CPANSA-perl-2015-8608: perl vulnerability
| Publisher |
giterlizzi |
Document category |
csaf_security_advisory |
| Initial release date |
2017-02-07T00:00:00 |
Engine |
CSAF Perl Toolkit 0.26 |
| Current release date |
2017-02-07T00:00:00 |
Build Date |
|
| Current version |
1 |
Status |
final |
| CVSS v3.1 Base Score |
9.8
|
Severity |
Critical
|
| Original language |
|
Language |
en |
| Also referred to |
|
Vulnerability Description
The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.
Vulnerabilities
CVE-2015-8608
Vulnerability DescriptionThe VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.
| Weakness |
CWE-125 : Out-of-bounds Read
|
Product status
Known affected
| Product |
Score |
| perl greater than or equal 5.005 and less than 5.22.2 |
|
| perl greater than or equal 5.23.0 and less than 5.23.7 |
|
Fixed
- perl greater than or equal 5.22.2
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
Revision history
| Version |
Date of the revision |
Summary of the revision |
| 1 |
Tue Feb 7 00:00:00 2017 |
First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/