All the vulnerabilites related to perl - perl
Vulnerability from fkie_nvd
Published
2023-12-18 14:15
Modified
2024-11-21 08:29
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | 5.34.0 | |
| redhat | enterprise_linux | 8.0 | |
| redhat | enterprise_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.34.0:*:*:*:*:*:*:*",
"matchCriteriaId": "82B3613F-2A8D-4A56-B638-D1B99AE318F8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Perl. Este problema ocurre cuando Perl compila una expresi\u00f3n regular manipulada, lo que puede permitir que un atacante controle el desbordamiento de b\u00fafer de bytes en un b\u00fafer asignado en el almacenamiento din\u00e1mico."
}
],
"id": "CVE-2023-47038",
"lastModified": "2024-11-21T08:29:38.927",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.0,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.0,
"impactScore": 5.9,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-18T14:15:08.933",
"references": [
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:2228"
},
{
"source": "secalert@redhat.com",
"url": "https://access.redhat.com/errata/RHSA-2024:3128"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-47038"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:2228"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2024:3128"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-47038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-02 14:59
Modified
2024-11-21 02:55
Severity ?
Summary
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | * | |
| perl | perl | * | |
| fedoraproject | fedora | 22 | |
| fedoraproject | fedora | 23 | |
| fedoraproject | fedora | 24 | |
| debian | debian_linux | 8.0 | |
| oracle | solaris | 10 | |
| oracle | solaris | 11.3 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "53A440FA-0362-4663-9934-BE37A2008CCC",
"versionEndExcluding": "5.24.1",
"versionStartIncluding": "5.23.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7BF80D08-9B2A-4C22-B692-32A78571266A",
"versionEndExcluding": "5.25.3",
"versionStartIncluding": "5.25.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
"matchCriteriaId": "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
"matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory."
},
{
"lang": "es",
"value": "El m\u00e9todo XSLoader::load en XSLoader en Perl no localiza adecuadamente archivos .so cuando se le llama en una cadena eval, lo que podr\u00eda permitir a usuarios locales ejecutar c\u00f3digo arbitrario a trav\u00e9s de una librer\u00eda Troyano bajo el directorio de trabajo actual."
}
],
"id": "CVE-2016-6185",
"lastModified": "2024-11-21T02:55:37.710",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-02T14:59:02.943",
"references": [
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3628"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/07/1"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/08/5"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91685"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036260"
},
{
"source": "security@debian.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/"
},
{
"source": "security@debian.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/"
},
{
"source": "security@debian.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/"
},
{
"source": "security@debian.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=115808"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3625-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/07/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/08/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/91685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036260"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=115808"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3625-2/"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-04-30 20:30
Modified
2024-11-21 01:00
Severity ?
Summary
Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB490BCA-8592-4324-BCE3-396BFD647D5E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cmu:dbd\\:\\:pg:1.49:*:*:*:*:*:*:*",
"matchCriteriaId": "0B17A3CD-3BF4-41AE-B755-6C5FA6401DEE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en pila en el m\u00f3dulo DBD::Pg (alias DBD-Pg o libdbd-pg-perl) v1.49 para Perl podr\u00eda permitir a atacantes, dependiendo del contexto, ejecutar c\u00f3digo arbitrario a trav\u00e9s de una entrada sin especificar a una aplicaci\u00f3n que utiliza las funciones getline y pg_getline para leer filas de la base de datos."
}
],
"id": "CVE-2009-0663",
"lastModified": "2024-11-21T01:00:38.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-04-30T20:30:00.187",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/34909"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35058"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35685"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1780"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0479.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1067.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34755"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50467"
},
{
"source": "cve@mitre.org",
"url": "https://launchpad.net/bugs/cve/2009-0663"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/34909"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35685"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0479.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1067.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://launchpad.net/bugs/cve/2009-0663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9499"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-10-05 16:59
Modified
2024-11-21 02:46
Severity ?
Summary
Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dbd-mysql_project | dbd-mysql | * | |
| perl | perl | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dbd-mysql_project:dbd-mysql:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0475EE55-6499-48C9-9B0C-0E0A37C0E677",
"versionEndIncluding": "4.036",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB490BCA-8592-4324-BCE3-396BFD647D5E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en el m\u00f3dulo DBD::mysql en versiones anteriores a 4.037 para Perl permite a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de vectores relacionados con un mensaje de error."
}
],
"id": "CVE-2016-1246",
"lastModified": "2024-11-21T02:46:01.783",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-10-05T16:59:00.243",
"references": [
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3684"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93337"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2"
},
{
"source": "security@debian.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201701-51"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"Vendor Advisory"
],
"url": "http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3684"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/93337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201701-51"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-05 15:15
Modified
2024-11-21 05:00
Severity ?
Summary
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C171B203-3DAA-43B7-A0BE-DDB0895EB744",
"versionEndExcluding": "5.30.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ECD5E79-5C1B-42E9-BE0B-A034EE2D632D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C88D46AF-459D-4917-9403-0F63FEC83512",
"versionEndIncluding": "8.5.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0E3537-CB5A-40BF-B42C-CED9211B8892",
"versionEndIncluding": "16.4.0",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "996861FC-0089-4BED-8E46-F2B76037EA65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "37764AF5-E42E-461E-AA43-763D21B3DCE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "806AF4AF-12FB-4222-84E4-BC9D44EFF09F",
"versionEndIncluding": "13.4",
"versionStartIncluding": "13.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49ACFC73-A509-4D1C-8FC3-F68F495AB055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "977CA754-6CE0-4FCB-9683-D81B7A15449D",
"versionEndIncluding": "10.3.0.2.1",
"versionStartIncluding": "10.3.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29A3F7EF-2A69-427F-9F75-DDDBEE34BA2B",
"versionEndIncluding": "10.4.0.3.1",
"versionStartIncluding": "10.4.0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "495DECD7-B14F-4D59-B3E1-30BF9B267475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78C99571-0F3C-43E6-84B3-7D80E045EF8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77E39D5C-5EFA-4FEB-909E-0A92004F2563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06816711-7C49-47B9-A9D7-FB18CC3F42F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26F05F85-7458-4C8F-B93F-93C92E506A40",
"versionEndIncluding": "7.7.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls."
},
{
"lang": "es",
"value": "En el archivo regcomp.c en Perl versiones anteriores a 5.30.3, permite un desbordamiento del b\u00fafer por medio de una expresi\u00f3n regular dise\u00f1ada debido a llamadas recursivas de la funci\u00f3n S_study_chunk"
}
],
"id": "CVE-2020-12723",
"lastModified": "2024-11-21T05:00:08.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-05T15:15:10.800",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/issues/16947"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/issues/17743"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/issues/16947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/issues/17743"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
1999-12-31 05:00
Modified
2024-11-20 23:30
Severity ?
Summary
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "356EEFF0-DC56-4E12-B7B1-DB28784FF3B1",
"versionEndIncluding": "5.004_04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file."
}
],
"id": "CVE-1999-1386",
"lastModified": "2024-11-20T23:30:59.457",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "1999-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=88932165406213\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.iss.net/security_center/static/7243.php"
},
{
"source": "cve@mitre.org",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/rh50-errata-general.html#perl"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List"
],
"url": "http://marc.info/?l=bugtraq\u0026m=88932165406213\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.iss.net/security_center/static/7243.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
],
"url": "http://www.redhat.com/support/errata/rh50-errata-general.html#perl"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-07 15:59
Modified
2024-11-21 02:38
Severity ?
Summary
The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.22:*:*:*:*:*:*:*",
"matchCriteriaId": "B77AB85D-D07A-4B50-BA07-A8BD256964D0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument."
},
{
"lang": "es",
"value": "Las funciones VDir::MapPathA y VDir::MapPathW en Perl 5.22 permiten a atacantes remotos provocar una denegaci\u00f3n de servicio (lectura fuera de l\u00edmites) y posiblemente ejecutar c\u00f3digo arbitrario a trav\u00e9s de un argumento (1) letra de unidad o (2) pInName manipulados."
}
],
"id": "CVE-2015-8608",
"lastModified": "2024-11-21T02:38:48.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-07T15:59:00.177",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=126755"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=126755"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-19 18:29
Modified
2024-11-21 03:10
Severity ?
Summary
Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB276E2C-622C-45EB-8378-35751366049F",
"versionEndIncluding": "5.24.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71CAECA-2A6A-4604-863F-3C1C055FB1CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid \u0027\\N{U+...}\u0027 escape."
},
{
"lang": "es",
"value": "Un Desbordamiento de b\u00fafer en la funci\u00f3n S_grok_bslash_N en el archivo regcomp.c en Perl versi\u00f3n 5 anterior a 5.24.3-RC1 y versi\u00f3n 5.26.x anterior a 5.26.1-RC1, permite a los atacantes remotos divulgar informaci\u00f3n confidencial o causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) por medio de una expresi\u00f3n creada con un escape \u0027\\N{U+...}\u0027 inv\u00e1lido."
}
],
"id": "CVE-2017-12883",
"lastModified": "2024-11-21T03:10:22.327",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-19T18:29:00.197",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100852"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492093"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"source": "cve@mitre.org",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131598"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100852"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492093"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-29 00:15
Modified
2024-11-29 12:15
Severity ?
Summary
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:http\\:\\:tiny_project:http\\:\\:tiny:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E9427A16-49FA-4E66-9641-A9CC9CA57222",
"versionEndExcluding": "0.083",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00980675-EC82-443D-AFFE-B83E5239DAB9",
"versionEndExcluding": "5.38.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates."
}
],
"id": "CVE-2023-31486",
"lastModified": "2024-11-29T12:15:06.047",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-04-29T00:15:09.083",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/29/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/07/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/chansen/p5-http-tiny/pull/153"
},
{
"source": "cve@mitre.org",
"tags": [
"Product"
],
"url": "https://hackeriet.github.io/cpan-http-tiny-overview/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://www.openwall.com/lists/oss-security/2023/04/18/14"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2023/05/03/4"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking"
],
"url": "https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/29/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/07/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/chansen/p5-http-tiny/pull/153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product"
],
"url": "https://hackeriet.github.io/cpan-http-tiny-overview/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20241129-0011/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://www.openwall.com/lists/oss-security/2023/04/18/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://www.openwall.com/lists/oss-security/2023/05/03/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-07 21:29
Modified
2024-11-21 03:55
Severity ?
Summary
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| debian | debian_linux | 9.0 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 7.4 | |
| redhat | enterprise_linux | 7.5 | |
| redhat | enterprise_linux | 7.6 | |
| netapp | e-series_santricity_os_controller | * | |
| netapp | snap_creator_framework | - | |
| netapp | snapcenter | - | |
| netapp | snapdrive | - | |
| apple | mac_os_x | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0FEAD21-C9A0-40F3-8F2E-489750B07760",
"versionEndExcluding": "5.26.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "041F9200-4C01-4187-AE34-240E8277B54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB48767-F095-444F-9E05-D9AC345AB803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6FA12B-504C-4DBF-A32E-0548557AA2ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C82200F-A26E-4AD4-82FF-DC5601A28D52",
"versionEndIncluding": "11.40",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
"matchCriteriaId": "61D7EF01-F618-497F-9375-8003CEA3D380",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09CDBB72-2A0D-4321-BA1F-4FB326A5646A",
"versionEndExcluding": "10.14.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory."
},
{
"lang": "es",
"value": "Perl, en versiones anteriores a la 5.26.3, tiene una sobrelectura de b\u00fafer mediante una expresi\u00f3n regular manipulada que desencadena la divulgaci\u00f3n de informaci\u00f3n sensible de la memoria del proceso."
}
],
"id": "CVE-2018-18313",
"lastModified": "2024-11-21T03:55:41.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-07T21:29:00.717",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646738"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://rt.perl.org/Ticket/Display.html?id=133192"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3834-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646738"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://rt.perl.org/Ticket/Display.html?id=133192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3834-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-12-01 17:03
Modified
2024-11-21 00:03
Severity ?
Summary
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53F0358E-0722-48A6-A2C6-470229602089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF69341A-4D00-424E-AD0F-FA7515278770",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications."
}
],
"id": "CVE-2005-3962",
"lastModified": "2024-11-21T00:03:10.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-12-01T17:03:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch"
},
{
"source": "secalert@redhat.com",
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch"
},
{
"source": "secalert@redhat.com",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"source": "secalert@redhat.com",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=001056"
},
{
"source": "secalert@redhat.com",
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://marc.info/?l=full-disclosure\u0026m=113342788118630\u0026w=2"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17762"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17802"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17844"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17941"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17952"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17993"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18075"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18183"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18187"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18295"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18413"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18517"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19041"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20894"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23155"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31208"
},
{
"source": "secalert@redhat.com",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1"
},
{
"source": "secalert@redhat.com",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2006/dsa-943"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.dyadsecurity.com/perl-0002.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=41"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/948385"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:225"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_29_sr.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.novell.com/linux/security/advisories/2005_71_perl.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openbsd.org/errata37.html#perl"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/21345"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/22255"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-880.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-881.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/418333/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/438726/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/archive/1/438726/100/0/threaded"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/15629"
},
{
"source": "secalert@redhat.com",
"url": "http://www.trustix.org/errata/2005/0070"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2005/2688"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/0771"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2613"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074"
},
{
"source": "secalert@redhat.com",
"url": "https://usn.ubuntu.com/222-1/"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=001056"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=full-disclosure\u0026m=113342788118630\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17762"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17941"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17993"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18295"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18413"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19041"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/23155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-943"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.dyadsecurity.com/perl-0002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=41"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/948385"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_29_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_71_perl.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openbsd.org/errata37.html#perl"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/21345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22255"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-880.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-881.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/418333/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/438726/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/438726/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15629"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2005/0070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2006/2613"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/222-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-06-21 16:30
Modified
2024-11-21 01:13
Severity ?
Summary
The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| rafael_garcia-suarez | safe | 2.08 | |
| rafael_garcia-suarez | safe | 2.09 | |
| rafael_garcia-suarez | safe | 2.11 | |
| rafael_garcia-suarez | safe | 2.13 | |
| rafael_garcia-suarez | safe | 2.14 | |
| rafael_garcia-suarez | safe | 2.15 | |
| rafael_garcia-suarez | safe | 2.16 | |
| rafael_garcia-suarez | safe | 2.17 | |
| rafael_garcia-suarez | safe | 2.18 | |
| rafael_garcia-suarez | safe | 2.19 | |
| rafael_garcia-suarez | safe | 2.20 | |
| rafael_garcia-suarez | safe | 2.21 | |
| rafael_garcia-suarez | safe | 2.22 | |
| rafael_garcia-suarez | safe | 2.23 | |
| rafael_garcia-suarez | safe | 2.24 | |
| perl | perl | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.08:*:*:*:*:*:*:*",
"matchCriteriaId": "7746745C-8CD2-4D73-BC6E-F1DAF00B7E2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.09:*:*:*:*:*:*:*",
"matchCriteriaId": "4C790645-E23C-4F3B-951D-6BEC15D5B47A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "864B8E5A-497B-4C89-ABC4-2D0ECEE854D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D494C134-889D-4C56-A518-2EF02EBB1411",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F2C2720A-DF3D-4162-ACB5-66A3D09D5A52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "9DFFCE6E-E9BA-4913-9913-5A3623580871",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "E3A174CC-76C2-4228-A940-5E5C0F9536C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "F5B051FD-5421-4A12-80DB-AA257A4C0552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "B9EAA44E-54E7-432A-85EF-BAEE98FA4705",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "BA9D8473-B0F3-49D8-BB4B-80868B815D0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "EE3853FB-92DE-4FF5-AE31-451E0FF69358",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "CEB616A7-9CDA-4C19-B9B9-21EE88D0B50F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "CE932500-4916-40DD-832E-47A6DD052F03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "AF506158-4F67-4086-9A41-E6C43D922D44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:rafael_garcia-suarez:safe:2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "99A89508-2CB2-4373-9450-FCAF04A64A5F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB490BCA-8592-4324-BCE3-396BFD647D5E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to \"automagic methods.\""
},
{
"lang": "es",
"value": "El m\u00f3dulo Safe (Safe.pm) en versiones anteriores a la v2.25 de Perl permite a atacantes, dependiendo del contexto, evitar las restricciones de acceso previstas (1) Safe::reval y (2) Safe::rdo, e inyectar y ejecutar c\u00f3digo de su elecci\u00f3n, a trav\u00e9s de vectores de ataque que involucran m\u00e9todos llamados impl\u00edcitamente y objetos impl\u00edcitamente \"blessed\", como se ha demostrado por los m\u00e9todos (a) DESTROY y (b) AUTOLOAD. Relacionado con los \"automagic methods\"."
}
],
"id": "CVE-2010-1168",
"lastModified": "2024-11-21T01:13:47.370",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-06-21T16:30:01.133",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html"
},
{
"source": "secalert@redhat.com",
"url": "http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in"
},
{
"source": "secalert@redhat.com",
"url": "http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes"
},
{
"source": "secalert@redhat.com",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "secalert@redhat.com",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40049"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40052"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/42402"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1024062"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:115"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/05/20/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0457.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2010/3075"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=576508"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7424"
},
{
"source": "secalert@redhat.com",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40049"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/40052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/42402"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1024062"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/05/20/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0457.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2010/3075"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=576508"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9807"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-10-29 14:30
Modified
2024-11-21 01:07
Severity ?
Summary
Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D67E248-C0B8-4713-9D9A-47097885A2C7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match."
},
{
"lang": "es",
"value": "Perl v5.10.1 permite a atacantes dependientes de contexto producir una denegaci\u00f3n de servicio (caida de aplicaci\u00f3n) a trav\u00e9s de un car\u00e1cter UTF-8 con un codepoint largo invalido, lo que no es adecuadamente gestionado cuando se produce una coincidencia de expresiones regulares."
}
],
"id": "CVE-2009-3626",
"lastModified": "2024-11-21T01:07:50.300",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-10-29T14:30:01.170",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4"
},
{
"source": "secalert@redhat.com",
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973"
},
{
"source": "secalert@redhat.com",
"url": "http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37144"
},
{
"source": "secalert@redhat.com",
"url": "http://securitytracker.com/id?1023077"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2009/10/23/8"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/59283"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/36812"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3023"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53939"
},
{
"source": "secalert@redhat.com",
"url": "https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/37144"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1023077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/10/23/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/59283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/36812"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2009/3023"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53939"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of perl as shipped with Red Hat Enterprise Linux 3, 4, or 5.",
"lastModified": "2009-10-30T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-01-13 18:55
Modified
2024-11-21 01:29
Severity ?
Summary
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:*:*:*:*:*:*:*:*",
"matchCriteriaId": "23343380-F5F0-4DB9-B36D-9BD9A856DCDD",
"versionEndIncluding": "2.43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "DB0FAA45-165C-49B6-8FA3-45014E968CEA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "8EEAA1BA-E531-4119-8723-D46420636D79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "B14AD913-D028-4D04-A55E-4FD7DB11F76E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "3B36219E-A5FC-41ED-80AC-007E43E95B30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "C5D3B13C-7333-4FFE-9C20-645560B76F26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "B3D4DA4E-8B1B-49C6-A2C0-1FC800633282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "6337FDFD-262E-40D0-80D4-B8D3C9070718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "D27B48BF-A9AE-4AA5-897D-5D0F4705F361",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "5E90A39E-23A7-4387-B17C-3EFAC440B9FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "0F228758-CA6D-4228-ACCF-D2483535E9E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "9761D4BA-4307-4EF7-9BB9-F5576806FDDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "6DC64031-55DA-4B54-ABCD-EBD80A1A0040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "FB2EDB2F-775B-4CBD-9F14-7DC9E6FE1289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.25:*:*:*:*:*:*:*",
"matchCriteriaId": "7015226C-63CC-4F17-ADA4-7F7DD6DF47EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.26:*:*:*:*:*:*:*",
"matchCriteriaId": "EF91D347-7305-4FBA-8334-A34BF6E1EBFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.28:*:*:*:*:*:*:*",
"matchCriteriaId": "97EE437D-ADCD-4AD4-846A-0C5B8D2664F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.30:*:*:*:*:*:*:*",
"matchCriteriaId": "905DAED7-33EE-4EEF-99A3-81BA9F3E3124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.31:*:*:*:*:*:*:*",
"matchCriteriaId": "BC222DEE-AE58-411B-8EAC-57234FF70BBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.32:*:*:*:*:*:*:*",
"matchCriteriaId": "49931341-5E98-4295-A6A7-0BC1B6F9ADE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.33:*:*:*:*:*:*:*",
"matchCriteriaId": "F3095E4F-6BA2-4F87-BABC-4D6340294575",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.34:*:*:*:*:*:*:*",
"matchCriteriaId": "FCFDA3D7-0E68-4319-8DBA-467C32C4128E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "E52CBCA7-F8CC-461A-936F-AB2498D88FE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.41:*:*:*:*:*:*:*",
"matchCriteriaId": "1EE81428-9030-417D-A557-A2B6F7061372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.42:*:*:*:*:*:*:*",
"matchCriteriaId": "7E60DB35-48DD-4660-8BB5-A307193688DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.50:*:*:*:*:*:*:*",
"matchCriteriaId": "B5D2BEEC-F6A0-411E-A524-7BF0A6CF26E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.51:*:*:*:*:*:*:*",
"matchCriteriaId": "EBC200E4-4EA8-4891-9540-3D6D7B62D497",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.52:*:*:*:*:*:*:*",
"matchCriteriaId": "9E90392A-ED00-48C4-B091-A5A5438A2D2F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.53:*:*:*:*:*:*:*",
"matchCriteriaId": "BBF8384C-283F-4B18-9E39-579397F3E418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.54:*:*:*:*:*:*:*",
"matchCriteriaId": "0185F681-2BA2-4DCF-B737-5A5065D32D76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.55:*:*:*:*:*:*:*",
"matchCriteriaId": "C0A8712D-8C6A-498A-8F35-79CD0642137F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.56:*:*:*:*:*:*:*",
"matchCriteriaId": "6EA599B4-E7F0-421C-BF64-F74E827D27C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.57:*:*:*:*:*:*:*",
"matchCriteriaId": "5BA4200C-0355-429A-82F8-4BC90091D9C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.58:*:*:*:*:*:*:*",
"matchCriteriaId": "BB647828-E946-4627-98F5-01218FAE65D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.59:*:*:*:*:*:*:*",
"matchCriteriaId": "9B540908-5419-4F32-B252-E62A67403452",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.60:*:*:*:*:*:*:*",
"matchCriteriaId": "50836D06-5FC5-4E71-AFA7-2487A5E841F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.61:*:*:*:*:*:*:*",
"matchCriteriaId": "DD5F10EC-70A9-4D5D-97D6-66D2A3F2BA5E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.62:*:*:*:*:*:*:*",
"matchCriteriaId": "E03B165C-421F-4B94-8B02-D2582FF780F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.63:*:*:*:*:*:*:*",
"matchCriteriaId": "59F862D3-A61D-4CA1-8FAF-4A6368C515C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.64:*:*:*:*:*:*:*",
"matchCriteriaId": "4D88707B-2345-42F2-B906-EED96926E14E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.65:*:*:*:*:*:*:*",
"matchCriteriaId": "F5449D0E-E7AB-4DE0-A657-2285046F84BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.66:*:*:*:*:*:*:*",
"matchCriteriaId": "AEBFF477-F35D-4AE0-BCD3-E50C66502E71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.67:*:*:*:*:*:*:*",
"matchCriteriaId": "31D8A6EB-1A14-456C-BDB3-47EA202980D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.68:*:*:*:*:*:*:*",
"matchCriteriaId": "22EB2CE5-88D7-41B2-948C-B7A4D37DEDA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.69:*:*:*:*:*:*:*",
"matchCriteriaId": "27E8C6E6-DDD2-483B-8CA9-5FA10E10B08A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.70:*:*:*:*:*:*:*",
"matchCriteriaId": "95D6FD71-53C6-4AAF-9F97-D42E80C6F69B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.71:*:*:*:*:*:*:*",
"matchCriteriaId": "431FF64D-03C1-4E66-B5C0-DD373778B08D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.72:*:*:*:*:*:*:*",
"matchCriteriaId": "59B57F16-18AF-40F1-BFCB-FC3E7200FD25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.73:*:*:*:*:*:*:*",
"matchCriteriaId": "37CF6920-9E2E-4A4C-A271-47CD1075EB9C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.74:*:*:*:*:*:*:*",
"matchCriteriaId": "47618894-4544-4F22-8005-2C2F58793AA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.75:*:*:*:*:*:*:*",
"matchCriteriaId": "5C73DA11-31A0-416F-9853-59C82F72D822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.76:*:*:*:*:*:*:*",
"matchCriteriaId": "4C04B436-B71D-467D-95A9-254C59E5FAC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.77:*:*:*:*:*:*:*",
"matchCriteriaId": "FDC5667E-D4AA-4645-BCC7-C148F60EEF55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.78:*:*:*:*:*:*:*",
"matchCriteriaId": "CA110759-1728-4BCD-93CA-052037CF1599",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.79:*:*:*:*:*:*:*",
"matchCriteriaId": "25438F7D-A683-47D5-AB8C-16B1FC266383",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.80:*:*:*:*:*:*:*",
"matchCriteriaId": "962B545B-A962-4143-A24A-7FC066B390E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.81:*:*:*:*:*:*:*",
"matchCriteriaId": "238741B3-A4A5-4A19-9573-74D5DF7FF40B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.82:*:*:*:*:*:*:*",
"matchCriteriaId": "7016CC69-8034-413A-BD79-14047B0C3847",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.83:*:*:*:*:*:*:*",
"matchCriteriaId": "108CCE2F-50A0-406B-B082-536556EC5D9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.84:*:*:*:*:*:*:*",
"matchCriteriaId": "FB3A78B9-B1BC-4EFA-BA05-4D671F4C308A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.85:*:*:*:*:*:*:*",
"matchCriteriaId": "7143F1DC-20A2-42E1-9132-B5C3097BC41B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.86:*:*:*:*:*:*:*",
"matchCriteriaId": "3F558DE5-F39C-47E0-A369-CC515DCB2678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.87:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D58BC3-9DFA-4EE4-86C0-49068246C04B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.88:*:*:*:*:*:*:*",
"matchCriteriaId": "F3515296-AC71-4EC8-A59B-209078314757",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.89:*:*:*:*:*:*:*",
"matchCriteriaId": "49927F8D-D387-4742-B0CA-F9101497DAAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.90:*:*:*:*:*:*:*",
"matchCriteriaId": "C6AF0CAA-C03A-449A-8E75-F12E8721A964",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.91:*:*:*:*:*:*:*",
"matchCriteriaId": "5E144DD8-EB87-4D42-AE6E-1CEDE2614332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.92:*:*:*:*:*:*:*",
"matchCriteriaId": "EF5B388A-D7D1-4371-9A08-E792EC918C7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.93:*:*:*:*:*:*:*",
"matchCriteriaId": "C81AD6D9-80A3-4218-B3FD-8B3ED48F44E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.94:*:*:*:*:*:*:*",
"matchCriteriaId": "983E0EE0-DA5C-447D-B6E2-2D165C74C0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.95:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F86D10-83C4-488C-9380-D4A7C056879E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.96:*:*:*:*:*:*:*",
"matchCriteriaId": "BADA05F7-DA93-40F3-A281-890002D8BA4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.97:*:*:*:*:*:*:*",
"matchCriteriaId": "CD150F64-462B-420C-BC88-B8BF30C2B296",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.98:*:*:*:*:*:*:*",
"matchCriteriaId": "133C7F0C-E3C2-4733-8004-05714DC643B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:1.99:*:*:*:*:*:*:*",
"matchCriteriaId": "963C689B-72F8-4310-BDAD-1860560EB726",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE081501-0933-4C1D-88F2-182134E03EB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "B2405CC1-9009-4E00-88D5-4CC24F5BFBDC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "39B2262D-01E7-4748-A567-5BF66EF90526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "04866020-8327-4F5F-907E-ED404A5B91C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.04:*:*:*:*:*:*:*",
"matchCriteriaId": "15F5F4A0-3B46-4E05-AE11-3953E1A83332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.05:*:*:*:*:*:*:*",
"matchCriteriaId": "8B40204C-F16F-4108-A065-C7F1FE5FE598",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.06:*:*:*:*:*:*:*",
"matchCriteriaId": "499AFE0E-6B9C-44CE-BDC1-9445A5F46D96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.07:*:*:*:*:*:*:*",
"matchCriteriaId": "4B23AD9C-F4FB-40EB-829D-4DD8869EB9CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.08:*:*:*:*:*:*:*",
"matchCriteriaId": "D2956E57-2FC9-4B01-83CD-B793136D4658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.09:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BFB614-13DC-48AD-A9B2-18785AD91FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "AB086C28-A86B-4DA2-A03C-45729469B441",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "93659981-81CD-408C-A4BC-0E7EB9F6F056",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "A5AE4F9D-8302-469A-B564-B050581EEA1E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "AD1D845C-B499-42FD-A5F1-E39A215A56FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "98567153-1D89-44E1-9C19-B7EC9AB1A31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "9F16E666-8B84-4A7B-A71E-92AF341CC9F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "B009EBDA-D9C8-4B8A-99D1-EA51A2BE91C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "88AE4748-F054-4D9C-BCD4-89160237AB10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.18:*:*:*:*:*:*:*",
"matchCriteriaId": "A7030EEC-7426-44E1-900C-A4B381EFF4A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.19:*:*:*:*:*:*:*",
"matchCriteriaId": "0AC0EBF0-6804-424A-A131-23965F4874A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.20:*:*:*:*:*:*:*",
"matchCriteriaId": "AEDA775A-9AD8-4B1F-B6B6-F7B89AF3945C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.21:*:*:*:*:*:*:*",
"matchCriteriaId": "B1861342-EB74-44CD-BB51-78F2233E0F51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.22:*:*:*:*:*:*:*",
"matchCriteriaId": "22BB1E7B-AFEF-4BD6-9B5A-267326963595",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.23:*:*:*:*:*:*:*",
"matchCriteriaId": "F47C0CF2-2D3A-4309-82A5-87E733271B24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.24:*:*:*:*:*:*:*",
"matchCriteriaId": "8B4A90A7-6D67-4373-B220-7B9BFFFBA1FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.25:*:*:*:*:*:*:*",
"matchCriteriaId": "E1FCB23B-5B66-421B-8B10-DD05DAA344A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.26:*:*:*:*:*:*:*",
"matchCriteriaId": "95B47D61-F2AE-4A68-BF96-5E176D21EF4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.27:*:*:*:*:*:*:*",
"matchCriteriaId": "E1C8332F-1E58-44D0-B076-AC4340303EF3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.28:*:*:*:*:*:*:*",
"matchCriteriaId": "B057F456-189A-49F1-952D-0EFBC16D5A79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.29:*:*:*:*:*:*:*",
"matchCriteriaId": "FAC64DAE-208E-4FFD-BD03-43917CE4CC7D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.30:*:*:*:*:*:*:*",
"matchCriteriaId": "A48E88B4-0663-4C8E-A48B-FDA4087E24E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.31:*:*:*:*:*:*:*",
"matchCriteriaId": "81E890C2-2657-4BD6-B3AD-F9023D4AF08F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.32:*:*:*:*:*:*:*",
"matchCriteriaId": "E95C665C-B2E4-4129-A107-E6897969CF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2244E758-9D3F-4D0F-A2CA-023E62B49F4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.34:*:*:*:*:*:*:*",
"matchCriteriaId": "7C199B35-4F8F-4AA6-864E-81B2F0BF4DD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.35:*:*:*:*:*:*:*",
"matchCriteriaId": "1C5B8993-43F4-45D2-B7E9-AA6722EF555F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.36:*:*:*:*:*:*:*",
"matchCriteriaId": "B477187B-559C-4011-BF92-3A7F2AF8B301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.37:*:*:*:*:*:*:*",
"matchCriteriaId": "7D8C5D47-DC01-4202-B9FF-32024E329848",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.38:*:*:*:*:*:*:*",
"matchCriteriaId": "8AF82AC9-AE7B-4B65-A170-D085267E0EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.39:*:*:*:*:*:*:*",
"matchCriteriaId": "428762B2-E0BE-4804-BF28-F1292AC87FEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5F5682F2-5E0B-4D9E-BF7F-04D8C5EE12F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B2D4B6-BE40-45E3-9AE9-568E1DD3D1C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dan_kogai:encode_module:2.42:*:*:*:*:*:*:*",
"matchCriteriaId": "F148F0BF-49F1-4E5E-B92F-FEB83C1B0157",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE55A238-C38C-4C74-B2D4-D4A5EBBA32B2",
"versionEndIncluding": "5.14.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70CBBC87-F6F7-45AF-9B54-95402D03C75F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B34EA51-64A3-483A-AF99-01358F6BE8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E0DBA5-360F-463E-A840-365168A1FCC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA80F25-A108-4B65-BE25-56DE17B930EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ECB2B6E2-890E-4B6E-833F-DF40E6D77E22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53F0358E-0722-48A6-A2C6-470229602089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8DFDF97-EF44-448F-A5CA-021B2D64605F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E98D2706-99B7-4153-925B-77A8CECD7CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B10AD15E-6275-48AB-8757-FB5A735C82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7B358BF3-55AC-477E-A4B5-3960C449C011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF69341A-4D00-424E-AD0F-FA7515278770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "777EC860-FB16-4B15-A8BE-3EAE9FD8A99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B84C088-F29F-4498-A390-187505361962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17E86767-47EB-4A39-B8E1-A4B9AB4BC20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DB77E3D6-9F24-4C51-86E4-CD014DF0F66E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D67E248-C0B8-4713-9D9A-47097885A2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B32436EE-DA64-41AD-B967-26C6D4973FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CF46E50D-AE29-49FD-884B-488D9EB879D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77B23E85-8167-4B17-8D76-BD807067BB4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8355C16E-16D4-4A68-BFD3-125892E3FA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85FFA753-4B14-4B52-941F-C33D41451EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B99FD006-688D-43BB-901A-FB9192157947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD582A1-DCCF-4D54-8177-45E861A0C263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E5AF4FAA-A591-43FB-A9B1-FD47EF0AC622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC3F8EA-BE60-4EAB-A9B9-DB1368B5430C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "C0D13359-AC5F-40CB-B906-8E03526CE045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A5E92FB2-7C21-4F06-AE3F-562551A758AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D213529E-33EF-43D1-A673-3C94191427D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6539E09-4DC5-4C53-AFF1-70D06BBA9E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "52D8DF08-AE73-4529-B212-CA31F02A719E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "EA054FCE-FABC-4EB5-9759-F77C6F250B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5DDFC6-4EDF-452A-B561-C9115D91FB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1DBAB61-4BFB-4664-98CF-77C617F982A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8A7580C2-44DE-48E5-AC26-A221537C95D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54E04A5E-BE90-4A31-8C1D-09A91DD3E7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1A52ADD6-05DE-4A16-9745-D92CD5F46502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF99954-5B94-4092-83B9-7D17EEDB30A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38A25AC3-1C81-4234-8B7E-0D59EA1F103B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "93E670B7-6956-4A13-A2A8-F675C0B093FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "23F1C64E-1446-409D-9F53-1C03724A10E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93813F8D-F22F-43E3-B894-BEB7FA6204F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B280339A-1CED-4FBD-8B3C-A48B07FE9BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC85766E-3A59-4711-85C9-62AC01F2A87D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC9AA38-4A25-4825-9EDD-E93353A8B195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "388E8952-47B7-426E-AE35-0216FD60CC8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "105AB2DD-5E61-4369-8383-B7BF13B85444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2F4C5C-2B56-450A-813F-254019FBB854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "226424B4-7299-4E28-BBB1-0FCC9E2602E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C16C918C-A1C4-425B-9C0C-B239B3482A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5393E265-60C1-43A6-9EFE-505A115053DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD50D93-8395-4698-A12B-D9CAAB022BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.11:*:*:*:*:*:*:*",
"matchCriteriaId": "04EE04B4-71DD-4A87-BA2D-79954AEF5DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A968B30-8456-49C2-A9B0-6CF55CB3C7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "66BF9787-C734-43DA-B8BF-FF6D6F4E802A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D94BF151-572F-4C50-8E47-9B8BCDD16A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5114F054-E5AF-4905-83DD-459E1D56B5DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91B91435-67DA-49E1-A37F-7839728F17BC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Error \"Off-by-one\" en la funci\u00f3n decode_xs en Unicode/Unicode.xs en el m\u00f3dulo Encode anterior a v2.44, utilizado en Perl anterior a v5.15.6 , podr\u00eda permitir a atacantes dependientes de contexto causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de un cadena de Unicode especialmente creada, provocando un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap)."
