CPANSA-perl-2012-5195: perl vulnerability
| Publisher | giterlizzi | Document category | csaf_security_advisory |
|---|---|---|---|
| Initial release date | 2012-12-18T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
| Current release date | 2012-12-18T00:00:00 | Build Date | |
| Current version | 1 | Status | final |
| CVSS v3.1 Base Score | Severity | ||
| Original language | Language | en | |
| Also referred to | |||
Vulnerability Description
Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.
Vulnerabilities
CVE-2012-5195
Vulnerability DescriptionHeap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.
| Weakness | CWE-119 : Improper Restriction of Operations within the Bounds of a Memory Buffer |
|---|
Product status
Known affected
| Product | Score | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| perl less than 5.16.0 |
|
Fixed
- perl greater than or equal 5.16.0
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-perl-2012-5195 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2012/cpansa-perl-2012-5195.json - http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44 external
http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44 - http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html external
http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html - http://www.securityfocus.com/bid/56287 external
http://www.securityfocus.com/bid/56287 - http://www.openwall.com/lists/oss-security/2012/10/27/1 external
http://www.openwall.com/lists/oss-security/2012/10/27/1 - http://secunia.com/advisories/51457 external
http://secunia.com/advisories/51457 - http://www.openwall.com/lists/oss-security/2012/10/26/2 external
http://www.openwall.com/lists/oss-security/2012/10/26/2 - http://www.ubuntu.com/usn/USN-1643-1 external
http://www.ubuntu.com/usn/USN-1643-1 - http://www.debian.org/security/2012/dsa-2586 external
http://www.debian.org/security/2012/dsa-2586 - http://rhn.redhat.com/errata/RHSA-2013-0685.html external
http://rhn.redhat.com/errata/RHSA-2013-0685.html - http://secunia.com/advisories/55314 external
http://secunia.com/advisories/55314 - http://www.mandriva.com/security/advisories?name=MDVSA-2013:113 external
http://www.mandriva.com/security/advisories?name=MDVSA-2013:113 - https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352 external
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352 - http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html external
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html - http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 external
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735 - http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 external
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 - http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673 external
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673 - CVE-2012-5195 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2012-5195
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1 | Tue Dec 18 00:00:00 2012 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/