CPANSA-perl-2010-4777: perl vulnerability
| Publisher | giterlizzi | Document category | csaf_security_advisory |
|---|---|---|---|
| Initial release date | 2014-02-10T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
| Current release date | 2014-02-10T00:00:00 | Build Date | |
| Current version | 1 | Status | final |
| CVSS v3.1 Base Score | Severity | ||
| Original language | Language | en | |
| Also referred to | |||
Vulnerability Description
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.
Vulnerabilities
CVE-2010-4777
Vulnerability DescriptionThe Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.
| Weakness | CWE-20 : Improper Input Validation |
|---|
Product status
Known affected
| Product | Score | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| perl less than or equal 5.14.0 |
|
Fixed
- perl greater than 5.14.0
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-perl-2010-4777 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2014/cpansa-perl-2010-4777.json - http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html external
http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html - https://bugzilla.redhat.com/show_bug.cgi?id=694166 external
https://bugzilla.redhat.com/show_bug.cgi?id=694166 - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836 external
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836 - https://rt.perl.org/Public/Bug/Display.html?id=76538 external
https://rt.perl.org/Public/Bug/Display.html?id=76538 - https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html external
https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html - http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html external
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html - http://forums.ocsinventory-ng.org/viewtopic.php?id=7215 external
http://forums.ocsinventory-ng.org/viewtopic.php?id=7215 - CVE-2010-4777 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2010-4777
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1 | Mon Feb 10 00:00:00 2014 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/