}
],
"id": "CVE-2011-2939",
"lastModified": "2024-11-21T01:29:19.240",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-01-13T18:55:02.987",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5"
},
{
"source": "secalert@redhat.com",
"url": "http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_%28CVE-2011-2939%29"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/46172"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/46989"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/51457"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/55314"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:008"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/08/18/8"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/19/17"
},
{
"source": "secalert@redhat.com",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1424.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/49858"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=731246"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_%28CVE-2011-2939%29"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/46989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/51457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/55314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:008"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/08/18/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/19/17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2011-1424.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=731246"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2010-04-20 15:30
Modified
2024-11-21 01:13
Severity ?
Summary
Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70CBBC87-F6F7-45AF-9B54-95402D03C75F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B34EA51-64A3-483A-AF99-01358F6BE8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E0DBA5-360F-463E-A840-365168A1FCC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA80F25-A108-4B65-BE25-56DE17B930EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ECB2B6E2-890E-4B6E-833F-DF40E6D77E22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53F0358E-0722-48A6-A2C6-470229602089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8DFDF97-EF44-448F-A5CA-021B2D64605F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E98D2706-99B7-4153-925B-77A8CECD7CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B10AD15E-6275-48AB-8757-FB5A735C82D9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string."
},
{
"lang": "es",
"value": "Desbordamiento de entero en el motor de expresiones regulares de Perl v5.8.x permite a atacantes dependiendo del contexto provocar una denegaci\u00f3n de servicio (consumo de la pila y ca\u00edda de la aplicaci\u00f3n) cotejando una expresi\u00f3n regular modificada contra una cadena de texto extensa."
}
],
"id": "CVE-2010-1158",
"lastModified": "2024-11-21T01:13:46.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2010-04-20T15:30:00.427",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=313565"
},
{
"source": "secalert@redhat.com",
"url": "http://perldoc.perl.org/perl5100delta.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/55314"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/04/08/9"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2010/04/14/3"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=580605"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=313565"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://perldoc.perl.org/perl5100delta.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/55314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/04/08/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2010/04/14/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=580605"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vendorComments": [
{
"comment": "The Red Hat Security Response Team has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, or 5.",
"lastModified": "2010-04-22T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-04-08 15:59
Modified
2024-11-21 02:48
Severity ?
Summary
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| oracle | communications_billing_and_revenue_management | 7.5 | |
| oracle | configuration_manager | * | |
| oracle | configuration_manager | 12.1.2.0.6 | |
| oracle | database_server | 11.2.0.4 | |
| oracle | database_server | 12.1.0.2 | |
| oracle | database_server | 12.2.0.1 | |
| oracle | database_server | 18c | |
| oracle | database_server | 19c | |
| oracle | enterprise_manager_base_platform | 13.2.0.0.0 | |
| oracle | enterprise_manager_base_platform | 13.3.0.0.0 | |
| oracle | timesten_in-memory_database | * | |
| oracle | solaris | 11.3 | |
| opensuse | opensuse | 13.2 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 15.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DA7A9701-8475-4AD0-A669-0B61883E0081",
"versionEndExcluding": "5.23.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E6039DC7-08F2-4DD9-B5B5-B6B22DD2409F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:configuration_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4AF5D151-5CD2-4C36-939F-829FA976EA6E",
"versionEndExcluding": "12.1.2.0.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "655DB795-DD05-4A47-AE82-85EEF7AD1DFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "C1E11A25-C7CE-49DF-99CA-352FD21B8230",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4F3D40B7-925C-413D-AFF3-60BF330D5BC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5C614BA7-7103-4ED7-ADD0-56064FE256A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*",
"matchCriteriaId": "6833701E-5510-4180-9523-9CFD318DEE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*",
"matchCriteriaId": "B2204841-585F-40C7-A1D9-C34E612808CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDCE0E90-495E-4437-8529-3C36441FB69D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F06877B6-A08F-4305-874E-6CD691B88D12",
"versionEndExcluding": "18.1.2.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
"matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp."
},
{
"lang": "es",
"value": "Perl podr\u00eda permitir a atacantes dependientes de contexto eludir los mecanismos de protecci\u00f3n taint en un proceso hijo a trav\u00e9s de variables de entorno duplicadas en envp."
}
],
"id": "CVE-2016-2381",
"lastModified": "2024-11-21T02:48:21.167",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-04-08T15:59:05.183",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3501"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gossamer-threads.com/lists/perl/porters/326387"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/83802"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.gossamer-threads.com/lists/perl/porters/326387"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/83802"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-10-07 21:55
Modified
2024-11-21 01:32
Severity ?
Summary
ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:frii:proc\\:\\:processtable:0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "F99BC44D-5322-411E-9B58-77BCB68E0E8D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1F3CC502-19A6-4C80-B68F-71107CE9196C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS."
},
{
"lang": "es",
"value": "ProcessTable.pm en el m\u00f3dulo Proc::ProcessTable v0.45 para Perl, cuando el cach\u00e9 de informaci\u00f3n TTY est\u00e1 activado, permite a usuarios locales sobrescribir ficheros a trav\u00e9s de un ataque de enlaces simb\u00f3licos en /tmp/TTYDEVS."
}
],
"id": "CVE-2011-4363",
"lastModified": "2024-11-21T01:32:18.873",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-10-07T21:55:00.940",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/47015"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/11/30/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/11/30/3"
},
{
"source": "secalert@redhat.com",
"url": "http://www.osvdb.org/77428"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/50868"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4363"
},
{
"source": "secalert@redhat.com",
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=72862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/47015"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/11/30/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/11/30/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/77428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/50868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=72862"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-06-07 13:29
Modified
2024-11-21 03:44
Severity ?
Summary
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| canonical | ubuntu_linux | 18.04 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| perl | perl | * | |
| archive\ | \ | tar_project | |
| apple | mac_os_x | * | |
| netapp | data_ontap_edge | - | |
| netapp | oncommand_workflow_automation | - | |
| netapp | snap_creator_framework | - | |
| netapp | snapdrive | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA33F373-89C1-4FAD-9B80-7B2BD4388162",
"versionEndIncluding": "5.26.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:archive\\:\\:tar_project:archive\\:\\:tar:*:*:*:*:*:perl:*:*",
"matchCriteriaId": "52784FCD-EC91-4EF7-998B-E28F95B99B7D",
"versionEndIncluding": "2.28",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09CDBB72-2A0D-4321-BA1F-4FB326A5646A",
"versionEndExcluding": "10.14.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0C4B1E5-75BF-43AE-BBAC-0DD4124C71ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
"matchCriteriaId": "61D7EF01-F618-497F-9375-8003CEA3D380",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name."
},
{
"lang": "es",
"value": "En Perl hasta la versi\u00f3n 5.26.2, el m\u00f3dulo Archive::Tar permite que atacantes remotos omitan un mecanismo de protecci\u00f3n de salto de directorio y sobrescriban archivos arbitrarios mediante un archivo comprimido que contiene un symlink y un archivo normal con el mismo nombre."
}
],
"id": "CVE-2018-12015",
"lastModified": "2024-11-21T03:44:24.850",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-06-07T13:29:00.240",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104423"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041048"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2097"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180927-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3684-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3684-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4226"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/104423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2097"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20180927-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3684-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3684-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-06-23 19:41
Modified
2024-11-21 00:47
Severity ?
Summary
The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "777EC860-FB16-4B15-A8BE-3EAE9FD8A99D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452."
},
{
"lang": "es",
"value": "La funci\u00f3n rmtree en lib/File/Path.pm de Perl 5.10 no comprueba correctamente los permisos antes de realizar chmod, lo que permite a usuarios locales modificar los permisos de archivos de su elecci\u00f3n mediante un ataque de enlaces simb\u00f3licos, una vulnerabilidad distinta a CVE-2005-0448 y CVE-2004-0452."
}
],
"id": "CVE-2008-2827",
"lastModified": "2024-11-21T00:47:48.163",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-06-23T19:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://rt.cpan.org/Public/Bug/Display.html?id=36982"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30790"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30837"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31687"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:165"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29902"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020373"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43308"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://rt.cpan.org/Public/Bug/Display.html?id=36982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:165"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29902"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020373"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01025.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Not vulnerable. This issue did not affect the versions of perl as shipped with Red Hat Enterprise Linux 2.1, 3, 4, or 5, Red Hat Application Stack 1, or Solaris versions of Red Hat Directory Server 7.1 and 8, Certificate System 7.x.",
"lastModified": "2008-06-24T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-19 18:29
Modified
2024-11-21 03:10
Severity ?
Summary
Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB276E2C-622C-45EB-8378-35751366049F",
"versionEndIncluding": "5.24.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71CAECA-2A6A-4604-863F-3C1C055FB1CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a \u0027\\N{}\u0027 escape and the case-insensitive modifier."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria en la funci\u00f3n S_regatom en el archivo regcomp.c en Perl 5 anterior a versi\u00f3n 5.24.3-RC1 y versi\u00f3n 5.26.x anterior a 5.26.1-RC1, permite a los atacantes remotos causar una denegaci\u00f3n de servicio (escritura fuera de l\u00edmites) por medio de una expresi\u00f3n regular con un escape \u0027\\N{}\u0027 y el modificador que no distingue entre may\u00fasculas y min\u00fasculas."
}
],
"id": "CVE-2017-12837",
"lastModified": "2024-11-21T03:10:16.643",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-19T18:29:00.167",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100860"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492091"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"source": "cve@mitre.org",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131582"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100860"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-09-28 01:29
Modified
2024-11-21 03:10
Severity ?
Summary
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DB276E2C-622C-45EB-8378-35751366049F",
"versionEndIncluding": "5.24.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B71CAECA-2A6A-4604-863F-3C1C055FB1CE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable."
},
{
"lang": "es",
"value": "Un desbordamiento de b\u00fafer basado en pila en el m\u00e9todo CPerlHost::Add en win32/perlhost.h en Perl en versiones anteriores a la 5.24.3-RC1 y las versiones 5.26.x anteriores a 5.26.1-RC1 en Windows permite que los atacantes ejecuten c\u00f3digo arbitrario mediante una variable de entorno larga."
}
],
"id": "CVE-2017-12814",
"lastModified": "2024-11-21T03:10:15.003",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-09-28T01:29:01.327",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101051"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131665"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101051"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131665"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-01-04 21:55
Modified
2024-11-21 01:46
Severity ?
Summary
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | * | |
| perl | perl | 5.10 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.11.0 | |
| perl | perl | 5.11.1 | |
| perl | perl | 5.11.2 | |
| perl | perl | 5.11.3 | |
| perl | perl | 5.11.4 | |
| perl | perl | 5.11.5 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.13.0 | |
| perl | perl | 5.13.1 | |
| perl | perl | 5.13.2 | |
| perl | perl | 5.13.3 | |
| perl | perl | 5.13.4 | |
| perl | perl | 5.13.5 | |
| perl | perl | 5.13.6 | |
| perl | perl | 5.13.7 | |
| perl | perl | 5.13.8 | |
| perl | perl | 5.13.9 | |
| perl | perl | 5.13.10 | |
| perl | perl | 5.13.11 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.1 | |
| perl | perl | 5.14.2 | |
| perl | perl | 5.14.3 | |
| perl | perl | 5.16.0 | |
| perl | perl | 5.16.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FA2D667-D3E6-4BC2-8477-3C938C9C0CA7",
"versionEndIncluding": "5.16.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "777EC860-FB16-4B15-A8BE-3EAE9FD8A99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B84C088-F29F-4498-A390-187505361962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17E86767-47EB-4A39-B8E1-A4B9AB4BC20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DB77E3D6-9F24-4C51-86E4-CD014DF0F66E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D67E248-C0B8-4713-9D9A-47097885A2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B32436EE-DA64-41AD-B967-26C6D4973FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CF46E50D-AE29-49FD-884B-488D9EB879D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77B23E85-8167-4B17-8D76-BD807067BB4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8355C16E-16D4-4A68-BFD3-125892E3FA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85FFA753-4B14-4B52-941F-C33D41451EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B99FD006-688D-43BB-901A-FB9192157947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD582A1-DCCF-4D54-8177-45E861A0C263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E5AF4FAA-A591-43FB-A9B1-FD47EF0AC622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC3F8EA-BE60-4EAB-A9B9-DB1368B5430C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "C0D13359-AC5F-40CB-B906-8E03526CE045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A5E92FB2-7C21-4F06-AE3F-562551A758AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D213529E-33EF-43D1-A673-3C94191427D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6539E09-4DC5-4C53-AFF1-70D06BBA9E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "52D8DF08-AE73-4529-B212-CA31F02A719E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "EA054FCE-FABC-4EB5-9759-F77C6F250B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5DDFC6-4EDF-452A-B561-C9115D91FB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1DBAB61-4BFB-4664-98CF-77C617F982A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8A7580C2-44DE-48E5-AC26-A221537C95D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54E04A5E-BE90-4A31-8C1D-09A91DD3E7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1A52ADD6-05DE-4A16-9745-D92CD5F46502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF99954-5B94-4092-83B9-7D17EEDB30A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38A25AC3-1C81-4234-8B7E-0D59EA1F103B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "93E670B7-6956-4A13-A2A8-F675C0B093FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "23F1C64E-1446-409D-9F53-1C03724A10E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93813F8D-F22F-43E3-B894-BEB7FA6204F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B280339A-1CED-4FBD-8B3C-A48B07FE9BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC85766E-3A59-4711-85C9-62AC01F2A87D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC9AA38-4A25-4825-9EDD-E93353A8B195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "388E8952-47B7-426E-AE35-0216FD60CC8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "105AB2DD-5E61-4369-8383-B7BF13B85444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2F4C5C-2B56-450A-813F-254019FBB854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "226424B4-7299-4E28-BBB1-0FCC9E2602E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C16C918C-A1C4-425B-9C0C-B239B3482A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5393E265-60C1-43A6-9EFE-505A115053DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD50D93-8395-4698-A12B-D9CAAB022BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.11:*:*:*:*:*:*:*",
"matchCriteriaId": "04EE04B4-71DD-4A87-BA2D-79954AEF5DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A968B30-8456-49C2-A9B0-6CF55CB3C7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "66BF9787-C734-43DA-B8BF-FF6D6F4E802A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D94BF151-572F-4C50-8E47-9B8BCDD16A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5114F054-E5AF-4905-83DD-459E1D56B5DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91B91435-67DA-49E1-A37F-7839728F17BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "851028B9-65A4-4A4F-9C40-930B0B9A8797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AD4720-7A84-4D02-8DDC-1B91A08D98D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E3D711-A503-480F-B1EC-EC433F7DD644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38179468-F93E-4E3C-8213-5F4A903B186A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6."
},
{
"lang": "es",
"value": "La funci\u00f3n _compile en Maketext.pm en la implementaci\u00f3n de Locale::Maketext en Perl anteriores a v5.17.7 no gestionan de forma adecuada los slash cruzados (\\) y lo nombres de m\u00e9todos cualificados durante la compilaci\u00f3n o notaci\u00f3n de comillas, lo que permite a atacantes dependiendo del contexto a ejecutar comandos a trav\u00e9s de entradas manipulados sobre una aplicaci\u00f3n que acepta la traslaci\u00f3n de cadenas desde usuarios, como se demostr\u00f3 por la aplicaci\u00f3n TWiki anteriores a v5.1.3, y la aplicaci\u00f3n Foswiki v1.0.x hasta v1.0.10 y v1.1.x hasta v1.1.6."
}
],
"id": "CVE-2012-6329",
"lastModified": "2024-11-21T01:46:01.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-01-04T21:55:01.710",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224"
},
{
"source": "cve@mitre.org",
"url": "http://code.activestate.com/lists/perl5-porters/187746/"
},
{
"source": "cve@mitre.org",
"url": "http://code.activestate.com/lists/perl5-porters/187763/"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"source": "cve@mitre.org",
"url": "http://openwall.com/lists/oss-security/2012/12/11/4"
},
{
"source": "cve@mitre.org",
"url": "http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"source": "cve@mitre.org",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/56950"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2099-1"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884354"
},
{
"source": "cve@mitre.org",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.activestate.com/lists/perl5-porters/187746/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://code.activestate.com/lists/perl5-porters/187763/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://openwall.com/lists/oss-security/2012/12/11/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56950"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2099-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884354"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-11 23:15
Modified
2024-11-21 06:14
Severity ?
Summary
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| p5-encode_project | p5-encode | * | |
| perl | perl | * | |
| fedoraproject | fedora | 34 | |
| fedoraproject | fedora | 33 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:p5-encode_project:p5-encode:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1789B3F3-F9D3-4521-8279-02D87A3CBBBB",
"versionEndExcluding": "3.12",
"versionStartIncluding": "3.05",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5420C786-37DA-4247-96B1-1E4DCA0D452C",
"versionEndIncluding": "5.34.0",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value."
},
{
"lang": "es",
"value": "Encode.pm, distribuido en Perl versiones hasta 5.34.0, permite a usuarios locales alcanzar privilegios por medio de una biblioteca Encode::ConfigLocal (en el directorio de trabajo actual) que se adelanta a una carga din\u00e1mica de m\u00f3dulos. Una explotaci\u00f3n requiere una configuraci\u00f3n inusual, y determinadas versiones 2021 de Encode.pm (3.05 hasta 3.11). Este problema ocurre porque el operador || eval\u00faa @INC en un contexto escalar, y por lo tanto @INC s\u00f3lo tiene un valor entero"
}
],
"id": "CVE-2021-36770",
"lastModified": "2024-11-21T06:14:03.590",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-11T23:15:07.707",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NDGQSGMEZ75FJGBKNYC75OTO7TF7XHB/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KOZYD7BH2DNIAEZ2ZL4PJ4QUVQI6Y33/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/dist/Encode/changes"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://news.cpanel.com/unscheduled-tsr-10-august-2021/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-36770"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210909-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NDGQSGMEZ75FJGBKNYC75OTO7TF7XHB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KOZYD7BH2DNIAEZ2ZL4PJ4QUVQI6Y33/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/dist/Encode/changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://news.cpanel.com/unscheduled-tsr-10-august-2021/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-36770"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210909-0003/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-427"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-09-09 21:55
Modified
2024-11-21 01:36
Severity ?
Summary
Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "736230E6-7071-4650-8FB0-DD5624C9172C",
"versionEndIncluding": "2.18.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E1EF38B8-36B2-4F21-8F41-D0CDE28CDE43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CE4F0BB5-7DB7-4CC6-83C5-D8C84DC2A863",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FEC53956-98C5-4355-8670-9BB4A479BCC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB8269B-270B-455F-94B1-0F1025041EE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "B3460B9A-89F5-4F3C-80DB-0DE6099D64E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "40C34F0C-B9A4-4AB4-8B34-44A65103DBBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.61:*:*:*:*:*:*:*",
"matchCriteriaId": "65434B07-D9FB-4D3A-B63C-48DA7ED603EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.62:*:*:*:*:*:*:*",
"matchCriteriaId": "0C634C91-BFD6-480A-ABC9-557066A11E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "C92F2903-486A-4656-8E43-AF6D9E475A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.64:*:*:*:*:*:*:*",
"matchCriteriaId": "47C86A61-CBDF-40A1-AC66-AB452C1C4FBA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "519DD527-BFE9-4166-A391-127FB8EDFA81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.66:*:*:*:*:*:*:*",
"matchCriteriaId": "66842472-632B-4505-B3E0-32C59AA73AA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "34774222-0D33-41F0-A917-09B044A53800",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "1E4C35D3-8169-41AA-8719-5E2D32DEF265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.69:*:*:*:*:*:*:*",
"matchCriteriaId": "2880F00C-B64E-4B69-9FFD-FFAF00E0EA31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "978875E8-61E6-43C8-8E1B-BAA9BFE696E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "45A9FB3A-ABF7-44E5-B3F3-C24E3FC2E440",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "2E2B3B94-DA75-44A8-B13B-004989615B4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "E758B292-C06F-4AF7-99B9-2BC49533C25A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "49F89A9B-4EAA-41A0-AEB6-16B7A7C13127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "110AB146-D842-49AE-A6FB-15574D94F556",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "187FE6D6-7785-45C3-9FAF-C55AC370FD7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "F05B9866-08CD-4A32-8B59-4AA3818B2B5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "C662A095-27AD-41B1-B92C-3352A68001DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "890F038F-7668-4D67-8787-385145DE7F0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "27C2A9DD-5A7D-489F-B2B2-BA2DD1FE5385",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "98419B2D-7EF8-4F16-A95D-93D4C097F10A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "F071074B-25A2-4ADA-AA51-DD5E07E44EE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.89:*:*:*:*:*:*:*",
"matchCriteriaId": "3795B65D-4B65-419E-8ADC-8806BE12E0F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "17578EF4-677D-4C0D-AE02-0B59EDF19CE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "93DEF1EF-0286-4603-B9D8-05908189184A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "6A170ED4-8B94-4C09-A5D5-B6A9A5D04AF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "0990BD24-ED47-44EF-962D-4737DD295D5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B0D454-CD0E-4BF1-A516-A4A5E19A447D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.95:*:*:*:*:*:*:*",
"matchCriteriaId": "6D12BD17-3FBE-4917-9D44-4135FC857CBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.96:*:*:*:*:*:*:*",
"matchCriteriaId": "AF110E96-77E7-4BF9-9309-606E02871360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.97:*:*:*:*:*:*:*",
"matchCriteriaId": "1C44DEA9-D1CC-4D6F-BFB4-F20BA8CBD837",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.98:*:*:*:*:*:*:*",
"matchCriteriaId": "00ABCC48-9B7E-4312-8B64-44399409EDE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:0.99:*:*:*:*:*:*:*",
"matchCriteriaId": "CB8D8793-F072-4C7A-84B5-79EB6D0541BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA44592-DC6D-4FB7-AC1D-A300643922C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBE0151-85BA-449C-880F-E23D8C446D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "83F3ED90-9586-41DB-9B83-C6B05C605213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0DB562AC-B665-4F2B-B004-9E848ACC7C20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "8305CB5A-A64A-4F11-B912-B2E428513E22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.31:*:*:*:*:*:*:*",
"matchCriteriaId": "367FF98C-12FF-4CEC-9870-6356FAD3C523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.32:*:*:*:*:*:*:*",
"matchCriteriaId": "191EDFB5-F9AB-4A8B-BFC7-9BB7BCE7AAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "A253AEB7-A581-4E1F-9410-E056390C0BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.41:*:*:*:*:*:*:*",
"matchCriteriaId": "2696ACCA-47FC-4D25-8A08-17F7CD640040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.42:*:*:*:*:*:*:*",
"matchCriteriaId": "50F9F981-903A-48F8-ACD9-48308E639261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.43:*:*:*:*:*:*:*",
"matchCriteriaId": "99E7410D-A498-49FB-818E-309BDBDB7A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.44:*:*:*:*:*:*:*",
"matchCriteriaId": "85BE0085-3E86-4A39-8AE4-76ED06D2534B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.45:*:*:*:*:*:*:*",
"matchCriteriaId": "2614B8FD-F7A5-4C70-AE1E-2255FCAB1154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.46:*:*:*:*:*:*:*",
"matchCriteriaId": "58387159-A167-4032-9F3F-B517EF2185F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.47:*:*:*:*:*:*:*",
"matchCriteriaId": "CB414CE9-5EFA-45F7-BB0B-B8B3893444DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.48:*:*:*:*:*:*:*",
"matchCriteriaId": "93FBE9FB-99AC-4800-BB1F-4F0689E0A07A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.49:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB83944-0183-4DDB-B20E-0C8A7646A07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80151ACD-28DC-4383-9B7E-F2B759299341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C15294D-F2AC-4E81-A612-14A31510449D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF2EE2D3-A942-4CAE-8F14-213BB6CBD62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05630C5E-263A-4974-81A0-2DC178B9708C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4B372AF6-29BB-4DAA-B3DA-3F8AE7BBC5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C17CD4D0-DFE5-4C01-BEEA-891C865E18AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEB7512-D7E2-4F24-B96F-4FFE9E650262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "307F457C-4015-4857-ADB8-637BC53DEB54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B645F9A1-44FB-4504-BF6C-2810EE841025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E91B29C4-3709-473E-8F69-69D77ECEB221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB3068F9-9A65-4DC4-88C2-19C8E1807CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ADDA896A-8EA8-4924-A648-6001F83F8AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "91611ED9-FFDE-42B2-8E02-5B089A34DB33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "638055BA-CB01-404E-B9CD-D9EEB284ACE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54F33281-2EA9-49EF-A074-E0AE93D4DC72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2EA4A6E5-F1A0-42E8-BB49-E06497DA582B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "085763C4-D71A-47AF-B64C-829E6EC8E6D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9805F52C-B9F4-4531-A478-C3FA03D1EA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1183DBED-4EF7-4942-9400-D57BC0C63773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4FCE3D75-98D9-4D95-9EB9-F33E37CC047B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58228B5F-7FA1-42B5-BC4A-A5F6535E2C39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D4C885-1FDB-479C-9626-B006E1C84E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6574874E-EE2A-43B0-9D4B-9106C46BF8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62A4C415-6408-4A7E-A1C9-8A327B0DEA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B35E250-F525-4EF5-9DBD-D80D68E5C00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79388C94-3306-4FD2-880E-56D42830B822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E181D243-AFF0-41E3-A969-3DC67E81E8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D445C68D-BFB8-4BAB-B995-FADF7CA5DF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D8982A13-3F5E-4B52-932C-00BD7CEA7625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B0518BBC-BE6F-4949-A39B-1BE1FFA9442D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5F66A1-E3C6-4D89-B3E3-AF46CC98BB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8090363F-1850-4095-A212-0A554EA37A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26FA77D7-CE3B-4ED2-8117-E6CC1BA39B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4687A27-D41C-489D-AA95-E6999ABB696D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C03AD0EA-BFB8-480D-9B9C-6D6BD0DABDB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59BADDB6-D48A-4DC0-A758-902F0EBC51CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D12770F8-8729-4712-9023-64CB2B374BCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4A7FD104-1DE9-4A2A-AB2B-CD4AD9E70A93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A33D85D8-AA73-4120-9DB0-85B9E0BC14F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "079B9B47-194A-4047-AFEB-ABAD9CA5E53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "98034760-4DF2-4D7B-92D8-02EDCF56E618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7EB7B211-AFE1-4D1A-B46F-86394981D5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "930C1B45-2ABE-42DD-8D10-B375ED796F4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B5811AB6-ED08-40C9-A0CD-77793A495E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82185F66-9E19-4C56-8E77-5C153275A542",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E51FAC0-BEF4-4839-B3C0-CCC9ED015582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D902DF16-5F3A-485E-9409-BC47A4E46014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8FA7E4-B406-4587-86A7-F560FE64A3B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "77C35F36-AD3C-418C-ACED-486FF06EFFC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B28DF2CD-1BEC-4F5E-AD30-7F84E58DF223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3960D793-C3C8-40FC-83B2-710ED2F5D658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5DDE4919-FA8A-485B-9F0E-BD015B1D4D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC022C7A-35DD-445D-B9D3-6024CF28610E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88D408D9-B90D-495A-BC09-E322FBE78E06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D00E45-E017-43AB-AAF9-9B4721CD8E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDB7238-FD06-4872-A736-9D988A0433E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "676C7999-B586-40E0-83E8-EB09E3F107C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31B80A50-5766-4ED7-9254-5CDDB74C7C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF88AD1-AECE-4227-AE63-EA3E279238C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED441D3-6D17-4F8E-AF0E-27D813B2C68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22CAAB68-FD86-49DB-8DA7-F16FC3F6B878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF19BA4-1BF5-4F1E-BE6C-318B581D1EB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6EE9535-B8AB-4DC8-A012-405FDEF88CA3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de formato de cadena en dbdimp.c en el m\u00f3dulo DBD::Pg (tambi\u00e9n conocido como DBD-Pg o libdbd-pg-perl) anteriores a c2.19.0 en Perl, permite a servidores remotos de bases de datos a provocar una denegaci\u00f3n de servicio (ca\u00edda de proceso) a trav\u00e9s de unos especificadores de formato de cadena en (1) una advertencia de la base de datos sobre la funci\u00f3n pg_warn o (2) una declaraci\u00f3n DBD manipulada sobre la funci\u00f3n dbd_st_prepare."
}
],
"id": "CVE-2012-1151",
"lastModified": "2024-11-21T01:36:32.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-09-09T21:55:05.213",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536"
},
{
"source": "secalert@redhat.com",
"url": "http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes"
},
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1116.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48307"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48319"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/48824"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-201204-08.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2431"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:112"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/09/6"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2012/03/10/4"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=801733"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73854"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73855"
},
{
"source": "secalert@redhat.com",
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=75642"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-1116.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/48319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/48824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201204-08.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2431"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/09/6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/03/10/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=801733"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73854"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73855"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=75642"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-18 00:55
Modified
2024-11-21 01:44
Severity ?
