CPANSA-perl-2015-8608: perl vulnerability
Publisher | giterlizzi | Document category | csaf_security_advisory |
---|---|---|---|
Initial release date | 2017-02-07T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
Current release date | 2017-02-07T00:00:00 | Build Date | |
Current version | 1 | Status | final |
CVSS v3.1 Base Score | 9.8 | Severity | Critical |
Original language | Language | en | |
Also referred to |
Vulnerability Description
The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.
Vulnerabilities
CVE-2015-8608
Vulnerability DescriptionThe VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.
Weakness | CWE-125 : Out-of-bounds Read |
---|
Product status
Known affected
Product | Score | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
perl less than 5.22.2 |
|
Fixed
- perl greater than or equal 5.22.2
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-perl-2015-8608 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2017/cpansa-perl-2015-8608.json - https://rt.perl.org/Public/Bug/Display.html?id=126755 external
https://rt.perl.org/Public/Bug/Display.html?id=126755 - https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html external
https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html external
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html - https://www.oracle.com/security-alerts/cpujul2020.html external
https://www.oracle.com/security-alerts/cpujul2020.html - CVE-2015-8608 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2015-8608
Revision history
Version | Date of the revision | Summary of the revision |
---|---|---|
1 | Tue Feb 7 00:00:00 2017 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/