	First release

Sharing rules

TLP:WHITE
For the TLP version see: https://www.first.org/tlp/