Summary
Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.4 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.1 | |
| perl | perl | 5.14.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC3F8EA-BE60-4EAB-A9B9-DB1368B5430C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "C0D13359-AC5F-40CB-B906-8E03526CE045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A5E92FB2-7C21-4F06-AE3F-562551A758AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D213529E-33EF-43D1-A673-3C94191427D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6539E09-4DC5-4C53-AFF1-70D06BBA9E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "52D8DF08-AE73-4529-B212-CA31F02A719E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "EA054FCE-FABC-4EB5-9759-F77C6F250B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5DDFC6-4EDF-452A-B561-C9115D91FB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1DBAB61-4BFB-4664-98CF-77C617F982A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8A7580C2-44DE-48E5-AC26-A221537C95D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54E04A5E-BE90-4A31-8C1D-09A91DD3E7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1A52ADD6-05DE-4A16-9745-D92CD5F46502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF99954-5B94-4092-83B9-7D17EEDB30A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38A25AC3-1C81-4234-8B7E-0D59EA1F103B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "93E670B7-6956-4A13-A2A8-F675C0B093FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "23F1C64E-1446-409D-9F53-1C03724A10E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8E8FCF-4358-42D9-8C04-EBF78CC21583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A968B30-8456-49C2-A9B0-6CF55CB3C7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "66BF9787-C734-43DA-B8BF-FF6D6F4E802A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D94BF151-572F-4C50-8E47-9B8BCDD16A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5114F054-E5AF-4905-83DD-459E1D56B5DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91B91435-67DA-49E1-A37F-7839728F17BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "851028B9-65A4-4A4F-9C40-930B0B9A8797",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the \u0027x\u0027 string repeat operator."
},
{
"lang": "es",
"value": "Desbordamiento de bufer en memoria din\u00e1mica en la funci\u00f3n Perl_repeatcpy en util.c en Perl v5.12.x antes de v5.12.5, v5.14.x antes de v5.14.3, y v5.15.x antes de v5.15.5 permite a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (consumo de memoria y ca\u00edda) o posiblemente ejecutar c\u00f3digo arbitrario mediante el operador \u0027x\u0027 string repeat."
}
],
"id": "CVE-2012-5195",
"lastModified": "2024-11-21T01:44:14.243",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-18T00:55:01.587",
"references": [
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51457"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/55314"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2586"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"source": "cve@mitre.org",
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/10/26/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/10/27/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/56287"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"source": "cve@mitre.org",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/51457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/55314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/10/26/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/10/27/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/56287"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-01 17:30
Modified
2024-11-21 00:53
Severity ?
Summary
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E98D2706-99B7-4153-925B-77A8CECD7CFB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B84C088-F29F-4498-A390-187505361962",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:file\\:\\:path:1.08:*:*:*:*:*:*:*",
"matchCriteriaId": "EA2DEBED-F663-4F03-A7AA-601293DE48BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:file\\:\\:path:2.07:*:*:*:*:*:*:*",
"matchCriteriaId": "768FC916-07E3-4D66-B1B7-C36B40B64F35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en la funci\u00f3n rmtree de File::Path 1.08 y 2.07 (lib/File/Path.pm) en Perl 5.8.8 y 5.10.0 permite a usuarios locales crear binarios setuid arbitrarios a trav\u00e9s de un ataque por enlace simb\u00f3lico. Se trata de una vulnerabilidad diferente que CVE-2005-0448, CVE-2004-0452 y CVE-2008-2827. NOTA: Esto es un error de regresi\u00f3n relacionado con CVE-2005-0448. Es diferente de CVE-2008-5303 por las versiones afectadas."
}
],
"id": "CVE-2008-5302",
"lastModified": "2024-11-21T00:53:46.603",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-12-01T17:30:01.453",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32980"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33314"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/40052"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT4077"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1678"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.gossamer-threads.com/lists/perl/porters/233695#233695"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47043"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/40052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT4077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.gossamer-threads.com/lists/perl/porters/233695#233695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue has been addressed in perl packages as shipped in Red Hat Enterprise Linux 3 and 4 via https://rhn.redhat.com/errata/RHSA-2010-0457.html and Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0458.html.\n",
"lastModified": "2010-06-07T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-24 05:05
Modified
2024-11-21 00:45
Severity ?
Summary
Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E98D2706-99B7-4153-925B-77A8CECD7CFB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems."
},
{
"lang": "es",
"value": "Vulnerabilidad de doble liberacio\u00f3n en Perl 5.8.8 permite a los atacantes, dependiendo del contexto, causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y caida) a trav\u00e9s de expresiones regulares manipuladas conteniendo caracteres UTF8. NOTE: esta caracter\u00edstica solo est\u00e1 presente en ciertos sistemas operativos."
}
],
"id": "CVE-2008-1927",
"lastModified": "2024-11-21T00:45:41.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-24T05:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/44588"
},
{
"source": "cve@mitre.org",
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29948"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30025"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30326"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30624"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31208"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31328"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31467"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31604"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31687"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33314"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33937"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3438"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm"
},
{
"source": "cve@mitre.org",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1556"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-17.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=41"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:100"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0522.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0532.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28928"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020253"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"source": "cve@mitre.org",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2265/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2361"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2424"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41996"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10579"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00601.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00607.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/44588"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30326"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30624"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31208"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31604"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1556"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-17.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=41"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:100"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0522.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0532.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2265/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2361"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00601.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00607.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-05 22:29
Modified
2024-11-21 03:55
Severity ?
Summary
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | * | |
| perl | perl | * | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| debian | debian_linux | 9.0 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 7.4 | |
| redhat | enterprise_linux | 7.5 | |
| redhat | enterprise_linux | 7.6 | |
| netapp | e-series_santricity_os_controller | * | |
| netapp | snap_creator_framework | - | |
| netapp | snapcenter | - | |
| netapp | snapdrive | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0FEAD21-C9A0-40F3-8F2E-489750B07760",
"versionEndExcluding": "5.26.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "054E1C6A-1EC3-4877-839C-1C28FCEC501A",
"versionEndExcluding": "5.28.1",
"versionStartIncluding": "5.28.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "041F9200-4C01-4187-AE34-240E8277B54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB48767-F095-444F-9E05-D9AC345AB803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6FA12B-504C-4DBF-A32E-0548557AA2ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C82200F-A26E-4AD4-82FF-DC5601A28D52",
"versionEndIncluding": "11.40",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
"matchCriteriaId": "61D7EF01-F618-497F-9375-8003CEA3D380",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations."
},
{
"lang": "es",
"value": "Perl, en versiones anteriores a la 5.26.3 y versiones 5.28.0 anteriores a la 5.28.1, tiene un desbordamiento de b\u00fafer mediante una expresi\u00f3n regular manipulada que desencadena operaciones inv\u00e1lidas de escritura."
}
],
"id": "CVE-2018-18312",
"lastModified": "2024-11-21T03:55:40.990",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-05T22:29:00.303",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106179"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646734"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.28.1"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=133423"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106179"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646734"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.28.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=133423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-04-29 00:15
Modified
2024-11-21 08:01
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cpanpm_project | cpanpm | * | |
| perl | perl | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cpanpm_project:cpanpm:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90D5B630-223B-4035-89FF-84D4BD0D7C32",
"versionEndExcluding": "2.35",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00980675-EC82-443D-AFFE-B83E5239DAB9",
"versionEndExcluding": "5.38.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS."
}
],
"id": "CVE-2023-31484",
"lastModified": "2024-11-21T08:01:57.707",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2023-04-29T00:15:09.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/29/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/5"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/07/2"
},
{
"source": "cve@mitre.org",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/andk/cpanpm/pull/175"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes"
],
"url": "https://metacpan.org/dist/CPAN/changes"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://www.openwall.com/lists/oss-security/2023/04/18/14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/29/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/07/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking"
],
"url": "https://github.com/andk/cpanpm/pull/175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes"
],
"url": "https://metacpan.org/dist/CPAN/changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://www.openwall.com/lists/oss-security/2023/04/18/14"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-295"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-08-02 14:59
Modified
2024-11-21 02:46
Severity ?
Summary
(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 8.0 | |
| fedoraproject | fedora | 23 | |
| fedoraproject | fedora | 24 | |
| perl | perl | 1.0.15 | |
| perl | perl | 1.0.16 | |
| perl | perl | 5.000 | |
| perl | perl | 5.000o | |
| perl | perl | 5.001 | |
| perl | perl | 5.001n | |
| perl | perl | 5.002 | |
| perl | perl | 5.002_01 | |
| perl | perl | 5.003 | |
| perl | perl | 5.003_01 | |
| perl | perl | 5.003_02 | |
| perl | perl | 5.003_03 | |
| perl | perl | 5.003_04 | |
| perl | perl | 5.003_05 | |
| perl | perl | 5.003_07 | |
| perl | perl | 5.003_08 | |
| perl | perl | 5.003_09 | |
| perl | perl | 5.003_10 | |
| perl | perl | 5.003_11 | |
| perl | perl | 5.003_12 | |
| perl | perl | 5.003_13 | |
| perl | perl | 5.003_14 | |
| perl | perl | 5.003_15 | |
| perl | perl | 5.003_16 | |
| perl | perl | 5.003_17 | |
| perl | perl | 5.003_18 | |
| perl | perl | 5.003_19 | |
| perl | perl | 5.003_20 | |
| perl | perl | 5.003_21 | |
| perl | perl | 5.003_22 | |
| perl | perl | 5.003_23 | |
| perl | perl | 5.003_24 | |
| perl | perl | 5.003_25 | |
| perl | perl | 5.003_26 | |
| perl | perl | 5.003_27 | |
| perl | perl | 5.003_28 | |
| perl | perl | 5.003_90 | |
| perl | perl | 5.003_91 | |
| perl | perl | 5.003_92 | |
| perl | perl | 5.003_93 | |
| perl | perl | 5.003_94 | |
| perl | perl | 5.003_95 | |
| perl | perl | 5.003_96 | |
| perl | perl | 5.003_97 | |
| perl | perl | 5.003_97a | |
| perl | perl | 5.003_97b | |
| perl | perl | 5.003_97c | |
| perl | perl | 5.003_97d | |
| perl | perl | 5.003_97e | |
| perl | perl | 5.003_97f | |
| perl | perl | 5.003_97g | |
| perl | perl | 5.003_97h | |
| perl | perl | 5.003_97i | |
| perl | perl | 5.003_97j | |
| perl | perl | 5.003_98 | |
| perl | perl | 5.003_99 | |
| perl | perl | 5.003_99a | |
| perl | perl | 5.004 | |
| perl | perl | 5.004_01 | |
| perl | perl | 5.004_02 | |
| perl | perl | 5.004_03 | |
| perl | perl | 5.004_04 | |
| perl | perl | 5.004_05 | |
| perl | perl | 5.005 | |
| perl | perl | 5.005_01 | |
| perl | perl | 5.005_02 | |
| perl | perl | 5.005_03 | |
| perl | perl | 5.005_04 | |
| perl | perl | 5.6 | |
| perl | perl | 5.6.0 | |
| perl | perl | 5.6.1 | |
| perl | perl | 5.6.2 | |
| perl | perl | 5.7.3 | |
| perl | perl | 5.8 | |
| perl | perl | 5.8.0 | |
| perl | perl | 5.8.1 | |
| perl | perl | 5.8.2 | |
| perl | perl | 5.8.3 | |
| perl | perl | 5.8.4 | |
| perl | perl | 5.8.5 | |
| perl | perl | 5.8.6 | |
| perl | perl | 5.8.7 | |
| perl | perl | 5.8.8 | |
| perl | perl | 5.8.9 | |
| perl | perl | 5.8.9 | |
| perl | perl | 5.9.0 | |
| perl | perl | 5.9.1 | |
| perl | perl | 5.9.2 | |
| perl | perl | 5.9.3 | |
| perl | perl | 5.9.4 | |
| perl | perl | 5.9.5 | |
| perl | perl | 5.10 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.11.0 | |
| perl | perl | 5.11.1 | |
| perl | perl | 5.11.2 | |
| perl | perl | 5.11.3 | |
| perl | perl | 5.11.4 | |
| perl | perl | 5.11.5 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.4 | |
| perl | perl | 5.12.4 | |
| perl | perl | 5.12.4 | |
| perl | perl | 5.12.5 | |
| perl | perl | 5.12.5 | |
| perl | perl | 5.12.5 | |
| perl | perl | 5.13.0 | |
| perl | perl | 5.13.1 | |
| perl | perl | 5.13.2 | |
| perl | perl | 5.13.3 | |
| perl | perl | 5.13.4 | |
| perl | perl | 5.13.5 | |
| perl | perl | 5.13.6 | |
| perl | perl | 5.13.7 | |
| perl | perl | 5.13.8 | |
| perl | perl | 5.13.9 | |
| perl | perl | 5.13.10 | |
| perl | perl | 5.13.11 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.1 | |
| perl | perl | 5.14.1 | |
| perl | perl | 5.14.2 | |
| perl | perl | 5.14.2 | |
| perl | perl | 5.14.3 | |
| perl | perl | 5.14.3 | |
| perl | perl | 5.14.3 | |
| perl | perl | 5.14.4 | |
| perl | perl | 5.14.4 | |
| perl | perl | 5.14.4 | |
| perl | perl | 5.15.0 | |
| perl | perl | 5.15.1 | |
| perl | perl | 5.15.2 | |
| perl | perl | 5.15.3 | |
| perl | perl | 5.15.4 | |
| perl | perl | 5.15.5 | |
| perl | perl | 5.15.6 | |
| perl | perl | 5.15.7 | |
| perl | perl | 5.15.8 | |
| perl | perl | 5.15.9 | |
| perl | perl | 5.16.0 | |
| perl | perl | 5.16.0 | |
| perl | perl | 5.16.0 | |
| perl | perl | 5.16.1 | |
| perl | perl | 5.16.2 | |
| perl | perl | 5.16.3 | |
| perl | perl | 5.16.3 | |
| perl | perl | 5.17.0 | |
| perl | perl | 5.17.1 | |
| perl | perl | 5.17.2 | |
| perl | perl | 5.17.3 | |
| perl | perl | 5.17.4 | |
| perl | perl | 5.17.5 | |
| perl | perl | 5.17.6 | |
| perl | perl | 5.17.7 | |
| perl | perl | 5.17.7.0 | |
| perl | perl | 5.17.8 | |
| perl | perl | 5.17.9 | |
| perl | perl | 5.17.10 | |
| perl | perl | 5.17.11 | |
| perl | perl | 5.18.0 | |
| perl | perl | 5.18.0 | |
| perl | perl | 5.18.0 | |
| perl | perl | 5.18.0 | |
| perl | perl | 5.18.0 | |
| perl | perl | 5.18.1 | |
| perl | perl | 5.18.2 | |
| perl | perl | 5.18.2 | |
| perl | perl | 5.18.2 | |
| perl | perl | 5.18.2 | |
| perl | perl | 5.18.2 | |
| perl | perl | 5.18.3 | |
| perl | perl | 5.18.3 | |
| perl | perl | 5.18.3 | |
| perl | perl | 5.18.4 | |
| perl | perl | 5.19.0 | |
| perl | perl | 5.19.1 | |
| perl | perl | 5.19.2 | |
| perl | perl | 5.19.3 | |
| perl | perl | 5.19.4 | |
| perl | perl | 5.19.5 | |
| perl | perl | 5.19.6 | |
| perl | perl | 5.19.7 | |
| perl | perl | 5.19.8 | |
| perl | perl | 5.19.9 | |
| perl | perl | 5.19.10 | |
| perl | perl | 5.19.11 | |
| perl | perl | 5.20.0 | |
| perl | perl | 5.20.0 | |
| perl | perl | 5.20.1 | |
| perl | perl | 5.20.1 | |
| perl | perl | 5.20.1 | |
| perl | perl | 5.20.2 | |
| perl | perl | 5.20.2 | |
| perl | perl | 5.20.3 | |
| perl | perl | 5.20.3 | |
| perl | perl | 5.20.3 | |
| perl | perl | 5.21.0 | |
| perl | perl | 5.21.1 | |
| perl | perl | 5.21.2 | |
| perl | perl | 5.21.3 | |
| perl | perl | 5.21.4 | |
| perl | perl | 5.21.5 | |
| perl | perl | 5.21.6 | |
| perl | perl | 5.21.7 | |
| perl | perl | 5.21.8 | |
| perl | perl | 5.21.9 | |
| perl | perl | 5.21.10 | |
| perl | perl | 5.21.11 | |
| perl | perl | 5.22.0 | |
| perl | perl | 5.22.0 | |
| perl | perl | 5.22.0 | |
| perl | perl | 5.22.1 | |
| perl | perl | 5.22.1 | |
| perl | perl | 5.22.1 | |
| perl | perl | 5.22.1 | |
| perl | perl | 5.22.1 | |
| perl | perl | 5.22.2 | |
| perl | perl | 5.22.2 | |
| perl | perl | 5.22.3 | |
| perl | perl | 5.24.0 | |
| perl | perl | 5.24.0 | |
| perl | perl | 5.24.0 | |
| perl | perl | 5.24.0 | |
| perl | perl | 5.24.0 | |
| perl | perl | 5.24.0 | |
| perl | perl | 5.24.1 | |
| opensuse | leap | 15.0 | |
| apache | spamassassin | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*",
"matchCriteriaId": "E79AB8DD-C907-4038-A931-1A5A4CFB6A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
"matchCriteriaId": "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:1.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "BF593285-9ECF-4F81-8D0E-7048E5297A5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "68E7AF92-F791-4F27-A996-1C688E27EB8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.000:*:*:*:*:*:*:*",
"matchCriteriaId": "33BD16F3-90F9-44FA-913F-3E8832EE7FEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.000o:*:*:*:*:*:*:*",
"matchCriteriaId": "9A9A905C-3DF9-4EB6-B93A-F7DFED63E2E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.001:*:*:*:*:*:*:*",
"matchCriteriaId": "6A0F4D87-B780-4672-93B5-739E365E2155",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.001n:*:*:*:*:*:*:*",
"matchCriteriaId": "AD2C9916-353B-4958-AF80-5477DB26F015",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.002:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C74D41-BC84-43C2-9C6B-0C11A61EDC1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.002_01:*:*:*:*:*:*:*",
"matchCriteriaId": "4F56CD3C-542A-4441-AF33-65C084F219C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003:*:*:*:*:*:*:*",
"matchCriteriaId": "7E0C7A76-FEDA-4AC4-BFAD-01015DAE751D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_01:*:*:*:*:*:*:*",
"matchCriteriaId": "8950DFB0-64BF-4E4A-929F-8165A88F8C77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_02:*:*:*:*:*:*:*",
"matchCriteriaId": "C63F4167-E4D2-4633-8CDA-4E2A86E66AF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_03:*:*:*:*:*:*:*",
"matchCriteriaId": "85F31F8A-5682-45D6-8E0C-E7F312F59F86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_04:*:*:*:*:*:*:*",
"matchCriteriaId": "D4EE1C93-D2C6-4F53-9862-C29E93C6D80B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_05:*:*:*:*:*:*:*",
"matchCriteriaId": "E59A0DBD-B135-41A1-92C1-EABA0157839F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_07:*:*:*:*:*:*:*",
"matchCriteriaId": "CB2932C3-0F88-46A4-8822-78CD5F1EBB12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_08:*:*:*:*:*:*:*",
"matchCriteriaId": "F760289E-C86E-4AC6-A4EC-DB25A141C99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_09:*:*:*:*:*:*:*",
"matchCriteriaId": "2F43A336-EDE0-445B-827F-E9544FC77552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_10:*:*:*:*:*:*:*",
"matchCriteriaId": "7749C19E-DC46-4F0B-A866-B292FA74B29C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_11:*:*:*:*:*:*:*",
"matchCriteriaId": "E92CC85B-B58C-48F8-9E6C-4EF2053AC276",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_12:*:*:*:*:*:*:*",
"matchCriteriaId": "818A195C-E450-4BA5-9557-A65285D79ADE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_13:*:*:*:*:*:*:*",
"matchCriteriaId": "82FEB582-2504-4E7E-A5C6-E0B6A4CC16D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_14:*:*:*:*:*:*:*",
"matchCriteriaId": "8CAC694B-E397-4C15-BDBC-3D897761A9D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_15:*:*:*:*:*:*:*",
"matchCriteriaId": "0039A8F5-063D-49D6-8820-6948BB50C923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_16:*:*:*:*:*:*:*",
"matchCriteriaId": "E233E9D3-B462-4DF6-B46A-7D92DF37D6D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_17:*:*:*:*:*:*:*",
"matchCriteriaId": "C5F09857-DC25-40F3-9D40-1699AED6ABBF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_18:*:*:*:*:*:*:*",
"matchCriteriaId": "F786345C-81BB-4BA4-B84A-0AB99E92B104",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_19:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E22076-8DA3-40B7-BD3B-ACFBFAE79B12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_20:*:*:*:*:*:*:*",
"matchCriteriaId": "E81E679F-803B-4AFB-947A-5DB6FE40A099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_21:*:*:*:*:*:*:*",
"matchCriteriaId": "C1FDE206-0648-4758-AFBF-E1E062875485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_22:*:*:*:*:*:*:*",
"matchCriteriaId": "061B1DE8-E39E-4B87-AAB3-076CC0086913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_23:*:*:*:*:*:*:*",
"matchCriteriaId": "49A046AB-FBF7-4F69-BDA5-A38ACF7A5822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_24:*:*:*:*:*:*:*",
"matchCriteriaId": "1FFEB7B3-2A2A-40BC-9EA9-0E18E62BBDFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_25:*:*:*:*:*:*:*",
"matchCriteriaId": "F81F635C-AF53-4515-8D38-0A738A0FD16E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_26:*:*:*:*:*:*:*",
"matchCriteriaId": "90FCFD46-17FC-4550-8608-4FBE7A450922",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_27:*:*:*:*:*:*:*",
"matchCriteriaId": "3343A0BC-D62F-4FC5-A5BC-4FF155A566E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_28:*:*:*:*:*:*:*",
"matchCriteriaId": "B0440F0B-154D-48CE-84CB-0751F2CC9EAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_90:*:*:*:*:*:*:*",
"matchCriteriaId": "0539B3F5-A216-4B9A-8229-752519135153",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_91:*:*:*:*:*:*:*",
"matchCriteriaId": "2CCD591B-2C36-4EED-8CC2-F7B30C786CD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_92:*:*:*:*:*:*:*",
"matchCriteriaId": "DC8B22C0-B8DA-496E-B615-EA8482FC04A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_93:*:*:*:*:*:*:*",
"matchCriteriaId": "B9215B20-2133-4992-928A-9EBD734A12A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_94:*:*:*:*:*:*:*",
"matchCriteriaId": "27E6BE18-F346-46DF-B84C-ED5CFDC5ABE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_95:*:*:*:*:*:*:*",
"matchCriteriaId": "F19F55A5-AAC9-4F7D-83F0-C91F98F6DEB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_96:*:*:*:*:*:*:*",
"matchCriteriaId": "5166BC2D-E3CC-4FA9-91C3-D97948003044",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97:*:*:*:*:*:*:*",
"matchCriteriaId": "C89A4BB0-4C93-40A5-87CC-84C6338DF398",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97a:*:*:*:*:*:*:*",
"matchCriteriaId": "07A1FD7E-6805-4F78-B15E-955D58FBC9C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97b:*:*:*:*:*:*:*",
"matchCriteriaId": "5C2D805C-D3EC-4A9E-BD80-D448A719BFAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97c:*:*:*:*:*:*:*",
"matchCriteriaId": "9E7EB8B6-0AB4-481F-8720-C6DB61EACB58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97d:*:*:*:*:*:*:*",
"matchCriteriaId": "918B183C-AEAD-477D-871D-2582271D940A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97e:*:*:*:*:*:*:*",
"matchCriteriaId": "6B63EC1F-3311-44DD-8CCA-4D04C0F53E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97f:*:*:*:*:*:*:*",
"matchCriteriaId": "7DABDF1C-7793-4716-A7E8-895354874AC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97g:*:*:*:*:*:*:*",
"matchCriteriaId": "07D18688-D419-40FA-BBD6-C3DE46F5093C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97h:*:*:*:*:*:*:*",
"matchCriteriaId": "5CE475CA-40C1-4851-A157-57BC56626B86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97i:*:*:*:*:*:*:*",
"matchCriteriaId": "580002B3-C356-45DA-8C60-B5DFACED6DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_97j:*:*:*:*:*:*:*",
"matchCriteriaId": "132AB295-0768-4927-AD64-1BB962BF406E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_98:*:*:*:*:*:*:*",
"matchCriteriaId": "58C6E5A0-45FD-4ECF-94A5-593C27051E62",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_99:*:*:*:*:*:*:*",
"matchCriteriaId": "75B905E8-76E7-45C8-B761-BD608C5465DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.003_99a:*:*:*:*:*:*:*",
"matchCriteriaId": "7666AD83-03A2-42D8-8D39-6377D0AB1A02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.004:*:*:*:*:*:*:*",
"matchCriteriaId": "47B622FF-B240-48AE-898C-5EB0F612563F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.004_01:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9678C4-63EF-4717-A1C2-439A6726914B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.004_02:*:*:*:*:*:*:*",
"matchCriteriaId": "5807630D-4939-49D1-886D-9B5B35BDE131",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.004_03:*:*:*:*:*:*:*",
"matchCriteriaId": "A10B1AFC-4BB0-432D-89F7-0EB1E74C99FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.004_04:*:*:*:*:*:*:*",
"matchCriteriaId": "13D67525-0514-4ED9-ACC7-D807225A6F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.004_05:*:*:*:*:*:*:*",
"matchCriteriaId": "B34949C7-F77A-4EC3-A757-21B7A2A44116",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.005:*:*:*:*:*:*:*",
"matchCriteriaId": "1628FEAE-D96C-47C9-BF90-72506D8B9E55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.005_01:*:*:*:*:*:*:*",
"matchCriteriaId": "35728909-A140-4531-AEF6-3A11722B4648",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.005_02:*:*:*:*:*:*:*",
"matchCriteriaId": "F05D8B69-C077-41B0-8E1B-5DE25C5974DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.005_03:*:*:*:*:*:*:*",
"matchCriteriaId": "5B5FF9A9-5E08-47F5-81C3-94522DA40187",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.005_04:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA7EA98-01E5-40A9-B8A4-7768E96B46D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B3579E04-215F-4B7D-BC6B-5AA7F98715AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BBDE0711-1423-4E75-A902-1DA04DC8C352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD62DA82-0EB3-4ACA-ACC8-A1E63C031D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "66F27F6D-ED2A-42C4-96A0-2F6536D9DA22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B476B28F-8F98-4794-A915-C47AB0C2A857",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8:*:*:*:*:*:*:*",
"matchCriteriaId": "0EEC7CCD-459E-41CF-B819-696AB6C9BB39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4932278D-A661-42D9-AA36-4233B174EF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70CBBC87-F6F7-45AF-9B54-95402D03C75F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B34EA51-64A3-483A-AF99-01358F6BE8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E0DBA5-360F-463E-A840-365168A1FCC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA80F25-A108-4B65-BE25-56DE17B930EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ECB2B6E2-890E-4B6E-833F-DF40E6D77E22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53F0358E-0722-48A6-A2C6-470229602089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8DFDF97-EF44-448F-A5CA-021B2D64605F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E98D2706-99B7-4153-925B-77A8CECD7CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B10AD15E-6275-48AB-8757-FB5A735C82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.9:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2AFF98CD-FAF3-4016-BF69-FBCAACF570B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3DF54207-7CF6-4204-9AA2-C705865797A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4D37C95-2AB2-4827-A106-16D93ED21BBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF69341A-4D00-424E-AD0F-FA7515278770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "60C1DB87-F7F4-4D1D-9182-5922BAC7E55C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "074987BF-A9E8-44BE-B9B8-C58C53A41EA1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EB5CFBA1-E202-4AF9-A26D-D66830C070B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "777EC860-FB16-4B15-A8BE-3EAE9FD8A99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B84C088-F29F-4498-A390-187505361962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D67E248-C0B8-4713-9D9A-47097885A2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B32436EE-DA64-41AD-B967-26C6D4973FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CF46E50D-AE29-49FD-884B-488D9EB879D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77B23E85-8167-4B17-8D76-BD807067BB4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8355C16E-16D4-4A68-BFD3-125892E3FA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85FFA753-4B14-4B52-941F-C33D41451EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B99FD006-688D-43BB-901A-FB9192157947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD582A1-DCCF-4D54-8177-45E861A0C263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E5AF4FAA-A591-43FB-A9B1-FD47EF0AC622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC3F8EA-BE60-4EAB-A9B9-DB1368B5430C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "C0D13359-AC5F-40CB-B906-8E03526CE045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A5E92FB2-7C21-4F06-AE3F-562551A758AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D213529E-33EF-43D1-A673-3C94191427D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6539E09-4DC5-4C53-AFF1-70D06BBA9E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "52D8DF08-AE73-4529-B212-CA31F02A719E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "EA054FCE-FABC-4EB5-9759-F77C6F250B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5DDFC6-4EDF-452A-B561-C9115D91FB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc0:*:*:*:*:*:*",
"matchCriteriaId": "2BCC9FF2-71D7-4873-AE3C-432EFBE642BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1DBAB61-4BFB-4664-98CF-77C617F982A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8A7580C2-44DE-48E5-AC26-A221537C95D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54E04A5E-BE90-4A31-8C1D-09A91DD3E7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1A52ADD6-05DE-4A16-9745-D92CD5F46502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF99954-5B94-4092-83B9-7D17EEDB30A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38A25AC3-1C81-4234-8B7E-0D59EA1F103B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "93E670B7-6956-4A13-A2A8-F675C0B093FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "23F1C64E-1446-409D-9F53-1C03724A10E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8E8FCF-4358-42D9-8C04-EBF78CC21583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E044E615-78CC-49BD-87D6-06710D857AB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8A1D2576-41C9-433A-B483-BE11A2E08B27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.5:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC45A04-5E81-4938-A247-A31E826FDABA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.5:rc1:*:*:*:*:*:*",
"matchCriteriaId": "74DDAB7D-1344-4C2E-B39D-05D2B9770333",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.5:rc2:*:*:*:*:*:*",
"matchCriteriaId": "B8197E63-97EE-471C-B6A8-F2FFA9841515",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93813F8D-F22F-43E3-B894-BEB7FA6204F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B280339A-1CED-4FBD-8B3C-A48B07FE9BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC85766E-3A59-4711-85C9-62AC01F2A87D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC9AA38-4A25-4825-9EDD-E93353A8B195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "388E8952-47B7-426E-AE35-0216FD60CC8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "105AB2DD-5E61-4369-8383-B7BF13B85444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2F4C5C-2B56-450A-813F-254019FBB854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "226424B4-7299-4E28-BBB1-0FCC9E2602E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C16C918C-A1C4-425B-9C0C-B239B3482A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5393E265-60C1-43A6-9EFE-505A115053DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD50D93-8395-4698-A12B-D9CAAB022BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.11:*:*:*:*:*:*:*",
"matchCriteriaId": "04EE04B4-71DD-4A87-BA2D-79954AEF5DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A968B30-8456-49C2-A9B0-6CF55CB3C7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "66BF9787-C734-43DA-B8BF-FF6D6F4E802A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D94BF151-572F-4C50-8E47-9B8BCDD16A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5114F054-E5AF-4905-83DD-459E1D56B5DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91B91435-67DA-49E1-A37F-7839728F17BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "18CB92C4-A966-48F6-8B52-355A39A86F2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "851028B9-65A4-4A4F-9C40-930B0B9A8797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9F8228A7-A933-470A-A72F-14B7F15C20EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AD4720-7A84-4D02-8DDC-1B91A08D98D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "C4D8DBCF-CB0C-4E5C-8CE0-F43A4769463C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "72589C2C-9ACC-4A48-8CCA-FD5410A51FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47B99644-442E-457D-A934-521E82F5DA22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "7EE0482C-9845-4CEA-9E22-E74B6A44537D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "A4B961F2-346B-4459-8363-B3C7CA6F17D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "02575484-8DC7-4B4D-8CA0-2766A47CFC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5A3CE102-2E66-4720-A1E6-7C937245BF15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4FE375DE-45CF-4867-BCA8-2655CA5CE06F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "189AEAEA-5853-4597-BF3C-82B2942CD62B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D385CF65-BE9E-4269-A558-D67C037F3662",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ED8BF0A6-90DE-4B43-9D5B-52D1E2FDDC16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.6:*:*:*:*:*:*:*",
"matchCriteriaId": "94D93987-6891-4003-9FDA-5E0E31E6CDB6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.7:*:*:*:*:*:*:*",
"matchCriteriaId": "3935C006-C2D5-4568-BCA7-C949E2DF6DE0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3EDE7322-68A5-4924-9612-B1D3B72809FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.15.9:*:*:*:*:*:*:*",
"matchCriteriaId": "7C5044A2-8BE6-4319-B042-B64B5FACE926",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E3D711-A503-480F-B1EC-EC433F7DD644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "99D451CD-5278-4501-A0D2-1419A9ACB619",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "E2B2BDE6-597D-4C7F-AE7F-3D7A64813336",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38179468-F93E-4E3C-8213-5F4A903B186A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE4A28C-360F-4527-B596-7467FF10579F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "45C4E830-5173-41C4-8E06-D17F0BDA8774",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1857347B-E3A5-41BA-B6CB-1D9C2AA27BAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7D119DB-B1C8-406E-8E2E-5BAC3BC61206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2FA9232E-21A1-43E8-8BFB-031A2904331F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CB99136F-4B16-4C3C-84FE-8A49DC545694",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A0D9FB9B-1CEE-4360-B92C-7CE69160CF70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.4:*:*:*:*:*:*:*",
"matchCriteriaId": "532B5841-0249-4EDE-AA52-292150DEC0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E84E6D66-D4EC-47DF-9C80-5D1F41545ADF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.6:*:*:*:*:*:*:*",
"matchCriteriaId": "CB61BB5A-BE61-4BB6-9CF1-48947C780F15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.7:*:*:*:*:*:*:*",
"matchCriteriaId": "8240432C-DBFB-4977-8562-3F225BA745A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "596EA807-1994-4282-80EF-47F7C784327B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.8:*:*:*:*:*:*:*",
"matchCriteriaId": "910E6121-7D96-492D-8E23-A6C87E463C65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.9:*:*:*:*:*:*:*",
"matchCriteriaId": "C7F6649D-36EF-4F8C-A831-1A03854ECF6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "255CF66E-6FAA-4723-82DC-389449904ED7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.17.11:*:*:*:*:*:*:*",
"matchCriteriaId": "F1D6FC93-97C7-4B17-81CF-CCDAA4C6AE9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "41488C64-89AF-47DE-9B7E-E0CE4E417E69",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2685AEF2-D96C-4571-A4D3-B95496D1ECD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "83066A81-9B80-478D-BAA2-614655272226",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "6819B0BE-16FA-4FFD-8EBB-43725162C4FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "C103F31D-1C0D-49A3-9639-E294BFCCC070",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B398B96D-0C50-4FCE-9819-BC599ECB2208",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "092191BC-4135-4437-84CF-F2E8C3FC1E47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "D731DA65-C2C1-4954-92CB-B0DD9042E247",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.2:rc2:*:*:*:*:*:*",
"matchCriteriaId": "7DB4CB39-5A63-4D97-A5C3-CF61F7E171A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.2:rc3:*:*:*:*:*:*",
"matchCriteriaId": "EF7EB508-710C-4064-9C94-3558C4AB43FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.2:rc4:*:*:*:*:*:*",
"matchCriteriaId": "42DF1C61-82E5-4D84-A027-1CFDB4F9DD02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C09081B7-56AC-4D30-BC39-5FC5503DAB2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "40A7771E-C770-4494-9DB2-15E7F8D15C47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D4C89268-1858-4F09-AF4E-5BB2CB8794CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.18.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5E931F-85AB-4D99-BDC4-80C666187C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "277580B4-8F5E-43A3-A9A9-46D2D3E30BBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C745ED42-1290-4AF4-9A64-1D681DE392DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "17CAEB2B-2F87-43CF-AA6D-DED035CF340C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9CAE1166-C49F-47D2-9235-0BC6CCC92FC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1D8E733A-F9AA-4A17-89E4-F3F25732A198",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17AA261B-1CBD-4052-923C-3964B53EB740",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.6:*:*:*:*:*:*:*",
"matchCriteriaId": "4B664952-4144-4D7A-B841-949ED6BE7397",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.7:*:*:*:*:*:*:*",
"matchCriteriaId": "87F7FEDE-D7F4-4B73-A7A7-D65F1AFFEC41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.8:*:*:*:*:*:*:*",
"matchCriteriaId": "2C1FF482-9D80-4695-936E-0AAB3CB37072",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.9:*:*:*:*:*:*:*",
"matchCriteriaId": "3FD3F63E-9A8F-4A6C-90BA-8C9D7ADE7B43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4D2BDD85-7ABB-4E73-B2BD-F3796DF137F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.19.11:*:*:*:*:*:*:*",
"matchCriteriaId": "1F82F7EA-48CE-4EDC-8C91-B1E1CA9CF213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "069761F3-ADA6-4F9A-A42D-9CBFCA3329C1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "CD42D433-7822-4697-BE03-2867134DF70B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5F67D144-A456-4A54-899A-77B15A2D6B17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1B6F92DD-B408-4826-9407-80E157B12839",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "63892648-AC91-41FE-8258-83FBE6BEC019",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.2:*:*:*:*:*:*:*",
"matchCriteriaId": "971901BB-B633-4F51-9E36-BBA997278DA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E5D07F59-CCBB-4372-ABFB-8C6E3509FC52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2C0993E1-AF16-4D43-ACF1-7A1D8C1914FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "88D6873B-B718-4BA3-875F-AF2247D1DECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.20.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3EDCDB3E-4710-4FFD-AF24-FE3F06B75ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "99267332-20F0-416B-8F01-ED45280BD2F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4F7AE652-51F8-4C37-B7CE-04A82202A723",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B8F82B8B-1B85-4742-8ACE-5B46DD59A39F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.3:*:*:*:*:*:*:*",
"matchCriteriaId": "9A0B035B-B17C-4A1E-ADF1-1F90F65120C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B28B883C-BB67-4775-B17A-2A01E0468350",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.5:*:*:*:*:*:*:*",
"matchCriteriaId": "917BF173-034B-4085-AB67-10EA9B770E0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.6:*:*:*:*:*:*:*",
"matchCriteriaId": "94C06A0B-5A3A-48B5-8E39-42F5C9CEF193",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6F242F60-5267-4B30-90E7-BAE119AE0B00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.8:*:*:*:*:*:*:*",
"matchCriteriaId": "185BCB23-EC77-41CD-A75D-25B2A351A72D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.9:*:*:*:*:*:*:*",
"matchCriteriaId": "38513AFB-DB85-44C2-93CC-199A2759ACA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.10:*:*:*:*:*:*:*",
"matchCriteriaId": "51F325D8-6BAC-4CDE-A6A7-9DE8E7F8E6B0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.21.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E146059C-714F-4DF5-A9DA-A9672F7BA1FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88FABC18-1DEB-4732-9E0C-B0F3DE4EEAD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "9E09087D-3852-426A-A5E1-0081DFC17F91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DE19639C-2939-45E6-9977-930E1D68E1A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E31817-A94D-48DE-A81E-2417AF5FA775",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F0DC1981-0997-4B3E-9058-611F7D0789C3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "C6131602-C488-4932-8FE1-0CCA24E9F917",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.1:rc3:*:*:*:*:*:*",
"matchCriteriaId": "46A8B43D-4177-4258-A2EC-DE7AEA366B31",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.1:rc4:*:*:*:*:*:*",
"matchCriteriaId": "81991993-3AFC-4462-8707-1B5CD796B500",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F6F2E723-9520-4BAC-BD22-58D8042965A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "BA0E5830-4D61-43A9-AC9C-14338553EF68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.22.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "F4192D6D-5466-47B5-9733-02F95CE0AAE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D972BFFE-84F9-47D0-B8F2-E1817DA8732D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.24.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "6D504C3E-EEEA-4023-89C3-FCEC0B763E76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.24.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "19D5E676-9653-4B39-9C51-3A249724EF06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.24.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "300C59DD-95F7-49B9-833D-3463F6F98701",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.24.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "7EB29593-0EEB-4F28-8293-6D1CC0A99887",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.24.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "CB12C8AF-9C04-4581-895E-D684C759F657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.24.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "3C7CC6EC-E04C-47E3-B350-7171A7B7CD0D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:spamassassin:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3B11FE5D-8764-42A3-A534-0EBA21F550D6",
"versionEndExcluding": "3.4.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory."
},
{
"lang": "es",
"value": "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL y (25) utils/splain.PL en Perl 5.x en versiones anteriores a 5.22.3-RC2 y 5.24 en versiones anteriores a 5.24.1 1-RC2 no elimina adecuadamente caracteres . (period) del final de la matriz de directorio incluida, lo que podr\u00eda permitir a usuarios locales obtener privilegios a trav\u00e9s de un m\u00f3dulo Troyano bajo el directorio de trabajo actual."
}
],
"id": "CVE-2016-1238",
"lastModified": "2024-11-21T02:46:00.810",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-08-02T14:59:00.130",
"references": [
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking"
],
"url": "http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3628"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92136"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036440"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"source": "security@debian.org",
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"source": "security@debian.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/"
},
{
"source": "security@debian.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/"
},
{
"source": "security@debian.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/"
},
{
"source": "security@debian.org",
"tags": [
"Permissions Required"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=127834"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2016/dsa-3628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/92136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1036440"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=127834"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/201812-07"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-07 21:29
Modified
2024-11-21 03:55
Severity ?
Summary
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | * | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| debian | debian_linux | 9.0 | |
| netapp | e-series_santricity_os_controller | * | |
| netapp | snap_creator_framework | - | |
| netapp | snapcenter | - | |
| netapp | snapdrive | - | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 7.4 | |
| redhat | enterprise_linux | 7.5 | |
| redhat | enterprise_linux | 7.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0FEAD21-C9A0-40F3-8F2E-489750B07760",
"versionEndExcluding": "5.26.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C82200F-A26E-4AD4-82FF-DC5601A28D52",
"versionEndIncluding": "11.40",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
"matchCriteriaId": "61D7EF01-F618-497F-9375-8003CEA3D380",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "041F9200-4C01-4187-AE34-240E8277B54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB48767-F095-444F-9E05-D9AC345AB803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6FA12B-504C-4DBF-A32E-0548557AA2ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations."
},
{
"lang": "es",
"value": "Perl, en versiones anteriores a la 5.26.3, tiene un desbordamiento de b\u00fafer mediante una expresi\u00f3n regular manipulada que desencadena operaciones inv\u00e1lidas de escritura."
}
],
"id": "CVE-2018-18314",
"lastModified": "2024-11-21T03:55:41.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-07T21:29:00.920",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106145"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646751"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://rt.perl.org/Ticket/Display.html?id=131649"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://rt.perl.org/Ticket/Display.html?id=131649"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-01 17:30
Modified
2024-11-21 00:53
Severity ?
Summary
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E98D2706-99B7-4153-925B-77A8CECD7CFB",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:file\\:\\:path:1.08:*:*:*:*:*:*:*",
"matchCriteriaId": "EA2DEBED-F663-4F03-A7AA-601293DE48BE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions."
},
{
"lang": "es",
"value": "Condici\u00f3n de carrera en la funci\u00f3n rmtree en File::Path 1.08 (lib/File/Path.pm) en Perl 5.8.8 permite a usuarios locales borrar archivos arbitrarios a trav\u00e9s de un ataque de enlace simb\u00f3lico, una vulnerabilidad diferente a CVE-2005-0448, CVE-2004-0452 y CVE-2008-2827. NOTA: esto es un error de regresi\u00f3n relacionado con CVE-2005-0448. Es diferente a CVE-2008-5302 debido a las versiones afectadas."
}
],
"id": "CVE-2008-5303",
"lastModified": "2024-11-21T00:53:46.777",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-12-01T17:30:01.483",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905"
},
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32980"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33314"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/40052"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT4077"
},
{
"source": "cve@mitre.org",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1678"
},
{
"source": "cve@mitre.org",
"url": "http://www.gossamer-threads.com/lists/perl/porters/233695#233695"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47044"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6680"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32980"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33314"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/40052"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT4077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1678"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gossamer-threads.com/lists/perl/porters/233695#233695"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47044"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9699"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "This issue has been addressed in perl packages as shipped in Red Hat Enterprise Linux 3 and 4 via https://rhn.redhat.com/errata/RHSA-2010-0457.html and Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0458.html.\n",
"lastModified": "2010-06-07T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-362"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-03-14 03:13
Modified
2024-11-21 01:50
Severity ?
Summary
The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | 5.8.2 | |
| perl | perl | 5.8.3 | |
| perl | perl | 5.8.4 | |
| perl | perl | 5.8.5 | |
| perl | perl | 5.8.6 | |
| perl | perl | 5.8.7 | |
| perl | perl | 5.8.8 | |
| perl | perl | 5.8.9 | |
| perl | perl | 5.8.10 | |
| perl | perl | 5.10 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.11.0 | |
| perl | perl | 5.11.1 | |
| perl | perl | 5.11.2 | |
| perl | perl | 5.11.3 | |
| perl | perl | 5.11.4 | |
| perl | perl | 5.11.5 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.4 | |
| perl | perl | 5.13.0 | |
| perl | perl | 5.13.1 | |
| perl | perl | 5.13.2 | |
| perl | perl | 5.13.3 | |
| perl | perl | 5.13.4 | |
| perl | perl | 5.13.5 | |
| perl | perl | 5.13.6 | |
| perl | perl | 5.13.7 | |
| perl | perl | 5.13.8 | |
| perl | perl | 5.13.9 | |
| perl | perl | 5.13.10 | |
| perl | perl | 5.13.11 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.1 | |
| perl | perl | 5.14.2 | |
| perl | perl | 5.14.3 | |
| perl | perl | 5.16.0 | |
| perl | perl | 5.16.1 | |
| perl | perl | 5.16.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B34EA51-64A3-483A-AF99-01358F6BE8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E0DBA5-360F-463E-A840-365168A1FCC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA80F25-A108-4B65-BE25-56DE17B930EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ECB2B6E2-890E-4B6E-833F-DF40E6D77E22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53F0358E-0722-48A6-A2C6-470229602089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8DFDF97-EF44-448F-A5CA-021B2D64605F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E98D2706-99B7-4153-925B-77A8CECD7CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B10AD15E-6275-48AB-8757-FB5A735C82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7B358BF3-55AC-477E-A4B5-3960C449C011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "777EC860-FB16-4B15-A8BE-3EAE9FD8A99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B84C088-F29F-4498-A390-187505361962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17E86767-47EB-4A39-B8E1-A4B9AB4BC20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DB77E3D6-9F24-4C51-86E4-CD014DF0F66E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D67E248-C0B8-4713-9D9A-47097885A2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B32436EE-DA64-41AD-B967-26C6D4973FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CF46E50D-AE29-49FD-884B-488D9EB879D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77B23E85-8167-4B17-8D76-BD807067BB4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8355C16E-16D4-4A68-BFD3-125892E3FA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85FFA753-4B14-4B52-941F-C33D41451EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B99FD006-688D-43BB-901A-FB9192157947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD582A1-DCCF-4D54-8177-45E861A0C263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E5AF4FAA-A591-43FB-A9B1-FD47EF0AC622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC3F8EA-BE60-4EAB-A9B9-DB1368B5430C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "C0D13359-AC5F-40CB-B906-8E03526CE045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A5E92FB2-7C21-4F06-AE3F-562551A758AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D213529E-33EF-43D1-A673-3C94191427D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6539E09-4DC5-4C53-AFF1-70D06BBA9E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "52D8DF08-AE73-4529-B212-CA31F02A719E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "EA054FCE-FABC-4EB5-9759-F77C6F250B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5DDFC6-4EDF-452A-B561-C9115D91FB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1DBAB61-4BFB-4664-98CF-77C617F982A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8A7580C2-44DE-48E5-AC26-A221537C95D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54E04A5E-BE90-4A31-8C1D-09A91DD3E7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1A52ADD6-05DE-4A16-9745-D92CD5F46502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF99954-5B94-4092-83B9-7D17EEDB30A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38A25AC3-1C81-4234-8B7E-0D59EA1F103B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "93E670B7-6956-4A13-A2A8-F675C0B093FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "23F1C64E-1446-409D-9F53-1C03724A10E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.4:*:*:*:*:*:*:*",
"matchCriteriaId": "7A8E8FCF-4358-42D9-8C04-EBF78CC21583",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93813F8D-F22F-43E3-B894-BEB7FA6204F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B280339A-1CED-4FBD-8B3C-A48B07FE9BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC85766E-3A59-4711-85C9-62AC01F2A87D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC9AA38-4A25-4825-9EDD-E93353A8B195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "388E8952-47B7-426E-AE35-0216FD60CC8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "105AB2DD-5E61-4369-8383-B7BF13B85444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2F4C5C-2B56-450A-813F-254019FBB854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "226424B4-7299-4E28-BBB1-0FCC9E2602E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C16C918C-A1C4-425B-9C0C-B239B3482A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5393E265-60C1-43A6-9EFE-505A115053DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD50D93-8395-4698-A12B-D9CAAB022BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.11:*:*:*:*:*:*:*",
"matchCriteriaId": "04EE04B4-71DD-4A87-BA2D-79954AEF5DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A968B30-8456-49C2-A9B0-6CF55CB3C7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "66BF9787-C734-43DA-B8BF-FF6D6F4E802A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D94BF151-572F-4C50-8E47-9B8BCDD16A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5114F054-E5AF-4905-83DD-459E1D56B5DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "91B91435-67DA-49E1-A37F-7839728F17BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.2:*:*:*:*:*:*:*",
"matchCriteriaId": "851028B9-65A4-4A4F-9C40-930B0B9A8797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F7AD4720-7A84-4D02-8DDC-1B91A08D98D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9E3D711-A503-480F-B1EC-EC433F7DD644",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "38179468-F93E-4E3C-8213-5F4A903B186A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE4A28C-360F-4527-B596-7467FF10579F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key."
},
{
"lang": "es",
"value": "El mecanismo de rehash en Perl v5.8.2 a trav\u00e9s v5.16.x permite a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (consumo de memoria y ca\u00edda) mediante una tecla de almohadilla dise\u00f1ada."
}
],
"id": "CVE-2013-1667",
"lastModified": "2024-11-21T01:50:06.830",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-03-14T03:13:36.873",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "cve@mitre.org",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=137891988921058\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=137891988921058\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/90892"
},
{
"source": "cve@mitre.org",
"url": "http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5"
},
{
"source": "cve@mitre.org",
"url": "http://perl5.git.perl.org/perl.git/commitdiff/9d83adc"
},
{
"source": "cve@mitre.org",
"url": "http://perl5.git.perl.org/perl.git/commitdiff/d59e31f"
},
{
"source": "cve@mitre.org",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52472"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52499"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2013/dsa-2641"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"source": "cve@mitre.org",
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/58311"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-1770-1"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=912276"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82598"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771"
},
{
"source": "cve@mitre.org",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=137891988921058\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=137891988921058\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/90892"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://perl5.git.perl.org/perl.git/commitdiff/9d83adc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://perl5.git.perl.org/perl.git/commitdiff/d59e31f"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52472"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/52499"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2641"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/58311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-1770-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=912276"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82598"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-17 20:29
Modified
2024-11-21 04:11
Severity ?
Summary
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| perl | perl | * | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server | 7.3 | |
| redhat | enterprise_linux_server | 7.4 | |
| redhat | enterprise_linux_server | 7.5 | |
| redhat | enterprise_linux_server | 7.6 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BCC823E6-D243-4B29-99D9-5301FA579891",
"versionEndIncluding": "5.26",
"versionStartIncluding": "5.18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BB520389-84EE-477C-A9C8-74721592A320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4AB18C-40FC-4E48-830D-481A97B34256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "24D3235A-DB42-4868-90D9-712C3B3693AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5E92F9B3-3841-4C05-88F0-CEB0735EA4BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Perl 5.26. Una expresi\u00f3n regular manipulada puede provocar un desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap), con control sobre los bytes que se escriben."
}
],
"id": "CVE-2018-6797",
"lastModified": "2024-11-21T04:11:13.223",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-17T20:29:00.520",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040681"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1192"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=132227"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=132227"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-12-02 23:15
Modified
2024-11-21 08:29
Severity ?
Summary
In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "14B8DD8C-B79A-41F6-B743-6D319ACD6741",
"versionEndExcluding": "5.38.2",
"versionStartIncluding": "5.30.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \\p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0."
},
{
"lang": "es",
"value": "En Perl anterior a 5.38.2, S_parse_uniprop_string en regcomp.c puede escribir en espacio no asignado porque un nombre de propiedad asociado con una construcci\u00f3n de expresi\u00f3n regular \\p{...} est\u00e1 mal manejado. La primera versi\u00f3n afectada es la 5.30.0."
}
],
"id": "CVE-2023-47100",
"lastModified": "2024-11-21T08:29:46.307",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-12-02T23:15:07.187",
"references": [
{
"source": "cve@mitre.org",
"url": "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-755"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-05 14:15
Modified
2024-11-21 04:55
Severity ?
Summary
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:x86:*",
"matchCriteriaId": "FF17E933-217A-4DDA-91C2-FEF2739550A1",
"versionEndExcluding": "5.30.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ECD5E79-5C1B-42E9-BE0B-A034EE2D632D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C88D46AF-459D-4917-9403-0F63FEC83512",
"versionEndIncluding": "8.5.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0E3537-CB5A-40BF-B42C-CED9211B8892",
"versionEndIncluding": "16.4.0",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "996861FC-0089-4BED-8E46-F2B76037EA65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "37764AF5-E42E-461E-AA43-763D21B3DCE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.7:*:*:*:*:*:*:*",
"matchCriteriaId": "879FE18D-6B1C-4CF7-B409-C379E9F60D0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BE3FB3-5619-4381-BE4E-FBADB3C747F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB3C447-DA3F-44FF-91FD-8985C0527940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "806AF4AF-12FB-4222-84E4-BC9D44EFF09F",
"versionEndIncluding": "13.4",
"versionStartIncluding": "13.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49ACFC73-A509-4D1C-8FC3-F68F495AB055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "977CA754-6CE0-4FCB-9683-D81B7A15449D",
"versionEndIncluding": "10.3.0.2.1",
"versionStartIncluding": "10.3.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29A3F7EF-2A69-427F-9F75-DDDBEE34BA2B",
"versionEndIncluding": "10.4.0.3.1",
"versionStartIncluding": "10.4.0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B49D71-6A31-497A-B6A9-06E84F086E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "495DECD7-B14F-4D59-B3E1-30BF9B267475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "78C99571-0F3C-43E6-84B3-7D80E045EF8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77E39D5C-5EFA-4FEB-909E-0A92004F2563",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06816711-7C49-47B9-A9D7-FB18CC3F42F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26F05F85-7458-4C8F-B93F-93C92E506A40",
"versionEndIncluding": "7.7.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow."
},
{
"lang": "es",
"value": "Perl versiones anteriores a 5.30.3 en plataformas de 32 bits permite un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria porque los cuantificadores de expresiones regulares anidadas presentan un desbordamiento de enteros"
}
],
"id": "CVE-2020-10543",
"lastModified": "2024-11-21T04:55:32.927",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-05T14:15:10.467",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2015-08-16 23:59
Modified
2024-11-21 02:00
Severity ?
Summary
Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7883E465-932D-4C11-AA54-97E44181F906",
"versionEndIncluding": "10.10.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.18.4:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5E931F-85AB-4D99-BDC4-80C666187C26",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression."
},
{
"lang": "es",
"value": "Desbordamiento inferior de enteros en regcomp.c en Perl en versiones anteriores a 5.20, tal como se utiliza en Apple OS X en versiones anteriores a 10.10.5 y otros productos, permite a atacantes dependientes del contexto ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una cadena larga de d\u00edgitos asociados con una referencia inversa no v\u00e1lida dentro de una expresi\u00f3n regular."
}
],
"id": "CVE-2013-7422",
"lastModified": "2024-11-21T02:00:58.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-08-16T23:59:00.097",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"source": "secalert@redhat.com",
"url": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/75704"
},
{
"source": "secalert@redhat.com",
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201507-11"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/75704"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201507-11"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/kb/HT205031"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-09-30 16:55
Modified
2024-11-21 02:09
Severity ?
Summary
The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | * | |
| data_dumper_project | data_dumper | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "77A06910-39E5-4216-9299-BD5924666B34",
"versionEndIncluding": "5.20.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:data_dumper_project:data_dumper:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E15A758B-D662-454B-B5ED-707D4490E448",
"versionEndIncluding": "2.151",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function."
},
{
"lang": "es",
"value": "El m\u00e9todo Dumper en Data::Dumper anterior a 2.154, utilizado en Perl 5.20.1 y anteriores, permite a atacantes dependientes de contexto causar una denegaci\u00f3n de servicio (consumo de la pila y ca\u00edda) a trav\u00e9s de una referencia de array con muchas referencias de array anidadas, lo que provoca un n\u00famero grande de llamadas recursivas a la funci\u00f3n DD_dump."
}
],
"id": "CVE-2014-4330",
"lastModified": "2024-11-21T02:09:58.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-09-30T16:55:06.543",
"references": [
{
"source": "cve@mitre.org",
"url": "http://advisories.mageia.org/MGASA-2014-0406.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139441.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/128422/Perl-5.20.1-Deep-Recursion-Stack-Overflow.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/84"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://seclists.org/oss-sec/2014/q3/692"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/61441"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/61961"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:136"
},
{
"source": "cve@mitre.org",
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2014/09/msg220118.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/533543/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/70142"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96216"
},
{
"source": "cve@mitre.org",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"source": "cve@mitre.org",
"url": "https://metacpan.org/pod/distribution/Data-Dumper/Changes"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://www.lsexperts.de/advisories/lse-2014-06-10.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://advisories.mageia.org/MGASA-2014-0406.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139441.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://packetstormsecurity.com/files/128422/Perl-5.20.1-Deep-Recursion-Stack-Overflow.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/84"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://seclists.org/oss-sec/2014/q3/692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61441"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/61961"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2014/09/msg220118.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/533543/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/70142"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://metacpan.org/pod/distribution/Data-Dumper/Changes"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://www.lsexperts.de/advisories/lse-2014-06-10.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-10-10 10:55
Modified
2024-11-21 01:30
Severity ?
Summary
The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| adam_kennedy | crypt-dsa | * | |
| adam_kennedy | crypt-dsa | 0.01 | |
| adam_kennedy | crypt-dsa | 0.02 | |
| adam_kennedy | crypt-dsa | 0.03 | |
| adam_kennedy | crypt-dsa | 0.10 | |
| adam_kennedy | crypt-dsa | 0.11 | |
| adam_kennedy | crypt-dsa | 0.12 | |
| adam_kennedy | crypt-dsa | 0.13 | |
| adam_kennedy | crypt-dsa | 0.14 | |
| adam_kennedy | crypt-dsa | 0.15_01 | |
| adam_kennedy | crypt-dsa | 1.16 | |
| perl | perl | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A6291000-01BD-4677-A83E-5AD03CA19ED8",
"versionEndIncluding": "1.17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.01:*:*:*:*:*:*:*",
"matchCriteriaId": "380B4E21-01EE-4AA7-8C3C-8FF9109AC13E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.02:*:*:*:*:*:*:*",
"matchCriteriaId": "64C17BCB-BEFB-463B-9E19-E534739B6143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.03:*:*:*:*:*:*:*",
"matchCriteriaId": "C26BED95-412E-479F-8876-DEB487954F3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B8FD92-1C81-4115-82AA-07340ED8788F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "0FC2BBA6-1432-42A0-B8B3-6D79C2881543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "5A7EE54C-6B92-48AC-A512-DF3F410034F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "D6EE4E97-1BCC-482C-9977-DC57B7E19A59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4D590C83-D144-413B-811C-11E9D19BC0AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:0.15_01:*:*:*:*:*:*:*",
"matchCriteriaId": "C14C8C9F-BF85-4921-B017-2E3E63AC1FD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:adam_kennedy:crypt-dsa:1.16:*:*:*:*:*:*:*",
"matchCriteriaId": "066E1B1A-589B-47E2-AD79-BD24FEF94DBD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB490BCA-8592-4324-BCE3-396BFD647D5E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack."
},
{
"lang": "es",
"value": "El m\u00f3dulo Crypt::DSA (tambi\u00e9n conocido como Crypt-DSA) v1.17 y anterior para Perl, cuando /dev/random est\u00e1 ausente, usa el m\u00f3dulo Data::Random, lo que hace m\u00e1s f\u00e1cil para atacantes remotos falsificar la firma, o determinar una clave de firma en un mensaje firmado, a trav\u00e9s de un ataque de fuerza bruta."
}
],
"id": "CVE-2011-3599",
"lastModified": "2024-11-21T01:30:49.563",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-10-10T10:55:06.863",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://osvdb.org/76025"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46275"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/9"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/49928"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743567"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=71421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/76025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46275"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/9"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=71421"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-12-07 21:29
Modified
2024-11-21 03:55
Severity ?
Summary
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | * | |
| perl | perl | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| netapp | e-series_santricity_os_controller | - | |
| netapp | snap_creator_framework | - | |
| netapp | snapcenter | - | |
| netapp | snapdriver | - | |
| redhat | openshift_container_platform | 3.11 | |
| redhat | enterprise_linux | 6.0 | |
| redhat | enterprise_linux | 7.0 | |
| redhat | enterprise_linux | 7.4 | |
| redhat | enterprise_linux | 7.5 | |
| redhat | enterprise_linux | 7.6 | |
| redhat | enterprise_linux_desktop | 7.0 | |
| redhat | enterprise_linux_eus | 7.6 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server_aus | 7.6 | |
| redhat | enterprise_linux_server_tus | 7.6 | |
| redhat | enterprise_linux_workstation | 7.0 | |
| apple | mac_os_x | * | |
| fedoraproject | fedora | 29 | |
| mcafee | web_gateway | * | |
| mcafee | web_gateway | * | |
| mcafee | web_gateway | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0FEAD21-C9A0-40F3-8F2E-489750B07760",
"versionEndExcluding": "5.26.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "054E1C6A-1EC3-4877-839C-1C28FCEC501A",
"versionEndExcluding": "5.28.1",
"versionStartIncluding": "5.28.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2EBD848-26BA-4EF6-81C8-83B6DFFC75DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapdriver:-:*:*:*:*:unix:*:*",
"matchCriteriaId": "19F76A75-CFAE-4E1B-A845-E9E2E236C5DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "041F9200-4C01-4187-AE34-240E8277B54D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4EB48767-F095-444F-9E05-D9AC345AB803",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5F6FA12B-504C-4DBF-A32E-0548557AA2ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"matchCriteriaId": "09CDBB72-2A0D-4321-BA1F-4FB326A5646A",
"versionEndExcluding": "10.14.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0F4117D-97ED-4DD8-843F-F4147342AAE0",
"versionEndExcluding": "7.7.2.21",
"versionStartIncluding": "7.7.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "70504EAB-FC1C-4E0B-859E-49BD13685E13",
"versionEndExcluding": "7.8.2.8",
"versionStartIncluding": "7.8.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9D943214-14D8-47BC-BCF4-76B78EE95028",
"versionEndExcluding": "8.1.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations."
},
{
"lang": "es",
"value": "Perl, en versiones anteriores a la 5.26.3 y versiones 5.28.0.x anteriores a la 5.28.1, tiene un desbordamiento de b\u00fafer mediante una expresi\u00f3n regular manipulada que desencadena operaciones inv\u00e1lidas de escritura."
}
],
"id": "CVE-2018-18311",
"lastModified": "2024-11-21T03:55:40.773",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-12-07T21:29:00.407",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106145"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0109"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:1790"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:1942"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2019:2400"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646730"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.28.1"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://rt.perl.org/Ticket/Display.html?id=133204"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3834-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106145"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0109"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:1790"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:1942"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2019:2400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646730"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.28.1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://rt.perl.org/Ticket/Display.html?id=133204"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3834-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
},
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2009-08-19 17:30
Modified
2024-11-21 01:03
Severity ?
Summary
Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| bzip | compress-raw-bzip2 | * | |
| bzip | compress-raw-bzip2 | 2.0.00_10 | |
| bzip | compress-raw-bzip2 | 2.0.00_12 | |
| bzip | compress-raw-bzip2 | 2.0.00_14 | |
| bzip | compress-raw-bzip2 | 2.0.01 | |
| bzip | compress-raw-bzip2 | 2.0.02 | |
| bzip | compress-raw-bzip2 | 2.0.03 | |
| bzip | compress-raw-bzip2 | 2.0.05 | |
| bzip | compress-raw-bzip2 | 2.0.06 | |
| bzip | compress-raw-bzip2 | 2.0.08 | |
| bzip | compress-raw-bzip2 | 2.0.09 | |
| bzip | compress-raw-bzip2 | 2.010 | |
| bzip | compress-raw-bzip2 | 2.011 | |
| bzip | compress-raw-bzip2 | 2.012 | |
| bzip | compress-raw-bzip2 | 2.014 | |
| bzip | compress-raw-bzip2 | 2.015 | |
| perl | perl | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6C58C65A-621E-4EF4-ACD2-2B26ED08EA48",
"versionEndIncluding": "2.017",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.00_10:*:*:*:*:*:*:*",
"matchCriteriaId": "60FA80AE-D536-4323-9628-514C262DA129",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.00_12:*:*:*:*:*:*:*",
"matchCriteriaId": "B324E22C-0273-42C5-BF76-4C54AF6578A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.00_14:*:*:*:*:*:*:*",
"matchCriteriaId": "CD46A223-9CB9-48A4-B52D-8621B87AAAA2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.01:*:*:*:*:*:*:*",
"matchCriteriaId": "B51D3C0F-0537-4240-841B-70B21DBD4C03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.02:*:*:*:*:*:*:*",
"matchCriteriaId": "3D5A547D-5E85-4257-A71D-63078C5FF30A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.03:*:*:*:*:*:*:*",
"matchCriteriaId": "86CB8226-B0EC-4CB9-9678-6B127679A31A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.05:*:*:*:*:*:*:*",
"matchCriteriaId": "2F2C6E05-1CD8-4450-A101-3C2270A64B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.06:*:*:*:*:*:*:*",
"matchCriteriaId": "D38E1A94-AA44-48AE-84A4-5C64451DFE96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.08:*:*:*:*:*:*:*",
"matchCriteriaId": "79442C31-96B2-4CEA-9AEB-DB7F332E938C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.0.09:*:*:*:*:*:*:*",
"matchCriteriaId": "802DF28F-724C-49E8-920E-E6CBA8E296DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.010:*:*:*:*:*:*:*",
"matchCriteriaId": "C5C1D31B-123E-4294-81B6-46E4241C16DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.011:*:*:*:*:*:*:*",
"matchCriteriaId": "A3F7EC80-16B6-4754-A8BE-28782D2FDC86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.012:*:*:*:*:*:*:*",
"matchCriteriaId": "9FA78C9F-1925-4435-BFBD-129836C12238",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.014:*:*:*:*:*:*:*",
"matchCriteriaId": "8E299424-8560-4DCF-BDC1-8F88F0E7E8DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:bzip:compress-raw-bzip2:2.015:*:*:*:*:*:*:*",
"matchCriteriaId": "3026DDC6-DDCF-4244-A657-B45FAA6E4942",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB490BCA-8592-4324-BCE3-396BFD647D5E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391."
},
{
"lang": "es",
"value": "Error de superaci\u00f3n de l\u00edmite (Off-by-one) en la funci\u00f3n bzinflate en Bzip2.xs en el m\u00f3dulo Compress-Raw-Bzip2 anterior a v2.018 para Perl permite a atacantes dependientes de contexto producir una denegaci\u00f3n de servicio (cuelgue de aplicaci\u00f3n o ca\u00edda) a trav\u00e9s de un stream comprimido de bzip2 que inicia un desbordamiento de b\u00fafer, una situaci\u00f3n parecida a CVE-2009-1391."
}
],
"id": "CVE-2009-1884",
"lastModified": "2024-11-21T01:03:37.090",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-08-19T17:30:00.953",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36386"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/36415"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200908-07.xml"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36082"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=281955"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=518278"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52628"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00982.html"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00999.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/36386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/36415"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200908-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/36082"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.gentoo.org/show_bug.cgi?id=281955"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=518278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52628"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00982.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00999.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-04-11 18:55
Modified
2024-11-21 01:26
Severity ?
Summary
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.13.0 | |
| perl | perl | 5.13.1 | |
| perl | perl | 5.13.2 | |
| perl | perl | 5.13.3 | |
| perl | perl | 5.13.4 | |
| perl | perl | 5.13.5 | |
| perl | perl | 5.13.6 | |
| perl | perl | 5.13.7 | |
| perl | perl | 5.13.8 | |
| perl | perl | 5.13.9 | |
| perl | perl | 5.13.10 | |
| perl | perl | 5.13.11 | |
| perl | perl | 5.11.0 | |
| perl | perl | 5.11.1 | |
| perl | perl | 5.11.2 | |
| perl | perl | 5.11.3 | |
| perl | perl | 5.11.4 | |
| perl | perl | 5.11.5 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B84C088-F29F-4498-A390-187505361962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17E86767-47EB-4A39-B8E1-A4B9AB4BC20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DB77E3D6-9F24-4C51-86E4-CD014DF0F66E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D67E248-C0B8-4713-9D9A-47097885A2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B32436EE-DA64-41AD-B967-26C6D4973FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CF46E50D-AE29-49FD-884B-488D9EB879D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93813F8D-F22F-43E3-B894-BEB7FA6204F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B280339A-1CED-4FBD-8B3C-A48B07FE9BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC85766E-3A59-4711-85C9-62AC01F2A87D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC9AA38-4A25-4825-9EDD-E93353A8B195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "388E8952-47B7-426E-AE35-0216FD60CC8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "105AB2DD-5E61-4369-8383-B7BF13B85444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2F4C5C-2B56-450A-813F-254019FBB854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "226424B4-7299-4E28-BBB1-0FCC9E2602E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C16C918C-A1C4-425B-9C0C-B239B3482A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5393E265-60C1-43A6-9EFE-505A115053DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD50D93-8395-4698-A12B-D9CAAB022BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.11:*:*:*:*:*:*:*",
"matchCriteriaId": "04EE04B4-71DD-4A87-BA2D-79954AEF5DD6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77B23E85-8167-4B17-8D76-BD807067BB4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8355C16E-16D4-4A68-BFD3-125892E3FA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85FFA753-4B14-4B52-941F-C33D41451EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B99FD006-688D-43BB-901A-FB9192157947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD582A1-DCCF-4D54-8177-45E861A0C263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E5AF4FAA-A591-43FB-A9B1-FD47EF0AC622",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC3F8EA-BE60-4EAB-A9B9-DB1368B5430C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "C0D13359-AC5F-40CB-B906-8E03526CE045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A5E92FB2-7C21-4F06-AE3F-562551A758AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D213529E-33EF-43D1-A673-3C94191427D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6539E09-4DC5-4C53-AFF1-70D06BBA9E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "52D8DF08-AE73-4529-B212-CA31F02A719E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "EA054FCE-FABC-4EB5-9759-F77C6F250B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5DDFC6-4EDF-452A-B561-C9115D91FB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1DBAB61-4BFB-4664-98CF-77C617F982A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8A7580C2-44DE-48E5-AC26-A221537C95D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54E04A5E-BE90-4A31-8C1D-09A91DD3E7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1A52ADD6-05DE-4A16-9745-D92CD5F46502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF99954-5B94-4092-83B9-7D17EEDB30A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38A25AC3-1C81-4234-8B7E-0D59EA1F103B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "93E670B7-6956-4A13-A2A8-F675C0B093FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "23F1C64E-1446-409D-9F53-1C03724A10E1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string."
},
{
"lang": "es",
"value": "Las funciones (1) lc, (2) lcfirst, (3) uc, y (4) ucfirst en Perl v5.10.x, v5.11.x, y v5.12.x hasta v5.12.3, y v5.13.x hasta v5.13.11, no aplica el atributo taint para devolver el valor sobre el proceso de entrada tainted, lo que puede permitir a atacantes dependientes del contexto evitar el mecanismo de protecci\u00f3n de taint a trav\u00e9s de una cadena manipulada."
}
],
"id": "CVE-2011-1487",
"lastModified": "2024-11-21T01:26:25.570",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-04-11T18:55:03.773",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/04/01/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/04/04/35"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch"
],
"url": "http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43921"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/44168"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2011/dsa-2265"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:091"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/47124"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=692844"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=692898"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66528"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/04/01/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://openwall.com/lists/oss-security/2011/04/04/35"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/43921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/44168"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2011/dsa-2265"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/47124"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=692844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=692898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66528"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-09-14 16:05
Modified
2024-11-21 01:27
Severity ?
Summary
The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BFABCFBC-0EC9-4DF4-B36E-C657272183A1",
"versionEndIncluding": "4.66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "672D4776-8D5B-4819-8BF3-AEDF26C3D96C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DE0F8CE2-8032-4B42-954A-A2FE17756FD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.5:*:*:*:*:*:*:*",
"matchCriteriaId": "2A1F5875-286A-400B-BD54-C126DBF9208D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F4AE171E-7047-4028-8111-FBF69A2CA8BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.6:*:*:*:*:*:*:*",
"matchCriteriaId": "487D174E-2DE8-43BD-B775-2821D4664FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.7:*:*:*:*:*:*:*",
"matchCriteriaId": "564A8717-1CCE-4210-B371-610B3CF77864",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.8:*:*:*:*:*:*:*",
"matchCriteriaId": "F1260F48-15C0-4BB3-B7BF-FAE2FBD48730",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AE318DEF-513B-4B8D-A234-BE163F999615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.10:*:*:*:*:*:*:*",
"matchCriteriaId": "89D205BE-D742-4835-BA7B-858A1CE1E573",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E52CDBF8-F834-4F34-8D4A-05BDF9F0D72A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.91:*:*:*:*:*:*:*",
"matchCriteriaId": "2137D5D4-8007-454F-A212-1766B7F439F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.92:*:*:*:*:*:*:*",
"matchCriteriaId": "76788109-9544-4257-8371-07370FB6D8A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:1.93:*:*:*:*:*:*:*",
"matchCriteriaId": "405BB5BA-4723-4847-8748-61A69E7F53CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.00:*:*:*:*:*:*:*",
"matchCriteriaId": "131D4215-C4DC-4780-AA5B-06C1FEE61BE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.01:*:*:*:*:*:*:*",
"matchCriteriaId": "4AEF3AE5-D0A4-4C68-89DB-696CBB716434",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.02:*:*:*:*:*:*:*",
"matchCriteriaId": "0F844F48-EC40-422A-8088-BFC1647D6A0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.03:*:*:*:*:*:*:*",
"matchCriteriaId": "E4034AF6-877B-477D-9C89-9AF4F5A3B08A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.04:*:*:*:*:*:*:*",
"matchCriteriaId": "18F27023-9062-49BA-A8FC-52DFB1A56E70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1A409D95-DFA5-4A59-BC40-F593E280E007",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.11_01:*:*:*:*:*:*:*",
"matchCriteriaId": "76DCC3E8-9419-4359-ACA9-88B45881BC9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.11_02:*:*:*:*:*:*:*",
"matchCriteriaId": "225F296B-AA04-426D-85EE-07CF3173F8E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.11_03:*:*:*:*:*:*:*",
"matchCriteriaId": "D2B45194-6487-42A7-AF51-F065E60DF18B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:2.11_04:*:*:*:*:*:*:*",
"matchCriteriaId": "A4485908-3E21-4223-8349-3FBAD619A217",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.00:*:*:*:*:*:*:*",
"matchCriteriaId": "8998E587-98CA-4D3B-8388-45F181DAE970",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.01:*:*:*:*:*:*:*",
"matchCriteriaId": "E98A159C-36EF-4764-849E-C548639BF888",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.10:*:*:*:*:*:*:*",
"matchCriteriaId": "DCD58054-2DCB-4CAD-8C4E-22D994E59A0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.11:*:*:*:*:*:*:*",
"matchCriteriaId": "E44C0AD3-ACB5-41AD-BFF3-C3423C7438E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.12:*:*:*:*:*:*:*",
"matchCriteriaId": "18E52F34-8A1B-452B-966E-CD553580028B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.13:*:*:*:*:*:*:*",
"matchCriteriaId": "9CC2BD62-0445-415D-B8BB-37EB70F4358D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.14:*:*:*:*:*:*:*",
"matchCriteriaId": "50A22B36-721E-4D4F-B37C-52927170029A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.15:*:*:*:*:*:*:*",
"matchCriteriaId": "1C6C294C-90E6-4150-8976-508693BD3DBD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.49_1:*:*:*:*:*:*:*",
"matchCriteriaId": "D60A3C8F-E980-451B-BDF5-5D9A712BC3B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.50:*:*:*:*:*:*:*",
"matchCriteriaId": "0D4C0776-F778-47AF-9099-D7567AA72C8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.51:*:*:*:*:*:*:*",
"matchCriteriaId": "93A9749E-644A-4863-82C9-766AD7CA288D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.52:*:*:*:*:*:*:*",
"matchCriteriaId": "727FEE1D-23F9-4451-8072-34DDCBCAAE74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.53:*:*:*:*:*:*:*",
"matchCriteriaId": "AA70B179-D7EE-472B-882D-474BBBE23699",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.54:*:*:*:*:*:*:*",
"matchCriteriaId": "51CD2258-08DF-4383-9B0F-6BB15CD5A5E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.55:*:*:*:*:*:*:*",
"matchCriteriaId": "C4C966AF-A159-4B5B-B0D8-6AD08B8929C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.56:*:*:*:*:*:*:*",
"matchCriteriaId": "B3AEBE47-23B4-47A4-8E99-0008400AAF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.57:*:*:*:*:*:*:*",
"matchCriteriaId": "1870B0DC-6BD0-4EFC-8716-772730845ED0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.58:*:*:*:*:*:*:*",
"matchCriteriaId": "8D302C63-E567-4552-9850-9EDEF4C9956A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.59:*:*:*:*:*:*:*",
"matchCriteriaId": "CE55ACEB-ECC0-4F9E-BAEF-3F8F1B4FFC78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.60:*:*:*:*:*:*:*",
"matchCriteriaId": "4346B371-A067-45C5-A996-F8E9F6A64335",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.61:*:*:*:*:*:*:*",
"matchCriteriaId": "FC0B54BA-7C06-40BC-AF06-1FA8DD55EB30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.62:*:*:*:*:*:*:*",
"matchCriteriaId": "E4B664DE-93D4-4884-9DF4-5EBA1E9FDF5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:3.63:*:*:*:*:*:*:*",
"matchCriteriaId": "E48EBC0D-2B32-4478-A453-437B4708C3CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.00:*:*:*:*:*:*:*",
"matchCriteriaId": "EAA8D79F-7FD4-49ED-B862-4C5F9F69E189",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.01:*:*:*:*:*:*:*",
"matchCriteriaId": "B47A1DEE-DB01-4525-AB1F-0ECB9418FE45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.02:*:*:*:*:*:*:*",
"matchCriteriaId": "E055B23E-E478-4CE9-961C-36FAB8A2D6E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.10:*:*:*:*:*:*:*",
"matchCriteriaId": "F4C0DB0A-A0C1-47D4-A480-8CD0DA799751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.11:*:*:*:*:*:*:*",
"matchCriteriaId": "51229D5C-47E6-4DE6-8980-C9D463FBD767",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.12:*:*:*:*:*:*:*",
"matchCriteriaId": "519DC991-4D87-4BF1-84ED-DE2C0B541989",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.13:*:*:*:*:*:*:*",
"matchCriteriaId": "BD26998A-A9A2-4A19-96A4-A63F8565090C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.14:*:*:*:*:*:*:*",
"matchCriteriaId": "6487F14B-3779-4612-8582-7E8875425BF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.20:*:*:*:*:*:*:*",
"matchCriteriaId": "7BC665D0-7F02-4A50-AAB6-6D5AB6CE32A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.30:*:*:*:*:*:*:*",
"matchCriteriaId": "D91D8001-0F08-4BF6-9140-F39A94F614F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.40:*:*:*:*:*:*:*",
"matchCriteriaId": "6D3E7868-5992-491F-A17F-D60A60943912",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.49_01:*:*:*:*:*:*:*",
"matchCriteriaId": "02FA1232-DBE9-4F7F-A1E4-89E0E2A66F4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.50:*:*:*:*:*:*:*",
"matchCriteriaId": "450FCFE6-BDDD-4654-A730-798B298E6DAA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.51:*:*:*:*:*:*:*",
"matchCriteriaId": "95D6EAC7-1215-426D-BBAB-0CDFB2D9D462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.52:*:*:*:*:*:*:*",
"matchCriteriaId": "D42D9B8C-5FE3-4987-90D2-13252EF9ADE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.53:*:*:*:*:*:*:*",
"matchCriteriaId": "C9C4526E-EEDE-4A91-B1AD-8F8B70047045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.54:*:*:*:*:*:*:*",
"matchCriteriaId": "6DAB3AC5-3629-4A7C-9B97-E463EC58363A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.55:*:*:*:*:*:*:*",
"matchCriteriaId": "16B7B04C-7CF5-4C34-BFBA-57850A70C97A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.56:*:*:*:*:*:*:*",
"matchCriteriaId": "140D6FB5-6EBF-476D-BA63-D75283786EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.57:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEC6A01-0480-413F-8DE4-CDDF5586C277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.60:*:*:*:*:*:*:*",
"matchCriteriaId": "E7F5E661-8B88-42D0-8C50-9F7673C5D0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.61:*:*:*:*:*:*:*",
"matchCriteriaId": "698232CE-1461-43A3-9B4E-47698B5F81C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.62:*:*:*:*:*:*:*",
"matchCriteriaId": "08EF5774-2E9C-42E8-8621-8619D6B9A195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.63:*:*:*:*:*:*:*",
"matchCriteriaId": "D12DA159-B0E2-47BA-A75D-E06FB6ED288E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mark_stosberg:data\\:\\:formvalidator:4.65:*:*:*:*:*:*:*",
"matchCriteriaId": "DBE69C8F-F659-43AE-8A7A-D3D02B2D2FE9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB490BCA-8592-4324-BCE3-396BFD647D5E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input."
},
{
"lang": "es",
"value": "El m\u00f3dulo Data::FormValidator v4.66 y anteriores para Perl, cuando untaint_all_constraints est\u00e1 activada, no conserva correctamente el atributo taint de los datos, lo que podr\u00eda permitir a atacantes remotos evitar el mecanismo de protecci\u00f3n ante corrupci\u00f3n de datos a trav\u00e9s de un formulario de entrada."
}
],
"id": "CVE-2011-2201",
"lastModified": "2024-11-21T01:27:48.320",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-09-14T16:05:23.527",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065416.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/12/3"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/13/13"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2011/06/13/5"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/48167"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=712694"
},
{
"source": "secalert@redhat.com",
"tags": [
"Exploit"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=61792"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065416.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/12/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/13/13"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2011/06/13/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/48167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=712694"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=61792"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2011-05-13 17:05
Modified
2024-11-21 01:24
Severity ?
Summary
Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B84C088-F29F-4498-A390-187505361962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17E86767-47EB-4A39-B8E1-A4B9AB4BC20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DB77E3D6-9F24-4C51-86E4-CD014DF0F66E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D67E248-C0B8-4713-9D9A-47097885A2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B32436EE-DA64-41AD-B967-26C6D4973FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CF46E50D-AE29-49FD-884B-488D9EB879D4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call."
},
{
"lang": "es",
"value": "Perl v5.10.x permite a atacantes dependientes de contexto provocar una denegaci\u00f3n del servicio (desreferencia a un puntero NULL y bloqueo de la aplicaci\u00f3n) elevando una habilidad para inyectar argumentos en una llamada a la funci\u00f3n (1) \"getpeername\", (2) \"readdir\", (3) \"closedir\", (4) \"getsockname\", (5) \"rewinddir\", (6) \"tell\", o (7) \"telldir\"."
}
],
"evaluatorComment": "Per: http://cwe.mitre.org/data/definitions/476.html\r\n\u0027CWE-476: NULL Pointer Dereference\u0027",
"id": "CVE-2011-0761",
"lastModified": "2024-11-21T01:24:47.187",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-05-13T17:05:41.847",
"references": [
{
"source": "cret@cert.org",
"url": "http://securityreason.com/securityalert/8248"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1025507"
},
{
"source": "cret@cert.org",
"url": "http://www.securityfocus.com/archive/1/517916/100/0/threaded"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/47766"
},
{
"source": "cret@cert.org",
"tags": [
"Exploit"
],
"url": "http://www.toucan-system.com/advisories/tssa-2011-03.txt"
},
{
"source": "cret@cert.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/8248"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1025507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/517916/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/47766"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.toucan-system.com/advisories/tssa-2011-03.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67355"
}
],
"sourceIdentifier": "cret@cert.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2023-08-22 19:16
Modified
2024-11-21 07:33
Severity ?
Summary
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.34.0:-:*:*:*:*:*:*",
"matchCriteriaId": "ED202CAF-C081-41FF-948C-84A9ECADCE2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation."
},
{
"lang": "es",
"value": "En Perl 5.34.0, la funci\u00f3n S_find_uninit_var en sv.c tiene un bloqueo basado en pila que puede conducir a la ejecuci\u00f3n remota de c\u00f3digo o a la escalada de privilegios locales."
}
],
"id": "CVE-2022-48522",
"lastModified": "2024-11-21T07:33:29.637",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-08-22T19:16:31.153",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345"
},
{
"source": "cve@mitre.org",
"url": "https://security.netapp.com/advisory/ntap-20230915-0008/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20230915-0008/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-06-05 14:15
Modified
2024-11-21 04:56
Severity ?
Summary
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C171B203-3DAA-43B7-A0BE-DDB0895EB744",
"versionEndExcluding": "5.30.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2ECD5E79-5C1B-42E9-BE0B-A034EE2D632D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C88D46AF-459D-4917-9403-0F63FEC83512",
"versionEndIncluding": "8.5.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1A0E3537-CB5A-40BF-B42C-CED9211B8892",
"versionEndIncluding": "16.4.0",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "996861FC-0089-4BED-8E46-F2B76037EA65",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "37764AF5-E42E-461E-AA43-763D21B3DCE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.7:*:*:*:*:*:*:*",
"matchCriteriaId": "879FE18D-6B1C-4CF7-B409-C379E9F60D0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.8:*:*:*:*:*:*:*",
"matchCriteriaId": "A2BE3FB3-5619-4381-BE4E-FBADB3C747F9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.9:*:*:*:*:*:*:*",
"matchCriteriaId": "4AB3C447-DA3F-44FF-91FD-8985C0527940",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*",
"matchCriteriaId": "806AF4AF-12FB-4222-84E4-BC9D44EFF09F",
"versionEndIncluding": "13.4",
"versionStartIncluding": "13.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "49ACFC73-A509-4D1C-8FC3-F68F495AB055",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "977CA754-6CE0-4FCB-9683-D81B7A15449D",
"versionEndIncluding": "10.3.0.2.1",
"versionStartIncluding": "10.3.0.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"matchCriteriaId": "29A3F7EF-2A69-427F-9F75-DDDBEE34BA2B",
"versionEndIncluding": "10.4.0.3.1",
"versionStartIncluding": "10.4.0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7B49D71-6A31-497A-B6A9-06E84F086E7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "495DECD7-B14F-4D59-B3E1-30BF9B267475",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "667A06DE-E173-406F-94DA-1FE64BCFAE18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_aware:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4B003D11-398F-486C-941D-698FB5BE5BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:sd-wan_aware:9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D13834B9-C48B-4C72-A27B-F9A8ACB50098",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*",
"matchCriteriaId": "26F05F85-7458-4C8F-B93F-93C92E506A40",
"versionEndIncluding": "7.7.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection."
},
{
"lang": "es",
"value": "Perl versiones anteriores a 5.30.3, presenta un desbordamiento de enteros relacionado con un manejo inapropiado de una situaci\u00f3n \"PL_regkind[OP(n)] == NOTHING\". Una expresi\u00f3n regular dise\u00f1ada podr\u00eda conllevar a un bytecode malformado con la posibilidad de inyecci\u00f3n de instrucciones"
}
],
"id": "CVE-2020-10878",
"lastModified": "2024-11-21T04:56:16.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-06-05T14:15:10.527",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2016-05-25 15:59
Modified
2024-11-21 02:39
Severity ?
Summary
The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 22 | |
| perl | perl | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "546DB67C-2B49-4C49-B394-C6B2BD417EB0",
"versionEndIncluding": "5.23.9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by \"a\\x80.\""
},
{
"lang": "es",
"value": "Las funciones (1) S_reghop3, (2) S_reghop4 y (3) S_reghopmaybe3 en regexec.c en Perl en versiones anteriores a 5.24.0 permiten a atacantes dependientes del contexto provocar una denegaci\u00f3n de servicio (bucle infinito) a trav\u00e9s de datos utf-8 manipulados, seg\u00fan lo demostrado por \"a\\x80\"."
}
],
"id": "CVE-2015-8853",
"lastModified": "2024-11-21T02:39:19.063",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-25T15:59:01.473",
"references": [
{
"source": "security@debian.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5"
},
{
"source": "security@debian.org",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/5"
},
{
"source": "security@debian.org",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/7"
},
{
"source": "security@debian.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "security@debian.org",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"source": "security@debian.org",
"url": "http://www.securityfocus.com/bid/86707"
},
{
"source": "security@debian.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329106"
},
{
"source": "security@debian.org",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"source": "security@debian.org",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=123562"
},
{
"source": "security@debian.org",
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"source": "security@debian.org",
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"source": "security@debian.org",
"url": "https://usn.ubuntu.com/3625-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/86707"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329106"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=123562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/3625-2/"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-17 20:29
Modified
2024-11-21 04:11
Severity ?
Summary
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| perl | perl | * | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7440C4F0-6C9A-402A-B5F4-197245762A7B",
"versionEndExcluding": "5.26.2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica (heap) en la funci\u00f3n pack de Perl, en versiones anteriores a la 5.26.2, permite que atacantes dependientes del contexto ejecuten c\u00f3digo arbitrario mediante un conteo de items largo."
}
],
"id": "CVE-2018-6913",
"lastModified": "2024-11-21T04:11:24.737",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-17T20:29:00.660",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103953"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040681"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131844"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3625-2/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/103953"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3625-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-02 06:15
Modified
2024-11-21 08:29
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "941F7B31-C194-4B93-AA3E-4F84C0DB4AF5",
"versionEndExcluding": "5.32.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad en Perl. Este problema de seguridad ocurre mientras Perl para Windows depende de la variable de entorno de ruta del sistema para encontrar el shell (`cmd.exe`). Cuando se ejecuta un ejecutable que utiliza el int\u00e9rprete de Windows Perl, Perl intenta buscar y ejecutar `cmd.exe` dentro del sistema operativo. Sin embargo, debido a problemas con el orden de b\u00fasqueda de rutas, Perl inicialmente busca cmd.exe en el directorio de trabajo actual. Esta falla permite que un atacante con privilegios limitados coloque `cmd.exe` en ubicaciones con permisos d\u00e9biles, como `C:\\ProgramData`. Al hacerlo, se puede ejecutar c\u00f3digo arbitrario cuando un administrador intenta utilizar este ejecutable desde estas ubicaciones comprometidas."
}
],
"id": "CVE-2023-47039",
"lastModified": "2024-11-21T08:29:39.083",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-02T06:15:13.737",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-47039"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-47039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://perldoc.perl.org/perl5382delta#CVE-2023-47039-Perl-for-Windows-binary-hijacking-vulnerability"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.netapp.com/advisory/ntap-20240208-0005/"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2014-02-10 18:15
Modified
2024-11-21 01:21
Severity ?
Summary
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "777EC860-FB16-4B15-A8BE-3EAE9FD8A99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC3F8EA-BE60-4EAB-A9B9-DB1368B5430C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A968B30-8456-49C2-A9B0-6CF55CB3C7B4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash."
},
{
"lang": "es",
"value": "La funci\u00f3n Perl_reg_numbered_buff_fetch en Perl 5.10.0, 5.12.0, 5.14.0 y otras versiones, cuando funciona con debugging activado, permite a atacantes dependientes de contexto causar una denegaci\u00f3n de servicio (fallo de aserci\u00f3n y cierre de la aplicaci\u00f3n) a trav\u00e9s de una entrada manipulada que no es manejada adecuadamente cuando hace uso de ciertas expresiones regulares, como se ha demostrado causando la ca\u00edda de SpamAssassin y OCSInventory."
}
],
"id": "CVE-2010-4777",
"lastModified": "2024-11-21T01:21:45.177",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-02-10T18:15:08.967",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836"
},
{
"source": "cve@mitre.org",
"url": "http://forums.ocsinventory-ng.org/viewtopic.php?id=7215"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html"
},
{
"source": "cve@mitre.org",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694166"
},
{
"source": "cve@mitre.org",
"url": "https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html"
},
{
"source": "cve@mitre.org",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=76538"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forums.ocsinventory-ng.org/viewtopic.php?id=7215"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=76538"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2018-04-17 20:29
Modified
2024-11-21 04:11
Severity ?
Summary
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| perl | perl | * | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 | |
| redhat | enterprise_linux_server | 6.0 | |
| redhat | enterprise_linux_server | 7.0 | |
| redhat | enterprise_linux_server | 7.3 | |
| redhat | enterprise_linux_server | 7.4 | |
| redhat | enterprise_linux_server | 7.5 | |
| redhat | enterprise_linux_workstation | 6.0 | |
| redhat | enterprise_linux_workstation | 7.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3118FEF0-4ECD-4C0F-B441-76C8D92084BD",
"versionEndIncluding": "5.26",
"versionStartIncluding": "5.22",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BB520389-84EE-477C-A9C8-74721592A320",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DA4AB18C-40FC-4E48-830D-481A97B34256",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.5:*:*:*:*:*:*:*",
"matchCriteriaId": "24D3235A-DB42-4868-90D9-712C3B3693AE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure."
},
{
"lang": "es",
"value": "Se ha descubierto un problema en Perl, de la versi\u00f3n 5.22 a la 5.26. Si se hace que coincida una expresi\u00f3n regular dependiente de una locale manipulada, se puede provocar una sobrelectura de b\u00fafer basada en memoria din\u00e1mica (heap) y una potencial divulgaci\u00f3n de informaci\u00f3n."
}
],
"id": "CVE-2018-6798",
"lastModified": "2024-11-21T04:11:13.413",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-17T20:29:00.580",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040681"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1192"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=132063"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1040681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=132063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-21 05:46
Modified
2024-11-21 01:28
Severity ?
Summary
The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| perl | perl | * | |
| perl | perl | 1.00 | |
| perl | perl | 1.01 | |
| perl | perl | 1.20 | |
| perl | perl | 1.21 | |
| perl | perl | 1.22 | |
| perl | perl | 1.31 | |
| perl | perl | 1.32 | |
| perl | perl | 1.40 | |
| perl | perl | 1.41 | |
| perl | perl | 1.42 | |
| perl | perl | 1.43 | |
| perl | perl | 1.44 | |
| perl | perl | 1.45 | |
| perl | perl | 1.46 | |
| perl | perl | 1.47 | |
| perl | perl | 1.48 | |
| perl | perl | 1.49 | |
| perl | perl | 2.0.0 | |
| perl | perl | 2.1.0 | |
| perl | perl | 2.1.1 | |
| perl | perl | 2.1.2 | |
| perl | perl | 2.1.3 | |
| perl | perl | 2.2.0 | |
| perl | perl | 2.2.1 | |
| perl | perl | 2.2.2 | |
| perl | perl | 2.3.0 | |
| perl | perl | 2.4.0 | |
| perl | perl | 2.5.0 | |
| perl | perl | 2.5.1 | |
| perl | perl | 2.6.0 | |
| perl | perl | 2.6.1 | |
| perl | perl | 2.6.2 | |
| perl | perl | 2.6.3 | |
| perl | perl | 2.6.4 | |
| perl | perl | 2.6.5 | |
| perl | perl | 2.6.6 | |
| perl | perl | 2.7.0 | |
| perl | perl | 2.7.1 | |
| perl | perl | 2.7.2 | |
| perl | perl | 2.8.0 | |
| perl | perl | 2.8.1 | |
| perl | perl | 2.8.2 | |
| perl | perl | 2.8.3 | |
| perl | perl | 2.8.4 | |
| perl | perl | 2.8.5 | |
| perl | perl | 2.8.6 | |
| perl | perl | 2.8.7 | |
| perl | perl | 2.8.8 | |
| perl | perl | 2.9.0 | |
| perl | perl | 2.9.1 | |
| perl | perl | 2.9.2 | |
| perl | perl | 2.10.0 | |
| perl | perl | 2.10.1 | |
| perl | perl | 2.10.2 | |
| perl | perl | 2.10.3 | |
| perl | perl | 2.10.4 | |
| perl | perl | 2.10.5 | |
| perl | perl | 2.10.6 | |
| perl | perl | 2.10.7 | |
| perl | perl | 2.11.0 | |
| perl | perl | 2.11.1 | |
| perl | perl | 2.11.2 | |
| perl | perl | 2.11.3 | |
| perl | perl | 2.11.4 | |
| perl | perl | 2.11.5 | |
| perl | perl | 2.11.6 | |
| perl | perl | 2.11.7 | |
| perl | perl | 2.11.8 | |
| perl | perl | 2.12.0 | |
| perl | perl | 2.13.0 | |
| perl | perl | 2.14.0 | |
| perl | perl | 2.14.1 | |
| perl | perl | 2.15.0 | |
| perl | perl | 2.15.1 | |
| perl | perl | 2.16.0 | |
| perl | perl | 2.16.1 | |
| perl | perl | 2.17.0 | |
| perl | perl | 2.17.1 | |
| perl | perl | 2.17.2 | |
| perl | perl | 2.18.0 | |
| perl | perl | 2.18.1 | |
| perl | perl | 5.6.0 | |
| perl | perl | 5.6.1 | |
| perl | perl | 5.8.0 | |
| perl | perl | 5.8.1 | |
| perl | perl | 5.8.2 | |
| perl | perl | 5.8.3 | |
| perl | perl | 5.8.4 | |
| perl | perl | 5.8.5 | |
| perl | perl | 5.8.6 | |
| perl | perl | 5.8.7 | |
| perl | perl | 5.8.8 | |
| perl | perl | 5.8.9 | |
| perl | perl | 5.8.10 | |
| perl | perl | 5.9.2 | |
| perl | perl | 5.10 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.0 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.10.1 | |
| perl | perl | 5.11.0 | |
| perl | perl | 5.11.1 | |
| perl | perl | 5.11.2 | |
| perl | perl | 5.11.3 | |
| perl | perl | 5.11.4 | |
| perl | perl | 5.11.5 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.0 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.1 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.2 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.12.3 | |
| perl | perl | 5.13.0 | |
| perl | perl | 5.13.1 | |
| perl | perl | 5.13.2 | |
| perl | perl | 5.13.3 | |
| perl | perl | 5.13.4 | |
| perl | perl | 5.13.5 | |
| perl | perl | 5.13.6 | |
| perl | perl | 5.13.7 | |
| perl | perl | 5.13.8 | |
| perl | perl | 5.13.9 | |
| perl | perl | 5.13.10 | |
| perl | perl | 5.13.11 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 | |
| perl | perl | 5.14.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9313BD13-82CE-4632-80E8-48B3A1159CDE",
"versionEndIncluding": "5.14.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.00:*:*:*:*:*:*:*",
"matchCriteriaId": "2DA44592-DC6D-4FB7-AC1D-A300643922C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.01:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBE0151-85BA-449C-880F-E23D8C446D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.20:*:*:*:*:*:*:*",
"matchCriteriaId": "83F3ED90-9586-41DB-9B83-C6B05C605213",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.21:*:*:*:*:*:*:*",
"matchCriteriaId": "0DB562AC-B665-4F2B-B004-9E848ACC7C20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.22:*:*:*:*:*:*:*",
"matchCriteriaId": "8305CB5A-A64A-4F11-B912-B2E428513E22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.31:*:*:*:*:*:*:*",
"matchCriteriaId": "367FF98C-12FF-4CEC-9870-6356FAD3C523",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.32:*:*:*:*:*:*:*",
"matchCriteriaId": "191EDFB5-F9AB-4A8B-BFC7-9BB7BCE7AAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.40:*:*:*:*:*:*:*",
"matchCriteriaId": "A253AEB7-A581-4E1F-9410-E056390C0BC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.41:*:*:*:*:*:*:*",
"matchCriteriaId": "2696ACCA-47FC-4D25-8A08-17F7CD640040",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.42:*:*:*:*:*:*:*",
"matchCriteriaId": "50F9F981-903A-48F8-ACD9-48308E639261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.43:*:*:*:*:*:*:*",
"matchCriteriaId": "99E7410D-A498-49FB-818E-309BDBDB7A21",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.44:*:*:*:*:*:*:*",
"matchCriteriaId": "85BE0085-3E86-4A39-8AE4-76ED06D2534B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.45:*:*:*:*:*:*:*",
"matchCriteriaId": "2614B8FD-F7A5-4C70-AE1E-2255FCAB1154",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.46:*:*:*:*:*:*:*",
"matchCriteriaId": "58387159-A167-4032-9F3F-B517EF2185F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.47:*:*:*:*:*:*:*",
"matchCriteriaId": "CB414CE9-5EFA-45F7-BB0B-B8B3893444DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.48:*:*:*:*:*:*:*",
"matchCriteriaId": "93FBE9FB-99AC-4800-BB1F-4F0689E0A07A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:1.49:*:*:*:*:*:*:*",
"matchCriteriaId": "EFB83944-0183-4DDB-B20E-0C8A7646A07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80151ACD-28DC-4383-9B7E-F2B759299341",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1C15294D-F2AC-4E81-A612-14A31510449D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AF2EE2D3-A942-4CAE-8F14-213BB6CBD62A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "05630C5E-263A-4974-81A0-2DC178B9708C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4B372AF6-29BB-4DAA-B3DA-3F8AE7BBC5BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C17CD4D0-DFE5-4C01-BEEA-891C865E18AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6EEB7512-D7E2-4F24-B96F-4FFE9E650262",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "307F457C-4015-4857-ADB8-637BC53DEB54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B645F9A1-44FB-4504-BF6C-2810EE841025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E91B29C4-3709-473E-8F69-69D77ECEB221",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB3068F9-9A65-4DC4-88C2-19C8E1807CED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "ADDA896A-8EA8-4924-A648-6001F83F8AB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "91611ED9-FFDE-42B2-8E02-5B089A34DB33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "638055BA-CB01-404E-B9CD-D9EEB284ACE9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54F33281-2EA9-49EF-A074-E0AE93D4DC72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2EA4A6E5-F1A0-42E8-BB49-E06497DA582B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "085763C4-D71A-47AF-B64C-829E6EC8E6D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9805F52C-B9F4-4531-A478-C3FA03D1EA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "1183DBED-4EF7-4942-9400-D57BC0C63773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4FCE3D75-98D9-4D95-9EB9-F33E37CC047B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58228B5F-7FA1-42B5-BC4A-A5F6535E2C39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C7D4C885-1FDB-479C-9626-B006E1C84E0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6574874E-EE2A-43B0-9D4B-9106C46BF8AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "62A4C415-6408-4A7E-A1C9-8A327B0DEA59",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "7B35E250-F525-4EF5-9DBD-D80D68E5C00E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79388C94-3306-4FD2-880E-56D42830B822",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E181D243-AFF0-41E3-A969-3DC67E81E8A0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "D445C68D-BFB8-4BAB-B995-FADF7CA5DF2B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D8982A13-3F5E-4B52-932C-00BD7CEA7625",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B0518BBC-BE6F-4949-A39B-1BE1FFA9442D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9D5F66A1-E3C6-4D89-B3E3-AF46CC98BB00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8090363F-1850-4095-A212-0A554EA37A3C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "26FA77D7-CE3B-4ED2-8117-E6CC1BA39B36",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E4687A27-D41C-489D-AA95-E6999ABB696D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C03AD0EA-BFB8-480D-9B9C-6D6BD0DABDB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "59BADDB6-D48A-4DC0-A758-902F0EBC51CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D12770F8-8729-4712-9023-64CB2B374BCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4A7FD104-1DE9-4A2A-AB2B-CD4AD9E70A93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A33D85D8-AA73-4120-9DB0-85B9E0BC14F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "079B9B47-194A-4047-AFEB-ABAD9CA5E53E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "98034760-4DF2-4D7B-92D8-02EDCF56E618",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7EB7B211-AFE1-4D1A-B46F-86394981D5D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "930C1B45-2ABE-42DD-8D10-B375ED796F4A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B5811AB6-ED08-40C9-A0CD-77793A495E81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "82185F66-9E19-4C56-8E77-5C153275A542",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8E51FAC0-BEF4-4839-B3C0-CCC9ED015582",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D902DF16-5F3A-485E-9409-BC47A4E46014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4A8FA7E4-B406-4587-86A7-F560FE64A3B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.6:*:*:*:*:*:*:*",
"matchCriteriaId": "77C35F36-AD3C-418C-ACED-486FF06EFFC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.7:*:*:*:*:*:*:*",
"matchCriteriaId": "B28DF2CD-1BEC-4F5E-AD30-7F84E58DF223",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.11.8:*:*:*:*:*:*:*",
"matchCriteriaId": "3960D793-C3C8-40FC-83B2-710ED2F5D658",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5DDE4919-FA8A-485B-9F0E-BD015B1D4D8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CC022C7A-35DD-445D-B9D3-6024CF28610E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88D408D9-B90D-495A-BC09-E322FBE78E06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C9D00E45-E017-43AB-AAF9-9B4721CD8E0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8DDB7238-FD06-4872-A736-9D988A0433E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "676C7999-B586-40E0-83E8-EB09E3F107C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "31B80A50-5766-4ED7-9254-5CDDB74C7C04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF88AD1-AECE-4227-AE63-EA3E279238C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8ED441D3-6D17-4F8E-AF0E-27D813B2C68F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "22CAAB68-FD86-49DB-8DA7-F16FC3F6B878",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5DF19BA4-1BF5-4F1E-BE6C-318B581D1EB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6EE9535-B8AB-4DC8-A012-405FDEF88CA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:2.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51143CE7-A953-4174-B043-5D7AC7CD9391",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BBDE0711-1423-4E75-A902-1DA04DC8C352",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DD62DA82-0EB3-4ACA-ACC8-A1E63C031D94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4932278D-A661-42D9-AA36-4233B174EF0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "70CBBC87-F6F7-45AF-9B54-95402D03C75F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.2:*:*:*:*:*:*:*",
"matchCriteriaId": "5B34EA51-64A3-483A-AF99-01358F6BE8D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B8E0DBA5-360F-463E-A840-365168A1FCC4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5EA80F25-A108-4B65-BE25-56DE17B930EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ECB2B6E2-890E-4B6E-833F-DF40E6D77E22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*",
"matchCriteriaId": "53F0358E-0722-48A6-A2C6-470229602089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A8DFDF97-EF44-448F-A5CA-021B2D64605F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E98D2706-99B7-4153-925B-77A8CECD7CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.9:*:*:*:*:*:*:*",
"matchCriteriaId": "B10AD15E-6275-48AB-8757-FB5A735C82D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.8.10:*:*:*:*:*:*:*",
"matchCriteriaId": "7B358BF3-55AC-477E-A4B5-3960C449C011",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DF69341A-4D00-424E-AD0F-FA7515278770",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*",
"matchCriteriaId": "777EC860-FB16-4B15-A8BE-3EAE9FD8A99D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9B84C088-F29F-4498-A390-187505361962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "17E86767-47EB-4A39-B8E1-A4B9AB4BC20E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DB77E3D6-9F24-4C51-86E4-CD014DF0F66E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4D67E248-C0B8-4713-9D9A-47097885A2C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B32436EE-DA64-41AD-B967-26C6D4973FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "CF46E50D-AE29-49FD-884B-488D9EB879D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "77B23E85-8167-4B17-8D76-BD807067BB4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8355C16E-16D4-4A68-BFD3-125892E3FA1D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "85FFA753-4B14-4B52-941F-C33D41451EF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B99FD006-688D-43BB-901A-FB9192157947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DBD582A1-DCCF-4D54-8177-45E861A0C263",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.11.5:*:*:*:*:*:*:*",
"matchCriteriaId": "E5AF4FAA-A591-43FB-A9B1-FD47EF0AC622",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9BC3F8EA-BE60-4EAB-A9B9-DB1368B5430C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc0:*:*:*:*:*:*",
"matchCriteriaId": "C0D13359-AC5F-40CB-B906-8E03526CE045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "A5E92FB2-7C21-4F06-AE3F-562551A758AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D213529E-33EF-43D1-A673-3C94191427D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E6539E09-4DC5-4C53-AFF1-70D06BBA9E7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc4:*:*:*:*:*:*",
"matchCriteriaId": "52D8DF08-AE73-4529-B212-CA31F02A719E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.0:rc5:*:*:*:*:*:*",
"matchCriteriaId": "EA054FCE-FABC-4EB5-9759-F77C6F250B44",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5DDFC6-4EDF-452A-B561-C9115D91FB3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B1DBAB61-4BFB-4664-98CF-77C617F982A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.1:rc2:*:*:*:*:*:*",
"matchCriteriaId": "8A7580C2-44DE-48E5-AC26-A221537C95D8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "54E04A5E-BE90-4A31-8C1D-09A91DD3E7DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.2:rc1:*:*:*:*:*:*",
"matchCriteriaId": "1A52ADD6-05DE-4A16-9745-D92CD5F46502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CFF99954-5B94-4092-83B9-7D17EEDB30A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc1:*:*:*:*:*:*",
"matchCriteriaId": "38A25AC3-1C81-4234-8B7E-0D59EA1F103B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc2:*:*:*:*:*:*",
"matchCriteriaId": "93E670B7-6956-4A13-A2A8-F675C0B093FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.12.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "23F1C64E-1446-409D-9F53-1C03724A10E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "93813F8D-F22F-43E3-B894-BEB7FA6204F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B280339A-1CED-4FBD-8B3C-A48B07FE9BAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "AC85766E-3A59-4711-85C9-62AC01F2A87D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC9AA38-4A25-4825-9EDD-E93353A8B195",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.4:*:*:*:*:*:*:*",
"matchCriteriaId": "388E8952-47B7-426E-AE35-0216FD60CC8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.5:*:*:*:*:*:*:*",
"matchCriteriaId": "105AB2DD-5E61-4369-8383-B7BF13B85444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.6:*:*:*:*:*:*:*",
"matchCriteriaId": "FF2F4C5C-2B56-450A-813F-254019FBB854",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.7:*:*:*:*:*:*:*",
"matchCriteriaId": "226424B4-7299-4E28-BBB1-0FCC9E2602E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C16C918C-A1C4-425B-9C0C-B239B3482A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.9:*:*:*:*:*:*:*",
"matchCriteriaId": "5393E265-60C1-43A6-9EFE-505A115053DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.10:*:*:*:*:*:*:*",
"matchCriteriaId": "1DD50D93-8395-4698-A12B-D9CAAB022BF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.13.11:*:*:*:*:*:*:*",
"matchCriteriaId": "04EE04B4-71DD-4A87-BA2D-79954AEF5DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8A968B30-8456-49C2-A9B0-6CF55CB3C7B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "66BF9787-C734-43DA-B8BF-FF6D6F4E802A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "D94BF151-572F-4C50-8E47-9B8BCDD16A77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:perl:perl:5.14.0:rc3:*:*:*:*:*:*",
"matchCriteriaId": "5114F054-E5AF-4905-83DD-459E1D56B5DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference."
},
{
"lang": "es",
"value": "La funci\u00f3n bsd_glob en el m\u00f3dulo de archivo ::Glob para Perl antes de v5.14.2 permite a atacantes dependientes de contexto provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de una expresi\u00f3n regular dada con la bandera GLOB_ALTDIRFUNC, lo que desencadena una desreferencia de puntero no inicializado."
}
],
"id": "CVE-2011-2728",
"lastModified": "2024-11-21T01:28:50.807",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-21T05:46:14.527",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html"
},
{
"source": "secalert@redhat.com",
"url": "http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46172"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/49858"
},
{
"source": "secalert@redhat.com",
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49858"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742987"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2022-48522
Vulnerability from cvelistv5
Published
2023-08-22 00:00
Modified
2024-10-03 14:21
Severity ?
EPSS score ?
Summary
In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T15:17:55.174Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20230915-0008/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-48522",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T14:20:55.608211Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T14:21:12.055Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Perl 5.34.0, function S_find_uninit_var in sv.c has a stack-based crash that can lead to remote code execution or local privilege escalation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-15T13:06:20.633841",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Perl/perl5/blob/79a7b254d85a10b65126ad99bf10e70480569d68/sv.c#L16336-L16345"
},
{
"url": "https://security.netapp.com/advisory/ntap-20230915-0008/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-48522",
"datePublished": "2023-08-22T00:00:00",
"dateReserved": "2023-07-23T00:00:00",
"dateUpdated": "2024-10-03T14:21:12.055Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2939
Vulnerability from cvelistv5
Published
2012-01-13 18:00
Modified
2024-08-06 23:15
Severity ?
EPSS score ?
Summary
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:15:31.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46989",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46989"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55314"
},
{
"name": "USN-1643-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"name": "49858",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49858"
},
{
"name": "[oss-security] 20110818 CVE request: heap overflow in perl while decoding Unicode string",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/18/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5"
},
{
"name": "46172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46172"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=731246"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_%28CVE-2011-2939%29"
},
{
"name": "MDVSA-2012:008",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:008"
},
{
"name": "RHSA-2011:1424",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1424.html"
},
{
"name": "[oss-security] 20110819 Re: CVE request: heap overflow in perl while decoding Unicode string",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/19/17"
},
{
"name": "51457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51457"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-02-17T10:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "46989",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46989"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55314"
},
{
"name": "USN-1643-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"name": "49858",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49858"
},
{
"name": "[oss-security] 20110818 CVE request: heap overflow in perl while decoding Unicode string",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/18/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5"
},
{
"name": "46172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46172"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=731246"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_%28CVE-2011-2939%29"
},
{
"name": "MDVSA-2012:008",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:008"
},
{
"name": "RHSA-2011:1424",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2011-1424.html"
},
{
"name": "[oss-security] 20110819 Re: CVE request: heap overflow in perl while decoding Unicode string",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/08/19/17"
},
{
"name": "51457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51457"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2939",
"datePublished": "2012-01-13T18:00:00",
"dateReserved": "2011-07-27T00:00:00",
"dateUpdated": "2024-08-06T23:15:31.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18311
Vulnerability from cvelistv5
Published
2018-12-07 21:00
Modified
2024-08-05 11:08
Severity ?
EPSS score ?
Summary
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1601-1] perl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html"
},
{
"name": "DSA-4347",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"name": "106145",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106145"
},
{
"name": "1042181",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"name": "RHSA-2019:0010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"name": "USN-3834-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3834-2/"
},
{
"name": "FEDORA-2018-9dbe983805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"name": "RHSA-2019:0001",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"name": "RHSA-2019:0109",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0109"
},
{
"name": "USN-3834-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"name": "RHBA-2019:0327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
},
{
"name": "RHSA-2019:1790",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1790"
},
{
"name": "RHSA-2019:1942",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1942"
},
{
"name": "RHSA-2019:2400",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2400"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646730"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.28.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Ticket/Display.html?id=133204"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1601-1] perl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html"
},
{
"name": "DSA-4347",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"name": "106145",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106145"
},
{
"name": "1042181",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"name": "RHSA-2019:0010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"name": "USN-3834-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3834-2/"
},
{
"name": "FEDORA-2018-9dbe983805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"name": "RHSA-2019:0001",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"name": "RHSA-2019:0109",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0109"
},
{
"name": "USN-3834-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"name": "RHBA-2019:0327",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
},
{
"name": "RHSA-2019:1790",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1790"
},
{
"name": "RHSA-2019:1942",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:1942"
},
{
"name": "RHSA-2019:2400",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2400"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646730"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.28.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Ticket/Display.html?id=133204"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18311",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20181130 [SECURITY] [DLA 1601-1] perl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html"
},
{
"name": "DSA-4347",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"name": "106145",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106145"
},
{
"name": "1042181",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042181"
},
{
"name": "RHSA-2019:0010",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"name": "USN-3834-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3834-2/"
},
{
"name": "FEDORA-2018-9dbe983805",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"name": "RHSA-2019:0001",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"name": "RHSA-2019:0109",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0109"
},
{
"name": "USN-3834-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"name": "RHBA-2019:0327",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHBA-2019:0327"
},
{
"name": "RHSA-2019:1790",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1790"
},
{
"name": "RHSA-2019:1942",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:1942"
},
{
"name": "RHSA-2019:2400",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2400"
},
{
"name": "GLSA-201909-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "https://support.apple.com/kb/HT209600",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT209600"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1646730",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646730"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190221-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"name": "https://metacpan.org/changes/release/SHAY/perl-5.26.3",
"refsource": "CONFIRM",
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"name": "https://metacpan.org/changes/release/SHAY/perl-5.28.1",
"refsource": "CONFIRM",
"url": "https://metacpan.org/changes/release/SHAY/perl-5.28.1"
},
{
"name": "https://rt.perl.org/Ticket/Display.html?id=133204",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Ticket/Display.html?id=133204"
},
{
"name": "https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be",
"refsource": "CONFIRM",
"url": "https://github.com/Perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be"
},
{
"name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278",
"refsource": "CONFIRM",
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10278"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18311",
"datePublished": "2018-12-07T21:00:00",
"dateReserved": "2018-10-14T00:00:00",
"dateUpdated": "2024-08-05T11:08:21.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18312
Vulnerability from cvelistv5
Published
2018-12-05 22:00
Modified
2024-08-05 11:08
Severity ?
EPSS score ?
Summary
Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.746Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4347",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"name": "106179",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106179"
},
{
"name": "1042181",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"name": "RHSA-2019:0010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"name": "FEDORA-2018-9dbe983805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"name": "RHSA-2019:0001",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"name": "USN-3834-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.28.1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646734"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=133423"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4347",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"name": "106179",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106179"
},
{
"name": "1042181",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"name": "RHSA-2019:0010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"name": "FEDORA-2018-9dbe983805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"name": "RHSA-2019:0001",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"name": "USN-3834-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.28.1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646734"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=133423"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18312",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4347",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"name": "106179",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106179"
},
{
"name": "1042181",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042181"
},
{
"name": "RHSA-2019:0010",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"name": "FEDORA-2018-9dbe983805",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"name": "RHSA-2019:0001",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"name": "USN-3834-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"name": "GLSA-201909-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190221-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"name": "https://metacpan.org/changes/release/SHAY/perl-5.26.3",
"refsource": "CONFIRM",
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"name": "https://metacpan.org/changes/release/SHAY/perl-5.28.1",
"refsource": "CONFIRM",
"url": "https://metacpan.org/changes/release/SHAY/perl-5.28.1"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1646734",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646734"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=133423",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=133423"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18312",
"datePublished": "2018-12-05T22:00:00",
"dateReserved": "2018-10-14T00:00:00",
"dateUpdated": "2024-08-05T11:08:21.746Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-5195
Vulnerability from cvelistv5
Published
2012-12-18 00:00
Modified
2024-08-06 20:58
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T20:58:03.185Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "MDVSA-2013:113",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"name": "[perl.perl5.porters] 20121010 maint-5.12, maint-5.14, and CVE-2012-5195",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55314"
},
{
"name": "USN-1643-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"name": "DSA-2586",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2586"
},
{
"name": "[oss-security] 20121026 Medium severity flaw with Perl 5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/26/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44"
},
{
"name": "56287",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56287"
},
{
"name": "[oss-security] 20121027 Re: Medium severity flaw with Perl 5",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/27/1"
},
{
"name": "RHSA-2013:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "51457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/51457"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-10-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the \u0027x\u0027 string repeat operator."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "MDVSA-2013:113",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"name": "[perl.perl5.porters] 20121010 maint-5.12, maint-5.14, and CVE-2012-5195",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55314"
},
{
"name": "USN-1643-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"name": "DSA-2586",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2586"
},
{
"name": "[oss-security] 20121026 Medium severity flaw with Perl 5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/26/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44"
},
{
"name": "56287",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56287"
},
{
"name": "[oss-security] 20121027 Re: Medium severity flaw with Perl 5",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/10/27/1"
},
{
"name": "RHSA-2013:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "51457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/51457"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-5195",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the \u0027x\u0027 string repeat operator."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "MDVSA-2013:113",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"name": "[perl.perl5.porters] 20121010 maint-5.12, maint-5.14, and CVE-2012-5195",
"refsource": "MLIST",
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10673"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352"
},
{
"name": "55314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/55314"
},
{
"name": "USN-1643-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1643-1"
},
{
"name": "DSA-2586",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2586"
},
{
"name": "[oss-security] 20121026 Medium severity flaw with Perl 5",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/26/2"
},
{
"name": "http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44"
},
{
"name": "56287",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56287"
},
{
"name": "[oss-security] 20121027 Re: Medium severity flaw with Perl 5",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/10/27/1"
},
{
"name": "RHSA-2013:0685",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "51457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/51457"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-5195",
"datePublished": "2012-12-18T00:00:00",
"dateReserved": "2012-09-28T00:00:00",
"dateUpdated": "2024-08-06T20:58:03.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-1884
Vulnerability from cvelistv5
Published
2009-08-19 17:00
Modified
2024-08-07 05:27
Severity ?
EPSS score ?
Summary
Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/36415 | third-party-advisory, x_refsource_SECUNIA | |
| https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00999.html | vendor-advisory, x_refsource_FEDORA | |
| https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00982.html | vendor-advisory, x_refsource_FEDORA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=518278 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/36082 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/36386 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-200908-07.xml | vendor-advisory, x_refsource_GENTOO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/52628 | vdb-entry, x_refsource_XF | |
| https://bugs.gentoo.org/show_bug.cgi?id=281955 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T05:27:54.590Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36415"
},
{
"name": "FEDORA-2009-8888",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00999.html"
},
{
"name": "FEDORA-2009-8868",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00982.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=518278"
},
{
"name": "36082",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36082"
},
{
"name": "36386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/36386"
},
{
"name": "GLSA-200908-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200908-07.xml"
},
{
"name": "compressrawbzip2-bzinflate-dos(52628)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52628"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=281955"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-08-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the bzinflate function in Bzip2.xs in the Compress-Raw-Bzip2 module before 2.018 for Perl allows context-dependent attackers to cause a denial of service (application hang or crash) via a crafted bzip2 compressed stream that triggers a buffer overflow, a related issue to CVE-2009-1391."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "36415",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36415"
},
{
"name": "FEDORA-2009-8888",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00999.html"
},
{
"name": "FEDORA-2009-8868",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2009-August/msg00982.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=518278"
},
{
"name": "36082",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36082"
},
{
"name": "36386",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/36386"
},
{
"name": "GLSA-200908-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200908-07.xml"
},
{
"name": "compressrawbzip2-bzinflate-dos(52628)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/52628"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.gentoo.org/show_bug.cgi?id=281955"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-1884",
"datePublished": "2009-08-19T17:00:00",
"dateReserved": "2009-06-02T00:00:00",
"dateUpdated": "2024-08-07T05:27:54.590Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-3626
Vulnerability from cvelistv5
Published
2009-10-29 14:00
Modified
2024-08-07 06:38
Severity ?
EPSS score ?
Summary
Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.vupen.com/english/advisories/2009/3023 | vdb-entry, x_refsource_VUPEN | |
| http://www.openwall.com/lists/oss-security/2009/10/23/8 | mailing-list, x_refsource_MLIST | |
| http://www.osvdb.org/59283 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/53939 | vdb-entry, x_refsource_XF | |
| http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/ | x_refsource_MISC | |
| https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225 | x_refsource_CONFIRM | |
| http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/37144 | third-party-advisory, x_refsource_SECUNIA | |
| http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/36812 | vdb-entry, x_refsource_BID | |
| http://securitytracker.com/id?1023077 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T06:38:28.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2009-3023",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/3023"
},
{
"name": "[oss-security] 20091023 CVE-2009-3626 assigment notification - Perl - perl-5.10.1",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/23/8"
},
{
"name": "59283",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/59283"
},
{
"name": "perl-utf8-expressions-dos(53939)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53939"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973"
},
{
"name": "37144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/37144"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4"
},
{
"name": "36812",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/36812"
},
{
"name": "1023077",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1023077"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-10-23T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2009-3023",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/3023"
},
{
"name": "[oss-security] 20091023 CVE-2009-3626 assigment notification - Perl - perl-5.10.1",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/10/23/8"
},
{
"name": "59283",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/59283"
},
{
"name": "perl-utf8-expressions-dos(53939)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53939"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973"
},
{
"name": "37144",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/37144"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4"
},
{
"name": "36812",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/36812"
},
{
"name": "1023077",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1023077"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2009-3626",
"datePublished": "2009-10-29T14:00:00",
"dateReserved": "2009-10-09T00:00:00",
"dateUpdated": "2024-08-07T06:38:28.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-1667
Vulnerability from cvelistv5
Published
2013-03-12 16:00
Modified
2024-08-06 15:13
Severity ?
EPSS score ?
Summary
The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:13:31.612Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "[perl.perl5.porters] 20130304 CVE-2013-1667: important rehashing flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html"
},
{
"name": "52472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52472"
},
{
"name": "MDVSA-2013:113",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296"
},
{
"name": "52499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/52499"
},
{
"name": "APPLE-SA-2013-10-22-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/d59e31f"
},
{
"name": "58311",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/58311"
},
{
"name": "90892",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/90892"
},
{
"name": "perl-rehash-dos(82598)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82598"
},
{
"name": "SSRT101274",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=137891988921058\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:18771",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/9d83adc"
},
{
"name": "DSA-2641",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2641"
},
{
"name": "HPSBUX02928",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=137891988921058\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5"
},
{
"name": "USN-1770-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-1770-1"
},
{
"name": "RHSA-2013:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=912276"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-02-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "[perl.perl5.porters] 20130304 CVE-2013-1667: important rehashing flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html"
},
{
"name": "52472",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52472"
},
{
"name": "MDVSA-2013:113",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296"
},
{
"name": "52499",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/52499"
},
{
"name": "APPLE-SA-2013-10-22-3",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/d59e31f"
},
{
"name": "58311",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/58311"
},
{
"name": "90892",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/90892"
},
{
"name": "perl-rehash-dos(82598)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82598"
},
{
"name": "SSRT101274",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=137891988921058\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:18771",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/9d83adc"
},
{
"name": "DSA-2641",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2641"
},
{
"name": "HPSBUX02928",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://marc.info/?l=bugtraq\u0026m=137891988921058\u0026w=2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5"
},
{
"name": "USN-1770-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-1770-1"
},
{
"name": "RHSA-2013:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=912276"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-1667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "[perl.perl5.porters] 20130304 CVE-2013-1667: important rehashing flaw",
"refsource": "MLIST",
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html"
},
{
"name": "52472",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52472"
},
{
"name": "MDVSA-2013:113",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296"
},
{
"name": "52499",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/52499"
},
{
"name": "APPLE-SA-2013-10-22-3",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"
},
{
"name": "http://perl5.git.perl.org/perl.git/commitdiff/d59e31f",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/commitdiff/d59e31f"
},
{
"name": "58311",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/58311"
},
{
"name": "90892",
"refsource": "OSVDB",
"url": "http://osvdb.org/90892"
},
{
"name": "perl-rehash-dos(82598)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/82598"
},
{
"name": "SSRT101274",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=137891988921058\u0026w=2"
},
{
"name": "oval:org.mitre.oval:def:18771",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771"
},
{
"name": "http://perl5.git.perl.org/perl.git/commitdiff/9d83adc",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/commitdiff/9d83adc"
},
{
"name": "DSA-2641",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2641"
},
{
"name": "HPSBUX02928",
"refsource": "HP",
"url": "http://marc.info/?l=bugtraq\u0026m=137891988921058\u0026w=2"
},
{
"name": "http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5"
},
{
"name": "USN-1770-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-1770-1"
},
{
"name": "RHSA-2013:0685",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=912276",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=912276"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-1667",
"datePublished": "2013-03-12T16:00:00",
"dateReserved": "2013-02-13T00:00:00",
"dateUpdated": "2024-08-06T15:13:31.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-12015
Vulnerability from cvelistv5
Published
2018-06-07 13:00
Modified
2024-08-05 08:24
Severity ?
EPSS score ?
Summary
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/104423 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id/1041048 | vdb-entry, x_refsource_SECTRACK | |
| https://www.debian.org/security/2018/dsa-4226 | vendor-advisory, x_refsource_DEBIAN | |
| https://usn.ubuntu.com/3684-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://usn.ubuntu.com/3684-2/ | vendor-advisory, x_refsource_UBUNTU | |
| https://seclists.org/bugtraq/2019/Mar/42 | mailing-list, x_refsource_BUGTRAQ | |
| http://seclists.org/fulldisclosure/2019/Mar/49 | mailing-list, x_refsource_FULLDISC | |
| https://access.redhat.com/errata/RHSA-2019:2097 | vendor-advisory, x_refsource_REDHAT | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20180927-0001/ | x_refsource_CONFIRM | |
| https://support.apple.com/kb/HT209600 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T08:24:03.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "104423",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/104423"
},
{
"name": "1041048",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041048"
},
{
"name": "DSA-4226",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4226"
},
{
"name": "USN-3684-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3684-1/"
},
{
"name": "USN-3684-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3684-2/"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"name": "RHSA-2019:2097",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2097"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180927-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209600"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-06-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "104423",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/104423"
},
{
"name": "1041048",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041048"
},
{
"name": "DSA-4226",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4226"
},
{
"name": "USN-3684-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3684-1/"
},
{
"name": "USN-3684-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3684-2/"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"name": "RHSA-2019:2097",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:2097"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180927-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT209600"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-12015",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "104423",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/104423"
},
{
"name": "1041048",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041048"
},
{
"name": "DSA-4226",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4226"
},
{
"name": "USN-3684-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3684-1/"
},
{
"name": "USN-3684-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3684-2/"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"name": "RHSA-2019:2097",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:2097"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834",
"refsource": "CONFIRM",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180927-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180927-0001/"
},
{
"name": "https://support.apple.com/kb/HT209600",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT209600"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-12015",
"datePublished": "2018-06-07T13:00:00",
"dateReserved": "2018-06-07T00:00:00",
"dateUpdated": "2024-08-05T08:24:03.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2201
Vulnerability from cvelistv5
Published
2011-09-14 15:00
Modified
2024-08-06 22:53
Severity ?
EPSS score ?
Summary
The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/48167 | vdb-entry, x_refsource_BID | |
| https://rt.cpan.org/Public/Bug/Display.html?id=61792 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2011/06/13/5 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2011/06/12/3 | mailing-list, x_refsource_MLIST | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511 | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=712694 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2011/06/13/13 | mailing-list, x_refsource_MLIST | |
| http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065416.html | vendor-advisory, x_refsource_FEDORA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:53:17.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "48167",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/48167"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=61792"
},
{
"name": "[oss-security] 20110613 Re: CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/13/5"
},
{
"name": "[oss-security] 20110612 CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/12/3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=712694"
},
{
"name": "[oss-security] 20110613 Re: CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/13/13"
},
{
"name": "FEDORA-2011-11680",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065416.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Data::FormValidator module 4.66 and earlier for Perl, when untaint_all_constraints is enabled, does not properly preserve the taint attribute of data, which might allow remote attackers to bypass the taint protection mechanism via form input."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-09-14T15:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "48167",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/48167"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=61792"
},
{
"name": "[oss-security] 20110613 Re: CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/13/5"
},
{
"name": "[oss-security] 20110612 CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/12/3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=629511"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=712694"
},
{
"name": "[oss-security] 20110613 Re: CVE Request -- Data-FormValidator -- Reports invalid field as valid when untaint_all_constraints used",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/06/13/13"
},
{
"name": "FEDORA-2011-11680",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-September/065416.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2201",
"datePublished": "2011-09-14T15:00:00Z",
"dateReserved": "2011-05-31T00:00:00Z",
"dateUpdated": "2024-08-06T22:53:17.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-4777
Vulnerability from cvelistv5
Published
2014-02-10 17:00
Modified
2024-08-07 03:55
Severity ?
EPSS score ?
Summary
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html | vendor-advisory, x_refsource_SUSE | |
| https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html | mailing-list, x_refsource_MLIST | |
| https://bugzilla.redhat.com/show_bug.cgi?id=694166 | x_refsource_MISC | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836 | x_refsource_MISC | |
| http://forums.ocsinventory-ng.org/viewtopic.php?id=7215 | x_refsource_MISC | |
| https://rt.perl.org/Public/Bug/Display.html?id=76538 | x_refsource_CONFIRM | |
| http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html | vendor-advisory, x_refsource_SUSE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:55:35.106Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "[Postfixbuch-users] 20110222 proxy-reject: END-OF-MESSAGE: 451 4.3.0\tError: queue file write error",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694166"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forums.ocsinventory-ng.org/viewtopic.php?id=7215"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=76538"
},
{
"name": "openSUSE-SU-2011:0479",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-02-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-02-10T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "[Postfixbuch-users] 20110222 proxy-reject: END-OF-MESSAGE: 451 4.3.0\tError: queue file write error",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694166"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forums.ocsinventory-ng.org/viewtopic.php?id=7215"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=76538"
},
{
"name": "openSUSE-SU-2011:0479",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4777",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2011:009",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "[Postfixbuch-users] 20110222 proxy-reject: END-OF-MESSAGE: 451 4.3.0\tError: queue file write error",
"refsource": "MLIST",
"url": "https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=694166",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=694166"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836"
},
{
"name": "http://forums.ocsinventory-ng.org/viewtopic.php?id=7215",
"refsource": "MISC",
"url": "http://forums.ocsinventory-ng.org/viewtopic.php?id=7215"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=76538",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=76538"
},
{
"name": "openSUSE-SU-2011:0479",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4777",
"datePublished": "2014-02-10T17:00:00",
"dateReserved": "2011-03-28T00:00:00",
"dateUpdated": "2024-08-07T03:55:35.106Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1246
Vulnerability from cvelistv5
Published
2016-10-05 16:00
Modified
2024-08-05 22:48
Severity ?
EPSS score ?
Summary
Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message.
References
| ▼ | URL | Tags |
|---|---|---|
| http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html | x_refsource_CONFIRM | |
| https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/93337 | vdb-entry, x_refsource_BID | |
| http://www.debian.org/security/2016/dsa-3684 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/201701-51 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2"
},
{
"name": "93337",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/93337"
},
{
"name": "DSA-3684",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3684"
},
{
"name": "GLSA-201701-51",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-51"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2"
},
{
"name": "93337",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/93337"
},
{
"name": "DSA-3684",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3684"
},
{
"name": "GLSA-201701-51",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-51"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-1246",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the DBD::mysql module before 4.037 for Perl allows context-dependent attackers to cause a denial of service (crash) via vectors related to an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html",
"refsource": "CONFIRM",
"url": "http://blogs.perl.org/users/mike_b/2016/10/security-release---buffer-overflow-in-dbdmysql-perl-library.html"
},
{
"name": "https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2",
"refsource": "CONFIRM",
"url": "https://github.com/perl5-dbi/DBD-mysql/commit/7c164a0c86cec6ee95df1d141e67b0e85dfdefd2"
},
{
"name": "93337",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/93337"
},
{
"name": "DSA-3684",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3684"
},
{
"name": "GLSA-201701-51",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-51"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-1246",
"datePublished": "2016-10-05T16:00:00",
"dateReserved": "2015-12-27T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-4363
Vulnerability from cvelistv5
Published
2012-10-07 21:00
Modified
2024-09-16 22:14
Severity ?
EPSS score ?
Summary
ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.openwall.com/lists/oss-security/2011/11/30/2 | mailing-list, x_refsource_MLIST | |
| http://www.securityfocus.com/bid/50868 | vdb-entry, x_refsource_BID | |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4363 | x_refsource_MISC | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500 | x_refsource_MISC | |
| http://secunia.com/advisories/47015 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.openwall.com/lists/oss-security/2011/11/30/3 | mailing-list, x_refsource_MLIST | |
| http://www.osvdb.org/77428 | vdb-entry, x_refsource_OSVDB | |
| https://rt.cpan.org/Public/Bug/Display.html?id=72862 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T00:09:18.328Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20111130 CVE request: Proc::ProcessTable perl module",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/30/2"
},
{
"name": "50868",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/50868"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4363"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500"
},
{
"name": "47015",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/47015"
},
{
"name": "[oss-security] 20111130 Re: CVE request: Proc::ProcessTable perl module",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/30/3"
},
{
"name": "77428",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/77428"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=72862"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-10-07T21:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20111130 CVE request: Proc::ProcessTable perl module",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/30/2"
},
{
"name": "50868",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/50868"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4363"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500"
},
{
"name": "47015",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/47015"
},
{
"name": "[oss-security] 20111130 Re: CVE request: Proc::ProcessTable perl module",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/11/30/3"
},
{
"name": "77428",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/77428"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=72862"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-4363",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ProcessTable.pm in the Proc::ProcessTable module 0.45 for Perl, when TTY information caching is enabled, allows local users to overwrite arbitrary files via a symlink attack on /tmp/TTYDEVS."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[oss-security] 20111130 CVE request: Proc::ProcessTable perl module",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/11/30/2"
},
{
"name": "50868",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/50868"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4363",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4363"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500",
"refsource": "MISC",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=650500"
},
{
"name": "47015",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/47015"
},
{
"name": "[oss-security] 20111130 Re: CVE request: Proc::ProcessTable perl module",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/11/30/3"
},
{
"name": "77428",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/77428"
},
{
"name": "https://rt.cpan.org/Public/Bug/Display.html?id=72862",
"refsource": "CONFIRM",
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=72862"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-4363",
"datePublished": "2012-10-07T21:00:00Z",
"dateReserved": "2011-11-04T00:00:00Z",
"dateUpdated": "2024-09-16T22:14:01.157Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-2728
Vulnerability from cvelistv5
Published
2012-12-21 02:00
Modified
2024-08-06 23:08
Severity ?
EPSS score ?
Summary
The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.
References
| ▼ | URL | Tags |
|---|---|---|
| http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod | x_refsource_CONFIRM | |
| http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77 | x_refsource_MISC | |
| https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1 | x_refsource_CONFIRM | |
| http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.securityfocus.com/bid/49858 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/46172 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=742987 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:08:23.771Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1"
},
{
"name": "FEDORA-2011-15484",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html"
},
{
"name": "49858",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49858"
},
{
"name": "46172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46172"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742987"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-21T02:00:00Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1"
},
{
"name": "FEDORA-2011-15484",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html"
},
{
"name": "49858",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49858"
},
{
"name": "46172",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46172"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=742987"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-2728",
"datePublished": "2012-12-21T02:00:00Z",
"dateReserved": "2011-07-11T00:00:00Z",
"dateUpdated": "2024-08-06T23:08:23.771Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47100
Vulnerability from cvelistv5
Published
2023-12-02 00:00
Modified
2024-08-02 21:01
Severity ?
EPSS score ?
Summary
In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Perl before 5.38.2, S_parse_uniprop_string in regcomp.c can write to unallocated space because a property name associated with a \\p{...} regular expression construct is mishandled. The earliest affected version is 5.30.0."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-14T04:19:29.157322",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/Perl/perl5/commit/ff1f9f59360afeebd6f75ca1502f5c3ebf077da3"
},
{
"url": "https://github.com/Perl/perl5/commit/7047915eef37fccd93e7cd985c29fe6be54650b6"
},
{
"url": "https://github.com/Perl/perl5/commit/12c313ce49b36160a7ca2e9b07ad5bd92ee4a010"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-47100",
"datePublished": "2023-12-02T00:00:00",
"dateReserved": "2023-10-30T00:00:00",
"dateUpdated": "2024-08-02T21:01:22.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-1238
Vulnerability from cvelistv5
Published
2016-08-02 14:00
Modified
2024-08-05 22:48
Severity ?
EPSS score ?
Summary
(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:48:13.656Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201701-75",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "GLSA-201812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab"
},
{
"name": "1036440",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036440"
},
{
"name": "DSA-3628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3628"
},
{
"name": "[announce] 20180916 [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 \u0026 CVE-2018-11781",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E"
},
{
"name": "FEDORA-2016-6ec2009080",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/"
},
{
"name": "[perl.perl5.porters] 20160725 CVE-2016-1238: Important unsafe module load path flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html"
},
{
"name": "FEDORA-2016-e9e5c081d4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"name": "FEDORA-2016-dd20a4631a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/"
},
{
"name": "92136",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/92136"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=127834"
},
{
"name": "openSUSE-SU-2019:1831",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-08-06T20:06:06",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "GLSA-201701-75",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "GLSA-201812-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab"
},
{
"name": "1036440",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036440"
},
{
"name": "DSA-3628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3628"
},
{
"name": "[announce] 20180916 [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 \u0026 CVE-2018-11781",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c%40%3Cannounce.apache.org%3E"
},
{
"name": "FEDORA-2016-6ec2009080",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/"
},
{
"name": "[perl.perl5.porters] 20160725 CVE-2016-1238: Important unsafe module load path flaw",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html"
},
{
"name": "FEDORA-2016-e9e5c081d4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"name": "FEDORA-2016-dd20a4631a",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/"
},
{
"name": "92136",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/92136"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=127834"
},
{
"name": "openSUSE-SU-2019:1831",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-1238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201701-75",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "GLSA-201812-07",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201812-07"
},
{
"name": "http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab"
},
{
"name": "1036440",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036440"
},
{
"name": "DSA-3628",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3628"
},
{
"name": "[announce] 20180916 [SECURITY] Apache SpamAssassin 3.4.2 resolves CVE-2017-15705, CVE-2016-1238, CVE-2018-11780 \u0026 CVE-2018-11781",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E"
},
{
"name": "FEDORA-2016-6ec2009080",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/"
},
{
"name": "[perl.perl5.porters] 20160725 CVE-2016-1238: Important unsafe module load path flaw",
"refsource": "MLIST",
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html"
},
{
"name": "FEDORA-2016-e9e5c081d4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"name": "FEDORA-2016-dd20a4631a",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/"
},
{
"name": "92136",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/92136"
},
{
"name": "[debian-lts-announce] 20181113 [SECURITY] [DLA 1578-1] spamassassin security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=127834",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=127834"
},
{
"name": "openSUSE-SU-2019:1831",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-1238",
"datePublished": "2016-08-02T14:00:00",
"dateReserved": "2015-12-27T00:00:00",
"dateUpdated": "2024-08-05T22:48:13.656Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-6185
Vulnerability from cvelistv5
Published
2016-08-02 14:00
Modified
2024-08-06 01:22
Severity ?
EPSS score ?
Summary
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T01:22:20.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2016-eb2592245b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/"
},
{
"name": "GLSA-201701-75",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "USN-3625-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3625-2/"
},
{
"name": "FEDORA-2016-485dff6060",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/"
},
{
"name": "1036260",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1036260"
},
{
"name": "DSA-3628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3628"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7"
},
{
"name": "91685",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/91685"
},
{
"name": "[oss-security] 20160707 CVE Request: perl: XSLoader: could load shared library from incorrect location",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/07/1"
},
{
"name": "FEDORA-2016-742bde2be7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/"
},
{
"name": "[oss-security] 20160708 Re: CVE Request: perl: XSLoader: could load shared library from incorrect location",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/08/5"
},
{
"name": "USN-3625-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=115808"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-07-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-01T09:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "FEDORA-2016-eb2592245b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/"
},
{
"name": "GLSA-201701-75",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "USN-3625-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3625-2/"
},
{
"name": "FEDORA-2016-485dff6060",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/"
},
{
"name": "1036260",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1036260"
},
{
"name": "DSA-3628",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3628"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7"
},
{
"name": "91685",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/91685"
},
{
"name": "[oss-security] 20160707 CVE Request: perl: XSLoader: could load shared library from incorrect location",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/07/1"
},
{
"name": "FEDORA-2016-742bde2be7",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/"
},
{
"name": "[oss-security] 20160708 Re: CVE Request: perl: XSLoader: could load shared library from incorrect location",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/07/08/5"
},
{
"name": "USN-3625-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=115808"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-6185",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2016-eb2592245b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/"
},
{
"name": "GLSA-201701-75",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "USN-3625-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3625-2/"
},
{
"name": "FEDORA-2016-485dff6060",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/"
},
{
"name": "1036260",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1036260"
},
{
"name": "DSA-3628",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3628"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7"
},
{
"name": "91685",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/91685"
},
{
"name": "[oss-security] 20160707 CVE Request: perl: XSLoader: could load shared library from incorrect location",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/07/1"
},
{
"name": "FEDORA-2016-742bde2be7",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/"
},
{
"name": "[oss-security] 20160708 Re: CVE Request: perl: XSLoader: could load shared library from incorrect location",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/07/08/5"
},
{
"name": "USN-3625-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"name": "https://rt.cpan.org/Public/Bug/Display.html?id=115808",
"refsource": "CONFIRM",
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=115808"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-6185",
"datePublished": "2016-08-02T14:00:00",
"dateReserved": "2016-07-08T00:00:00",
"dateUpdated": "2024-08-06T01:22:20.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1927
Vulnerability from cvelistv5
Published
2008-04-23 17:00
Modified
2024-08-07 08:41
Severity ?
EPSS score ?
Summary
Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:41:00.168Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm"
},
{
"name": "ADV-2008-2424",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2424"
},
{
"name": "31328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31328"
},
{
"name": "FEDORA-2008-3399",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00607.html"
},
{
"name": "44588",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/44588"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"name": "33937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33937"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156"
},
{
"name": "RHSA-2008:0532",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0532.html"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31687"
},
{
"name": "perl-utf8-dos(41996)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41996"
},
{
"name": "USN-700-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"name": "oval:org.mitre.oval:def:10579",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10579"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "29948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29948"
},
{
"name": "APPLE-SA-2009-02-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "GLSA-200805-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-17.xml"
},
{
"name": "1020253",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020253"
},
{
"name": "ADV-2008-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2361"
},
{
"name": "31467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31467"
},
{
"name": "RHSA-2008:0522",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0522.html"
},
{
"name": "FEDORA-2008-3392",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00601.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm"
},
{
"name": "33314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33314"
},
{
"name": "ADV-2009-0422",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"name": "31604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31604"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792"
},
{
"name": "28928",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28928"
},
{
"name": "20090120 rPSA-2009-0011-1 perl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"name": "30624",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30624"
},
{
"name": "30025",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30025"
},
{
"name": "USN-700-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"name": "30326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30326"
},
{
"name": "MDVSA-2008:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:100"
},
{
"name": "DSA-1556",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1556"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=41"
},
{
"name": "31208",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31208"
},
{
"name": "ADV-2008-2265",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2265/references"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm"
},
{
"name": "ADV-2008-2424",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2424"
},
{
"name": "31328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31328"
},
{
"name": "FEDORA-2008-3399",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00607.html"
},
{
"name": "44588",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/44588"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"name": "33937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33937"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156"
},
{
"name": "RHSA-2008:0532",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0532.html"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31687"
},
{
"name": "perl-utf8-dos(41996)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41996"
},
{
"name": "USN-700-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"name": "oval:org.mitre.oval:def:10579",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10579"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "29948",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29948"
},
{
"name": "APPLE-SA-2009-02-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "GLSA-200805-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-17.xml"
},
{
"name": "1020253",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020253"
},
{
"name": "ADV-2008-2361",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2361"
},
{
"name": "31467",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31467"
},
{
"name": "RHSA-2008:0522",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2008-0522.html"
},
{
"name": "FEDORA-2008-3392",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00601.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm"
},
{
"name": "33314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33314"
},
{
"name": "ADV-2009-0422",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"name": "31604",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31604"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792"
},
{
"name": "28928",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28928"
},
{
"name": "20090120 rPSA-2009-0011-1 perl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"name": "30624",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30624"
},
{
"name": "30025",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30025"
},
{
"name": "USN-700-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"name": "30326",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30326"
},
{
"name": "MDVSA-2008:100",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:100"
},
{
"name": "DSA-1556",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1556"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=41"
},
{
"name": "31208",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31208"
},
{
"name": "ADV-2008-2265",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2265/references"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1927",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2008:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-317.htm"
},
{
"name": "ADV-2008-2424",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2424"
},
{
"name": "31328",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31328"
},
{
"name": "FEDORA-2008-3399",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00607.html"
},
{
"name": "44588",
"refsource": "OSVDB",
"url": "http://osvdb.org/44588"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0011",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"name": "33937",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33937"
},
{
"name": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156",
"refsource": "MISC",
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=48156"
},
{
"name": "RHSA-2008:0532",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0532.html"
},
{
"name": "31687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31687"
},
{
"name": "perl-utf8-dos(41996)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41996"
},
{
"name": "USN-700-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"name": "oval:org.mitre.oval:def:10579",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10579"
},
{
"name": "http://support.apple.com/kb/HT3438",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "29948",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29948"
},
{
"name": "APPLE-SA-2009-02-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "GLSA-200805-17",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200805-17.xml"
},
{
"name": "1020253",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020253"
},
{
"name": "ADV-2008-2361",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2361"
},
{
"name": "31467",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31467"
},
{
"name": "RHSA-2008:0522",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2008-0522.html"
},
{
"name": "FEDORA-2008-3392",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00601.html"
},
{
"name": "http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm",
"refsource": "CONFIRM",
"url": "http://support.avaya.com/elmodocs2/security/ASA-2008-361.htm"
},
{
"name": "33314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33314"
},
{
"name": "ADV-2009-0422",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"name": "31604",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31604"
},
{
"name": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html",
"refsource": "CONFIRM",
"url": "http://www.vmware.com/security/advisories/VMSA-2008-0013.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=454792"
},
{
"name": "28928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28928"
},
{
"name": "20090120 rPSA-2009-0011-1 perl",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"name": "30624",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30624"
},
{
"name": "30025",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30025"
},
{
"name": "USN-700-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"name": "30326",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30326"
},
{
"name": "MDVSA-2008:100",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:100"
},
{
"name": "DSA-1556",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1556"
},
{
"name": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=41",
"refsource": "CONFIRM",
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=41"
},
{
"name": "31208",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31208"
},
{
"name": "ADV-2008-2265",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2265/references"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1927",
"datePublished": "2008-04-23T17:00:00",
"dateReserved": "2008-04-23T00:00:00",
"dateUpdated": "2024-08-07T08:41:00.168Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5302
Vulnerability from cvelistv5
Published
2008-12-01 17:00
Modified
2024-08-07 10:49
Severity ?
EPSS score ?
Summary
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32980",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32980"
},
{
"name": "perl-filepath-symlink(47043)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47043"
},
{
"name": "oval:org.mitre.oval:def:6890",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"name": "DSA-1678",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1678"
},
{
"name": "USN-700-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"name": "[oss-security] 20081128 Re: [oss-security] CVE Request - cups, dovecot-managesieve, perl, wireshark",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/2"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "33314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33314"
},
{
"name": "20090120 rPSA-2009-0011-1 perl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"name": "USN-700-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"name": "oval:org.mitre.oval:def:11076",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "40052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40052"
},
{
"name": "RHSA-2010:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gossamer-threads.com/lists/perl/porters/233695#233695"
},
{
"name": "MDVSA-2010:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32980",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32980"
},
{
"name": "perl-filepath-symlink(47043)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47043"
},
{
"name": "oval:org.mitre.oval:def:6890",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"name": "DSA-1678",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1678"
},
{
"name": "USN-700-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"name": "[oss-security] 20081128 Re: [oss-security] CVE Request - cups, dovecot-managesieve, perl, wireshark",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/2"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36"
},
{
"name": "SUSE-SR:2009:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "33314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33314"
},
{
"name": "20090120 rPSA-2009-0011-1 perl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"name": "USN-700-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"name": "oval:org.mitre.oval:def:11076",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "40052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40052"
},
{
"name": "RHSA-2010:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gossamer-threads.com/lists/perl/porters/233695#233695"
},
{
"name": "MDVSA-2010:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5302",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32980",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32980"
},
{
"name": "perl-filepath-symlink(47043)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47043"
},
{
"name": "oval:org.mitre.oval:def:6890",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6890"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0011",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"name": "DSA-1678",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1678"
},
{
"name": "USN-700-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"name": "[oss-security] 20081128 Re: [oss-security] CVE Request - cups, dovecot-managesieve, perl, wireshark",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/2"
},
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36"
},
{
"name": "SUSE-SR:2009:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "33314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33314"
},
{
"name": "20090120 rPSA-2009-0011-1 perl",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"name": "USN-700-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"name": "oval:org.mitre.oval:def:11076",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11076"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "40052",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40052"
},
{
"name": "RHSA-2010:0458",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"name": "http://www.gossamer-threads.com/lists/perl/porters/233695#233695",
"refsource": "MISC",
"url": "http://www.gossamer-threads.com/lists/perl/porters/233695#233695"
},
{
"name": "MDVSA-2010:116",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5302",
"datePublished": "2008-12-01T17:00:00",
"dateReserved": "2008-12-01T00:00:00",
"dateUpdated": "2024-08-07T10:49:12.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6797
Vulnerability from cvelistv5
Published
2018-04-17 20:00
Modified
2024-08-05 06:10
Severity ?
EPSS score ?
Summary
An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securitytracker.com/id/1042004 | vdb-entry, x_refsource_SECTRACK | |
| https://access.redhat.com/errata/RHSA-2018:1192 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securitytracker.com/id/1040681 | vdb-entry, x_refsource_SECTRACK | |
| https://usn.ubuntu.com/3625-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://www.debian.org/security/2018/dsa-4172 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/201909-01 | vendor-advisory, x_refsource_GENTOO | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://rt.perl.org/Public/Bug/Display.html?id=132227 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1042004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "RHSA-2018:1192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1192"
},
{
"name": "1040681",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040681"
},
{
"name": "USN-3625-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"name": "DSA-4172",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=132227"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1042004",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "RHSA-2018:1192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1192"
},
{
"name": "1040681",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040681"
},
{
"name": "USN-3625-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"name": "DSA-4172",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=132227"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6797",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1042004",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042004"
},
{
"name": "RHSA-2018:1192",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1192"
},
{
"name": "1040681",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040681"
},
{
"name": "USN-3625-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"name": "DSA-4172",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"name": "GLSA-201909-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=132227",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=132227"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6797",
"datePublished": "2018-04-17T20:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:11.385Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-31486
Vulnerability from cvelistv5
Published
2023-04-28 00:00
Modified
2024-11-29 12:04
Severity ?
EPSS score ?
Summary
HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-11-29T12:04:38.466Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/04/18/14"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/"
},
{
"tags": [
"x_transferred"
],
"url": "https://hackeriet.github.io/cpan-http-tiny-overview/"
},
{
"name": "[oss-security] 20230429 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/29/1"
},
{
"name": "[oss-security] 20230503 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/3"
},
{
"name": "[oss-security] 20230503 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/5"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/05/03/4"
},
{
"name": "[oss-security] 20230507 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/07/2"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/chansen/p5-http-tiny/pull/153"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241129-0011/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "HTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where users must opt in to verify certificates."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-20T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/04/18/14"
},
{
"url": "https://www.reddit.com/r/perl/comments/111tadi/psa_httptiny_disabled_ssl_verification_by_default/"
},
{
"url": "https://hackeriet.github.io/cpan-http-tiny-overview/"
},
{
"name": "[oss-security] 20230429 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/29/1"
},
{
"name": "[oss-security] 20230503 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/3"
},
{
"name": "[oss-security] 20230503 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/5"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/05/03/4"
},
{
"name": "[oss-security] 20230507 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/07/2"
},
{
"url": "https://github.com/chansen/p5-http-tiny/pull/153"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-31486",
"datePublished": "2023-04-28T00:00:00",
"dateReserved": "2023-04-28T00:00:00",
"dateUpdated": "2024-11-29T12:04:38.466Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10878
Vulnerability from cvelistv5
Published
2020-06-05 13:27
Modified
2024-08-04 11:14
Severity ?
EPSS score ?
Summary
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:14:15.674Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-202006-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"name": "FEDORA-2020-fd73c08076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"name": "openSUSE-SU-2020:0850",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:20:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-202006-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"name": "FEDORA-2020-fd73c08076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"name": "openSUSE-SU-2020:0850",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10878",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-202006-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"name": "FEDORA-2020-fd73c08076",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"name": "openSUSE-SU-2020:0850",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3",
"refsource": "CONFIRM",
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"name": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod",
"refsource": "CONFIRM",
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200611-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"name": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8",
"refsource": "CONFIRM",
"url": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8"
},
{
"name": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c",
"refsource": "CONFIRM",
"url": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10878",
"datePublished": "2020-06-05T13:27:22",
"dateReserved": "2020-03-23T00:00:00",
"dateUpdated": "2024-08-04T11:14:15.674Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2016-2381
Vulnerability from cvelistv5
Published
2016-04-08 15:00
Modified
2024-08-05 23:24
Severity ?
EPSS score ?
Summary
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T23:24:49.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201701-75",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "DSA-3501",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3501"
},
{
"name": "[porters] 20160301 CVE-2016-2381: duplicate environment variables",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.gossamer-threads.com/lists/perl/porters/326387"
},
{
"name": "USN-2916-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"name": "83802",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/83802"
},
{
"name": "openSUSE-SU-2016:0881",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-03-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201701-75",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "DSA-3501",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3501"
},
{
"name": "[porters] 20160301 CVE-2016-2381: duplicate environment variables",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.gossamer-threads.com/lists/perl/porters/326387"
},
{
"name": "USN-2916-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"name": "83802",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/83802"
},
{
"name": "openSUSE-SU-2016:0881",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-2381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201701-75",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "DSA-3501",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3501"
},
{
"name": "[porters] 20160301 CVE-2016-2381: duplicate environment variables",
"refsource": "MLIST",
"url": "http://www.gossamer-threads.com/lists/perl/porters/326387"
},
{
"name": "USN-2916-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"name": "83802",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/83802"
},
{
"name": "openSUSE-SU-2016:0881",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-2381",
"datePublished": "2016-04-08T15:00:00",
"dateReserved": "2016-02-13T00:00:00",
"dateUpdated": "2024-08-05T23:24:49.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18313
Vulnerability from cvelistv5
Published
2018-12-07 21:00
Modified
2024-08-05 11:08
Severity ?
EPSS score ?
Summary
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.173Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4347",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"name": "1042181",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"name": "RHSA-2019:0010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"name": "USN-3834-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3834-2/"
},
{
"name": "FEDORA-2018-9dbe983805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"name": "RHSA-2019:0001",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"name": "USN-3834-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646738"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Ticket/Display.html?id=133192"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4347",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"name": "1042181",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"name": "RHSA-2019:0010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"name": "USN-3834-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3834-2/"
},
{
"name": "FEDORA-2018-9dbe983805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"name": "RHSA-2019:0001",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"name": "USN-3834-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT209600"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646738"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Ticket/Display.html?id=133192"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18313",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4347",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"name": "1042181",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042181"
},
{
"name": "RHSA-2019:0010",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"name": "USN-3834-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3834-2/"
},
{
"name": "FEDORA-2018-9dbe983805",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"name": "RHSA-2019:0001",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"name": "USN-3834-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"refsource": "BUGTRAQ",
"url": "https://seclists.org/bugtraq/2019/Mar/42"
},
{
"name": "20190326 APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2019/Mar/49"
},
{
"name": "GLSA-201909-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://support.apple.com/kb/HT209600",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT209600"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190221-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"name": "https://metacpan.org/changes/release/SHAY/perl-5.26.3",
"refsource": "CONFIRM",
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1646738",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646738"
},
{
"name": "https://rt.perl.org/Ticket/Display.html?id=133192",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Ticket/Display.html?id=133192"
},
{
"name": "https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62",
"refsource": "CONFIRM",
"url": "https://github.com/Perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18313",
"datePublished": "2018-12-07T21:00:00",
"dateReserved": "2018-10-14T00:00:00",
"dateUpdated": "2024-08-05T11:08:21.173Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8853
Vulnerability from cvelistv5
Published
2016-05-25 15:00
Modified
2024-08-06 08:29
Severity ?
EPSS score ?
Summary
The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:29:22.074Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201701-75",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "[oss-security] 20160420 Re: CVE Request: perl: denial-of-service / Regexp-matching \"hangs\" indefinitely on illegal input using binmode :utf8 using 100%CPU",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/7"
},
{
"name": "USN-3625-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3625-2/"
},
{
"name": "[oss-security] 20160420 CVE Request: perl: denial-of-service / Regexp-matching \"hangs\" indefinitely on illegal input using binmode :utf8 using 100%CPU",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=123562"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "86707",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/86707"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329106"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5"
},
{
"name": "USN-3625-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"name": "FEDORA-2016-5a9313e4b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-01-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by \"a\\x80.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-05-01T09:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "GLSA-201701-75",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "[oss-security] 20160420 Re: CVE Request: perl: denial-of-service / Regexp-matching \"hangs\" indefinitely on illegal input using binmode :utf8 using 100%CPU",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/7"
},
{
"name": "USN-3625-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3625-2/"
},
{
"name": "[oss-security] 20160420 CVE Request: perl: denial-of-service / Regexp-matching \"hangs\" indefinitely on illegal input using binmode :utf8 using 100%CPU",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=123562"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "86707",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/86707"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329106"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5"
},
{
"name": "USN-3625-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"name": "FEDORA-2016-5a9313e4b4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-8853",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by \"a\\x80.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201701-75",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201701-75"
},
{
"name": "[oss-security] 20160420 Re: CVE Request: perl: denial-of-service / Regexp-matching \"hangs\" indefinitely on illegal input using binmode :utf8 using 100%CPU",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/7"
},
{
"name": "USN-3625-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3625-2/"
},
{
"name": "[oss-security] 20160420 CVE Request: perl: denial-of-service / Regexp-matching \"hangs\" indefinitely on illegal input using binmode :utf8 using 100%CPU",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/04/20/5"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=123562",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=123562"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"
},
{
"name": "86707",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/86707"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1329106",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329106"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"name": "http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/commitdiff/22b433eff9a1ffa2454e18405a56650f07b385b5"
},
{
"name": "USN-3625-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"name": "FEDORA-2016-5a9313e4b4",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183592.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-8853",
"datePublished": "2016-05-25T15:00:00",
"dateReserved": "2016-04-20T00:00:00",
"dateUpdated": "2024-08-06T08:29:22.074Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2009-0663
Vulnerability from cvelistv5
Published
2009-04-30 20:00
Modified
2024-08-07 04:40
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.324Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2009:1067",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1067.html"
},
{
"name": "libdbdpgperl-unspecified-bo(50467)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50467"
},
{
"name": "34755",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34755"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://launchpad.net/bugs/cve/2009-0663"
},
{
"name": "34909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/34909"
},
{
"name": "RHSA-2009:0479",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0479.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "oval:org.mitre.oval:def:9499",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9499"
},
{
"name": "DSA-1780",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1780"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "35058",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2009:1067",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-1067.html"
},
{
"name": "libdbdpgperl-unspecified-bo(50467)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50467"
},
{
"name": "34755",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34755"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://launchpad.net/bugs/cve/2009-0663"
},
{
"name": "34909",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/34909"
},
{
"name": "RHSA-2009:0479",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2009-0479.html"
},
{
"name": "35685",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35685"
},
{
"name": "oval:org.mitre.oval:def:9499",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9499"
},
{
"name": "DSA-1780",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1780"
},
{
"name": "SUSE-SR:2009:012",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "35058",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35058"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0663",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module 1.49 for Perl might allow context-dependent attackers to execute arbitrary code via unspecified input to an application that uses the getline and pg_getline functions to read database rows."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2009:1067",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-1067.html"
},
{
"name": "libdbdpgperl-unspecified-bo(50467)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50467"
},
{
"name": "34755",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34755"
},
{
"name": "http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz",
"refsource": "CONFIRM",
"url": "http://security.debian.org/pool/updates/main/libd/libdbd-pg-perl/libdbd-pg-perl_1.49-2+etch1.diff.gz"
},
{
"name": "https://launchpad.net/bugs/cve/2009-0663",
"refsource": "MISC",
"url": "https://launchpad.net/bugs/cve/2009-0663"
},
{
"name": "34909",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/34909"
},
{
"name": "RHSA-2009:0479",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2009-0479.html"
},
{
"name": "35685",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35685"
},
{
"name": "oval:org.mitre.oval:def:9499",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9499"
},
{
"name": "DSA-1780",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1780"
},
{
"name": "SUSE-SR:2009:012",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00002.html"
},
{
"name": "35058",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35058"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0663",
"datePublished": "2009-04-30T20:00:00",
"dateReserved": "2009-02-22T00:00:00",
"dateUpdated": "2024-08-07T04:40:05.324Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3962
Vulnerability from cvelistv5
Published
2005-12-01 17:00
Modified
2024-08-07 23:31
Severity ?
EPSS score ?
Summary
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.716Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-4750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "oval:org.mitre.oval:def:1074",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074"
},
{
"name": "VU#948385",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/948385"
},
{
"name": "22255",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22255"
},
{
"name": "17941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17941"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm"
},
{
"name": "20051201 Perl format string integer wrap vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/418333/100/0/threaded"
},
{
"name": "HPSBTU02125",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438726/100/0/threaded"
},
{
"name": "20051201 Perl format string integer wrap vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=113342788118630\u0026w=2"
},
{
"name": "ADV-2005-2688",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2688"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.dyadsecurity.com/perl-0002.html"
},
{
"name": "21345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/21345"
},
{
"name": "15629",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15629"
},
{
"name": "RHSA-2005:881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-881.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "oval:org.mitre.oval:def:10598",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598"
},
{
"name": "DSA-943",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-943"
},
{
"name": "[3.7] 20060105 007: SECURITY FIX: January 5, 2006",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD",
"x_transferred"
],
"url": "http://www.openbsd.org/errata37.html#perl"
},
{
"name": "17993",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17993"
},
{
"name": "18075",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18075"
},
{
"name": "FLSA-2006:176731",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html"
},
{
"name": "CLSA-2006:1056",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=001056"
},
{
"name": "OpenPKG-SA-2005.025",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG",
"x_transferred"
],
"url": "http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html"
},
{
"name": "SSRT061105",
"tags": [
"vendor-advisory",
"x_refsource_HP",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/438726/100/0/threaded"
},
{
"name": "ADV-2006-0771",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0771"
},
{
"name": "20060101-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI",
"x_transferred"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"name": "20894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20894"
},
{
"name": "USN-222-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/222-1/"
},
{
"name": "ADV-2006-2613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2613"
},
{
"name": "18413",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18413"
},
{
"name": "23155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23155"
},
{
"name": "17762",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17762"
},
{
"name": "18187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18187"
},
{
"name": "TSLSA-2005-0070",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2005/0070"
},
{
"name": "18517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18517"
},
{
"name": "18295",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18295"
},
{
"name": "SUSE-SA:2005:071",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_71_perl.html"
},
{
"name": "18183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18183"
},
{
"name": "RHSA-2005:880",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-880.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch"
},
{
"name": "APPLE-SA-2006-11-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"name": "102192",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT",
"x_transferred"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1"
},
{
"name": "17952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17952"
},
{
"name": "MDKSA-2005:225",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:225"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=41"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch"
},
{
"name": "GLSA-200512-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml"
},
{
"name": "31208",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31208"
},
{
"name": "17802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17802"
},
{
"name": "SUSE-SR:2005:029",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_29_sr.html"
},
{
"name": "19041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19041"
},
{
"name": "17844",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17844"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "ADV-2006-4750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "oval:org.mitre.oval:def:1074",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074"
},
{
"name": "VU#948385",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/948385"
},
{
"name": "22255",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22255"
},
{
"name": "17941",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17941"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm"
},
{
"name": "20051201 Perl format string integer wrap vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/418333/100/0/threaded"
},
{
"name": "HPSBTU02125",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/438726/100/0/threaded"
},
{
"name": "20051201 Perl format string integer wrap vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://marc.info/?l=full-disclosure\u0026m=113342788118630\u0026w=2"
},
{
"name": "ADV-2005-2688",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2688"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.dyadsecurity.com/perl-0002.html"
},
{
"name": "21345",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/21345"
},
{
"name": "15629",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15629"
},
{
"name": "RHSA-2005:881",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-881.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "oval:org.mitre.oval:def:10598",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598"
},
{
"name": "DSA-943",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-943"
},
{
"name": "[3.7] 20060105 007: SECURITY FIX: January 5, 2006",
"tags": [
"vendor-advisory",
"x_refsource_OPENBSD"
],
"url": "http://www.openbsd.org/errata37.html#perl"
},
{
"name": "17993",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17993"
},
{
"name": "18075",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18075"
},
{
"name": "FLSA-2006:176731",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html"
},
{
"name": "CLSA-2006:1056",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=001056"
},
{
"name": "OpenPKG-SA-2005.025",
"tags": [
"vendor-advisory",
"x_refsource_OPENPKG"
],
"url": "http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html"
},
{
"name": "SSRT061105",
"tags": [
"vendor-advisory",
"x_refsource_HP"
],
"url": "http://www.securityfocus.com/archive/1/438726/100/0/threaded"
},
{
"name": "ADV-2006-0771",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0771"
},
{
"name": "20060101-01-U",
"tags": [
"vendor-advisory",
"x_refsource_SGI"
],
"url": "ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U"
},
{
"name": "20894",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20894"
},
{
"name": "USN-222-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/222-1/"
},
{
"name": "ADV-2006-2613",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2613"
},
{
"name": "18413",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18413"
},
{
"name": "23155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23155"
},
{
"name": "17762",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17762"
},
{
"name": "18187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18187"
},
{
"name": "TSLSA-2005-0070",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2005/0070"
},
{
"name": "18517",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18517"
},
{
"name": "18295",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18295"
},
{
"name": "SUSE-SA:2005:071",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_71_perl.html"
},
{
"name": "18183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18183"
},
{
"name": "RHSA-2005:880",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-880.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch"
},
{
"name": "APPLE-SA-2006-11-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "TA06-333A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"name": "102192",
"tags": [
"vendor-advisory",
"x_refsource_SUNALERT"
],
"url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1"
},
{
"name": "17952",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17952"
},
{
"name": "MDKSA-2005:225",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:225"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.ipcop.org/index.php?name=News\u0026file=article\u0026sid=41"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch"
},
{
"name": "GLSA-200512-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml"
},
{
"name": "31208",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31208"
},
{
"name": "17802",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17802"
},
{
"name": "SUSE-SR:2005:029",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_29_sr.html"
},
{
"name": "19041",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19041"
},
{
"name": "17844",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17844"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2005-3962",
"datePublished": "2005-12-01T17:00:00",
"dateReserved": "2005-12-01T00:00:00",
"dateUpdated": "2024-08-07T23:31:48.716Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6913
Vulnerability from cvelistv5
Published
2018-04-17 20:00
Modified
2024-08-05 06:17
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.
References
| ▼ | URL | Tags |
|---|---|---|
| https://usn.ubuntu.com/3625-2/ | vendor-advisory, x_refsource_UBUNTU | |
| http://www.securityfocus.com/bid/103953 | vdb-entry, x_refsource_BID | |
| https://lists.debian.org/debian-lts-announce/2018/04/msg00009.html | mailing-list, x_refsource_MLIST | |
| http://www.securitytracker.com/id/1040681 | vdb-entry, x_refsource_SECTRACK | |
| https://usn.ubuntu.com/3625-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://www.debian.org/security/2018/dsa-4172 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/201909-01 | vendor-advisory, x_refsource_GENTOO | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://rt.perl.org/Public/Bug/Display.html?id=131844 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:17:17.123Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "USN-3625-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3625-2/"
},
{
"name": "103953",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/103953"
},
{
"name": "[debian-lts-announce] 20180414 [SECURITY] [DLA 1345-1] perl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00009.html"
},
{
"name": "1040681",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040681"
},
{
"name": "USN-3625-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"name": "DSA-4172",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131844"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "USN-3625-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3625-2/"
},
{
"name": "103953",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/103953"
},
{
"name": "[debian-lts-announce] 20180414 [SECURITY] [DLA 1345-1] perl security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00009.html"
},
{
"name": "1040681",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040681"
},
{
"name": "USN-3625-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"name": "DSA-4172",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131844"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6913",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "USN-3625-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3625-2/"
},
{
"name": "103953",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/103953"
},
{
"name": "[debian-lts-announce] 20180414 [SECURITY] [DLA 1345-1] perl security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/04/msg00009.html"
},
{
"name": "1040681",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040681"
},
{
"name": "USN-3625-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"name": "DSA-4172",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"name": "GLSA-201909-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=131844",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131844"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6913",
"datePublished": "2018-04-17T20:00:00",
"dateReserved": "2018-02-11T00:00:00",
"dateUpdated": "2024-08-05T06:17:17.123Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2015-8608
Vulnerability from cvelistv5
Published
2017-02-07 15:00
Modified
2024-08-06 08:20
Severity ?
EPSS score ?
Summary
The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html | x_refsource_CONFIRM | |
| https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html | x_refsource_MISC | |
| https://rt.perl.org/Public/Bug/Display.html?id=126755 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=126755"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-04-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:52",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=126755"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8608",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
},
{
"name": "https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html",
"refsource": "MISC",
"url": "https://packetstormsecurity.com/files/136649/Perl-5.22-VDir-MapPathA-W-Out-Of-Bounds-Reads-Buffer-Over-Reads.html"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=126755",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=126755"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8608",
"datePublished": "2017-02-07T15:00:00",
"dateReserved": "2015-12-17T00:00:00",
"dateUpdated": "2024-08-06T08:20:43.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1168
Vulnerability from cvelistv5
Published
2010-06-21 16:00
Modified
2024-08-07 01:14
Severity ?
EPSS score ?
Summary
The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to "automagic methods."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.670Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2010:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:115"
},
{
"name": "42402",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/42402"
},
{
"name": "oval:org.mitre.oval:def:9807",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9807"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes"
},
{
"name": "1024062",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1024062"
},
{
"name": "RHSA-2010:0457",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0457.html"
},
{
"name": "oval:org.mitre.oval:def:7424",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7424"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=576508"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html"
},
{
"name": "40049",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40049"
},
{
"name": "ADV-2010-3075",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/3075"
},
{
"name": "40052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40052"
},
{
"name": "RHSA-2010:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"name": "[oss-security] 20100520 CVE-2010-1974 reject request (dupe of CVE-2010-1168) and CVE-2010-1447 description modification request",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/20/5"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in"
},
{
"name": "MDVSA-2010:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-05-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Safe (aka Safe.pm) module before 2.25 for Perl allows context-dependent attackers to bypass intended (1) Safe::reval and (2) Safe::rdo access restrictions, and inject and execute arbitrary code, via vectors involving implicitly called methods and implicitly blessed objects, as demonstrated by the (a) DESTROY and (b) AUTOLOAD methods, related to \"automagic methods.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-18T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2010:115",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:115"
},
{
"name": "42402",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/42402"
},
{
"name": "oval:org.mitre.oval:def:9807",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9807"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cpansearch.perl.org/src/RGARCIA/Safe-2.27/Changes"
},
{
"name": "1024062",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1024062"
},
{
"name": "RHSA-2010:0457",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0457.html"
},
{
"name": "oval:org.mitre.oval:def:7424",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7424"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=576508"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.perl.org/users/rafael_garcia-suarez/2010/03/new-safepm-fixes-security-hole.html"
},
{
"name": "40049",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40049"
},
{
"name": "ADV-2010-3075",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/3075"
},
{
"name": "40052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40052"
},
{
"name": "RHSA-2010:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"name": "[oss-security] 20100520 CVE-2010-1974 reject request (dupe of CVE-2010-1168) and CVE-2010-1447 description modification request",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/05/20/5"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://blogs.sun.com/security/entry/cve_2010_1168_vulnerability_in"
},
{
"name": "MDVSA-2010:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1168",
"datePublished": "2010-06-21T16:00:00",
"dateReserved": "2010-03-29T00:00:00",
"dateUpdated": "2024-08-07T01:14:06.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-1151
Vulnerability from cvelistv5
Published
2012-09-09 21:00
Modified
2024-08-06 18:45
Severity ?
EPSS score ?
Summary
Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:45:27.524Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20120309 Re: CVE Request -- libdbd-pg-perl / perl-DBD-Pg \u0026\u0026 libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/10/4"
},
{
"name": "MDVSA-2012:112",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:112"
},
{
"name": "dbdpg-pgwarn-format-string(73854)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73854"
},
{
"name": "48307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48307"
},
{
"name": "RHSA-2012:1116",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1116.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=801733"
},
{
"name": "[oss-security] 20120309 CVE Request -- libdbd-pg-perl / perl-DBD-Pg \u0026\u0026 libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/09/6"
},
{
"name": "48319",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48319"
},
{
"name": "dbdpg-dbdstprepare-format-string(73855)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73855"
},
{
"name": "GLSA-201204-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-201204-08.xml"
},
{
"name": "DSA-2431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2431"
},
{
"name": "48824",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/48824"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=75642"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-02-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20120309 Re: CVE Request -- libdbd-pg-perl / perl-DBD-Pg \u0026\u0026 libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/10/4"
},
{
"name": "MDVSA-2012:112",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:112"
},
{
"name": "dbdpg-pgwarn-format-string(73854)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73854"
},
{
"name": "48307",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48307"
},
{
"name": "RHSA-2012:1116",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-1116.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661536"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cpansearch.perl.org/src/TURNSTEP/DBD-Pg-2.19.1/Changes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=801733"
},
{
"name": "[oss-security] 20120309 CVE Request -- libdbd-pg-perl / perl-DBD-Pg \u0026\u0026 libyaml-libyaml-perl / perl-YAML-LibYAML: Multiple format string flaws",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/03/09/6"
},
{
"name": "48319",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48319"
},
{
"name": "dbdpg-dbdstprepare-format-string(73855)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/73855"
},
{
"name": "GLSA-201204-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-201204-08.xml"
},
{
"name": "DSA-2431",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2431"
},
{
"name": "48824",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/48824"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=75642"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-1151",
"datePublished": "2012-09-09T21:00:00",
"dateReserved": "2012-02-14T00:00:00",
"dateUpdated": "2024-08-06T18:45:27.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12883
Vulnerability from cvelistv5
Published
2017-09-19 18:00
Modified
2024-08-05 18:51
Severity ?
EPSS score ?
Summary
Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3982 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/100852 | vdb-entry, x_refsource_BID | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1 | x_refsource_CONFIRM | |
| https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20180426-0001/ | x_refsource_CONFIRM | |
| http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1492093 | x_refsource_CONFIRM | |
| https://rt.perl.org/Public/Bug/Display.html?id=131598 | x_refsource_CONFIRM | |
| https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:06.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3982",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"name": "100852",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100852"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492093"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131598"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid \u0027\\N{U+...}\u0027 escape."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3982",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"name": "100852",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100852"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492093"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131598"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12883",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid \u0027\\N{U+...}\u0027 escape."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3982",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"name": "100852",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100852"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180426-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"name": "http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch",
"refsource": "CONFIRM",
"url": "http://mirror.cucumberlinux.com/cucumber/cucumber-1.0/source/lang-base/perl/patches/CVE-2017-12883.patch"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1492093",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492093"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=131598",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131598"
},
{
"name": "https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/commitdiff/2be4edede4ae226e2eebd4eff28cedd2041f300f#patch1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12883",
"datePublished": "2017-09-19T18:00:00",
"dateReserved": "2017-08-16T00:00:00",
"dateUpdated": "2024-08-05T18:51:06.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-1999-1386
Vulnerability from cvelistv5
Published
2002-03-09 05:00
Modified
2024-08-01 17:11
Severity ?
EPSS score ?
Summary
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.redhat.com/support/errata/rh50-errata-general.html#perl | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=88932165406213&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.iss.net/security_center/static/7243.php | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T17:11:02.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/rh50-errata-general.html#perl"
},
{
"name": "19980308 another /tmp race: `perl -e\u0027 opens temp file not safely",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=88932165406213\u0026w=2"
},
{
"name": "perl-e-tmp-symlink(7243)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/7243.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "1998-03-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2002-02-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.redhat.com/support/errata/rh50-errata-general.html#perl"
},
{
"name": "19980308 another /tmp race: `perl -e\u0027 opens temp file not safely",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=88932165406213\u0026w=2"
},
{
"name": "perl-e-tmp-symlink(7243)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/7243.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-1999-1386",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.redhat.com/support/errata/rh50-errata-general.html#perl",
"refsource": "CONFIRM",
"url": "http://www.redhat.com/support/errata/rh50-errata-general.html#perl"
},
{
"name": "19980308 another /tmp race: `perl -e\u0027 opens temp file not safely",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=88932165406213\u0026w=2"
},
{
"name": "perl-e-tmp-symlink(7243)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/7243.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-1999-1386",
"datePublished": "2002-03-09T05:00:00",
"dateReserved": "2001-08-31T00:00:00",
"dateUpdated": "2024-08-01T17:11:02.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-36770
Vulnerability from cvelistv5
Published
2021-08-11 22:49
Modified
2024-08-04 01:01
Severity ?
EPSS score ?
Summary
Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value.
References
| ▼ | URL | Tags |
|---|---|---|
| https://metacpan.org/dist/Encode/changes | x_refsource_CONFIRM | |
| https://security-tracker.debian.org/tracker/CVE-2021-36770 | x_refsource_MISC | |
| https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74 | x_refsource_CONFIRM | |
| https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9 | x_refsource_CONFIRM | |
| https://news.cpanel.com/unscheduled-tsr-10-august-2021/ | x_refsource_CONFIRM | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KOZYD7BH2DNIAEZ2ZL4PJ4QUVQI6Y33/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NDGQSGMEZ75FJGBKNYC75OTO7TF7XHB/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.netapp.com/advisory/ntap-20210909-0003/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:01:59.577Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://metacpan.org/dist/Encode/changes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-36770"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://news.cpanel.com/unscheduled-tsr-10-august-2021/"
},
{
"name": "FEDORA-2021-92e07de1dd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KOZYD7BH2DNIAEZ2ZL4PJ4QUVQI6Y33/"
},
{
"name": "FEDORA-2021-44c65203cc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NDGQSGMEZ75FJGBKNYC75OTO7TF7XHB/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210909-0003/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-09T08:06:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://metacpan.org/dist/Encode/changes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2021-36770"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://news.cpanel.com/unscheduled-tsr-10-august-2021/"
},
{
"name": "FEDORA-2021-92e07de1dd",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6KOZYD7BH2DNIAEZ2ZL4PJ4QUVQI6Y33/"
},
{
"name": "FEDORA-2021-44c65203cc",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5NDGQSGMEZ75FJGBKNYC75OTO7TF7XHB/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210909-0003/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-36770",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Encode.pm, as distributed in Perl through 5.34.0, allows local users to gain privileges via a Trojan horse Encode::ConfigLocal library (in the current working directory) that preempts dynamic module loading. Exploitation requires an unusual configuration, and certain 2021 versions of Encode.pm (3.05 through 3.11). This issue occurs because the || operator evaluates @INC in a scalar context, and thus @INC has only an integer value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://metacpan.org/dist/Encode/changes",
"refsource": "CONFIRM",
"url": "https://metacpan.org/dist/Encode/changes"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2021-36770",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2021-36770"
},
{
"name": "https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74",
"refsource": "CONFIRM",
"url": "https://github.com/dankogai/p5-encode/commit/527e482dc70b035d0df4f8c77a00d81f8d775c74"
},
{
"name": "https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9",
"refsource": "CONFIRM",
"url": "https://github.com/Perl/perl5/commit/c1a937fef07c061600a0078f4cb53fe9c2136bb9"
},
{
"name": "https://news.cpanel.com/unscheduled-tsr-10-august-2021/",
"refsource": "CONFIRM",
"url": "https://news.cpanel.com/unscheduled-tsr-10-august-2021/"
},
{
"name": "FEDORA-2021-92e07de1dd",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6KOZYD7BH2DNIAEZ2ZL4PJ4QUVQI6Y33/"
},
{
"name": "FEDORA-2021-44c65203cc",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5NDGQSGMEZ75FJGBKNYC75OTO7TF7XHB/"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210909-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210909-0003/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-36770",
"datePublished": "2021-08-11T22:49:04",
"dateReserved": "2021-07-17T00:00:00",
"dateUpdated": "2024-08-04T01:01:59.577Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-1487
Vulnerability from cvelistv5
Published
2011-04-11 18:00
Modified
2024-08-06 22:28
Severity ?
EPSS score ?
Summary
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:41.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=692844"
},
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "FEDORA-2011-4610",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html"
},
{
"name": "44168",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/44168"
},
{
"name": "43921",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/43921"
},
{
"name": "DSA-2265",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2011/dsa-2265"
},
{
"name": "FEDORA-2011-4631",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336"
},
{
"name": "47124",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47124"
},
{
"name": "[oss-security] 20110404 Re: CVE Request -- perl -- lc(), uc() routines are laundering tainted data",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/04/35"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=692898"
},
{
"name": "MDVSA-2011:091",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:091"
},
{
"name": "perl-laundering-security-bypass(66528)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66528"
},
{
"name": "[oss-security] 20110401 CVE Request -- perl -- lc(), uc() routines are laundering tainted data",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2011/04/01/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-04-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=692844"
},
{
"name": "SUSE-SR:2011:009",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
},
{
"name": "FEDORA-2011-4610",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html"
},
{
"name": "44168",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/44168"
},
{
"name": "43921",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/43921"
},
{
"name": "DSA-2265",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2011/dsa-2265"
},
{
"name": "FEDORA-2011-4631",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336"
},
{
"name": "47124",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47124"
},
{
"name": "[oss-security] 20110404 Re: CVE Request -- perl -- lc(), uc() routines are laundering tainted data",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/04/35"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=692898"
},
{
"name": "MDVSA-2011:091",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2011:091"
},
{
"name": "perl-laundering-security-bypass(66528)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/66528"
},
{
"name": "[oss-security] 20110401 CVE Request -- perl -- lc(), uc() routines are laundering tainted data",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2011/04/01/3"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-1487",
"datePublished": "2011-04-11T18:00:00",
"dateReserved": "2011-03-21T00:00:00",
"dateUpdated": "2024-08-06T22:28:41.416Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2013-7422
Vulnerability from cvelistv5
Published
2015-08-16 23:00
Modified
2024-08-06 18:09
Severity ?
EPSS score ?
Summary
Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html | vendor-advisory, x_refsource_APPLE | |
| http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06 | x_refsource_CONFIRM | |
| https://security.gentoo.org/glsa/201507-11 | vendor-advisory, x_refsource_GENTOO | |
| http://www.ubuntu.com/usn/USN-2916-1 | vendor-advisory, x_refsource_UBUNTU | |
| https://support.apple.com/kb/HT205031 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/75704 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:16.951Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06"
},
{
"name": "GLSA-201507-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201507-11"
},
{
"name": "USN-2916-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "75704",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/75704"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-10-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-20T16:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06"
},
{
"name": "GLSA-201507-11",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201507-11"
},
{
"name": "USN-2916-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "75704",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/75704"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2013-7422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06"
},
{
"name": "GLSA-201507-11",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201507-11"
},
{
"name": "USN-2916-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "75704",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/75704"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2013-7422",
"datePublished": "2015-08-16T23:00:00",
"dateReserved": "2015-01-27T00:00:00",
"dateUpdated": "2024-08-06T18:09:16.951Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-3599
Vulnerability from cvelistv5
Published
2011-10-10 10:00
Modified
2024-08-06 23:37
Severity ?
EPSS score ?
Summary
The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/49928 | vdb-entry, x_refsource_BID | |
| http://www.openwall.com/lists/oss-security/2011/10/05/9 | mailing-list, x_refsource_MLIST | |
| http://osvdb.org/76025 | vdb-entry, x_refsource_OSVDB | |
| https://rt.cpan.org/Public/Bug/Display.html?id=71421 | x_refsource_MISC | |
| https://bugzilla.redhat.com/show_bug.cgi?id=743567 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2011/10/05/5 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/46275 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "49928",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49928"
},
{
"name": "[oss-security] 20111005 Re: CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/9"
},
{
"name": "76025",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/76025"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=71421"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743567"
},
{
"name": "[oss-security] 20111005 CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/5"
},
{
"name": "46275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46275"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-10-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2011-10-19T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "49928",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49928"
},
{
"name": "[oss-security] 20111005 Re: CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/9"
},
{
"name": "76025",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/76025"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=71421"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743567"
},
{
"name": "[oss-security] 20111005 CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/5"
},
{
"name": "46275",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46275"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2011-3599",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "49928",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/49928"
},
{
"name": "[oss-security] 20111005 Re: CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/9"
},
{
"name": "76025",
"refsource": "OSVDB",
"url": "http://osvdb.org/76025"
},
{
"name": "https://rt.cpan.org/Public/Bug/Display.html?id=71421",
"refsource": "MISC",
"url": "https://rt.cpan.org/Public/Bug/Display.html?id=71421"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=743567",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=743567"
},
{
"name": "[oss-security] 20111005 CVE Request -- perl-Crypt-DSA -- Cryptographically insecure method used for random numbers generation on systems without /dev/random",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2011/10/05/5"
},
{
"name": "46275",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/46275"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3599",
"datePublished": "2011-10-10T10:00:00",
"dateReserved": "2011-09-21T00:00:00",
"dateUpdated": "2024-08-06T23:37:48.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-18314
Vulnerability from cvelistv5
Published
2018-12-07 21:00
Modified
2024-08-05 11:08
Severity ?
EPSS score ?
Summary
Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4347",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"name": "106145",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106145"
},
{
"name": "1042181",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"name": "RHSA-2019:0010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"name": "FEDORA-2018-9dbe983805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"name": "RHSA-2019:0001",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"name": "USN-3834-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646751"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Ticket/Display.html?id=131649"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-11-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-4347",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"name": "106145",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106145"
},
{
"name": "1042181",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1042181"
},
{
"name": "RHSA-2019:0010",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"name": "FEDORA-2018-9dbe983805",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"name": "RHSA-2019:0001",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"name": "USN-3834-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646751"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Ticket/Display.html?id=131649"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4347",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"name": "106145",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106145"
},
{
"name": "1042181",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1042181"
},
{
"name": "RHSA-2019:0010",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0010"
},
{
"name": "FEDORA-2018-9dbe983805",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RWQGEB543QN7SSBRKYJM6PSOC3RLYGSM/"
},
{
"name": "RHSA-2019:0001",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:0001"
},
{
"name": "USN-3834-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"name": "GLSA-201909-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190221-0003/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"name": "https://metacpan.org/changes/release/SHAY/perl-5.26.3",
"refsource": "CONFIRM",
"url": "https://metacpan.org/changes/release/SHAY/perl-5.26.3"
},
{
"name": "https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f",
"refsource": "CONFIRM",
"url": "https://github.com/Perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1646751",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646751"
},
{
"name": "https://rt.perl.org/Ticket/Display.html?id=131649",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Ticket/Display.html?id=131649"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18314",
"datePublished": "2018-12-07T21:00:00",
"dateReserved": "2018-10-14T00:00:00",
"dateUpdated": "2024-08-05T11:08:21.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-31484
Vulnerability from cvelistv5
Published
2023-04-28 00:00
Modified
2024-08-02 14:53
Severity ?
EPSS score ?
Summary
CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.
References
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:cpanpm_project:cpanpm:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "cpanpm",
"vendor": "cpanpm_project",
"versions": [
{
"lessThan": "2.35",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-31484",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T15:22:37.772694Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-295",
"description": "CWE-295 Improper Certificate Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T15:24:40.047Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:53:30.804Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.openwall.com/lists/oss-security/2023/04/18/14"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/andk/cpanpm/pull/175"
},
{
"tags": [
"x_transferred"
],
"url": "https://metacpan.org/dist/CPAN/changes"
},
{
"name": "[oss-security] 20230429 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/29/1"
},
{
"name": "[oss-security] 20230503 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/3"
},
{
"name": "[oss-security] 20230503 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/5"
},
{
"name": "[oss-security] 20230507 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/07/2"
},
{
"name": "FEDORA-2023-1e5af38524",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/"
},
{
"name": "FEDORA-2023-46924e402a",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-21T19:08:14.922685",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://blog.hackeriet.no/perl-http-tiny-insecure-tls-default-affects-cpan-modules/"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/04/18/14"
},
{
"url": "https://github.com/andk/cpanpm/pull/175"
},
{
"url": "https://metacpan.org/dist/CPAN/changes"
},
{
"name": "[oss-security] 20230429 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/04/29/1"
},
{
"name": "[oss-security] 20230503 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/3"
},
{
"name": "[oss-security] 20230503 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/03/5"
},
{
"name": "[oss-security] 20230507 Re: Perl\u0027s HTTP::Tiny has insecure TLS cert default, affecting CPAN.pm and other modules",
"tags": [
"mailing-list"
],
"url": "http://www.openwall.com/lists/oss-security/2023/05/07/2"
},
{
"name": "FEDORA-2023-1e5af38524",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BM6UW55CNFUTNGD5ZRKGUKKKFDJGMFHL/"
},
{
"name": "FEDORA-2023-46924e402a",
"tags": [
"vendor-advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LEGCEOKFJVBJ2QQ6S2H4NAEWTUERC7SB/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240621-0007/"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-31484",
"datePublished": "2023-04-28T00:00:00",
"dateReserved": "2023-04-28T00:00:00",
"dateUpdated": "2024-08-02T14:53:30.804Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2827
Vulnerability from cvelistv5
Published
2008-06-23 19:00
Modified
2024-08-07 09:14
Severity ?
EPSS score ?
Summary
The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html | vendor-advisory, x_refsource_SUSE | |
| https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01025.html | vendor-advisory, x_refsource_FEDORA | |
| http://www.securityfocus.com/bid/29902 | vdb-entry, x_refsource_BID | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2008:165 | vendor-advisory, x_refsource_MANDRIVA | |
| http://rt.cpan.org/Public/Bug/Display.html?id=36982 | x_refsource_MISC | |
| http://secunia.com/advisories/31687 | third-party-advisory, x_refsource_SECUNIA | |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319 | x_refsource_CONFIRM | |
| http://www.securitytracker.com/id?1020373 | vdb-entry, x_refsource_SECTRACK | |
| http://secunia.com/advisories/30790 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/30837 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/43308 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:14.805Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "FEDORA-2008-5739",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01025.html"
},
{
"name": "29902",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29902"
},
{
"name": "MDVSA-2008:165",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:165"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://rt.cpan.org/Public/Bug/Display.html?id=36982"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31687"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319"
},
{
"name": "1020373",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020373"
},
{
"name": "30790",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30790"
},
{
"name": "30837",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30837"
},
{
"name": "perl-filepath-rmtree-symlink(43308)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43308"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-06-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2008:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "FEDORA-2008-5739",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01025.html"
},
{
"name": "29902",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29902"
},
{
"name": "MDVSA-2008:165",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:165"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://rt.cpan.org/Public/Bug/Display.html?id=36982"
},
{
"name": "31687",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31687"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319"
},
{
"name": "1020373",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020373"
},
{
"name": "30790",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30790"
},
{
"name": "30837",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30837"
},
{
"name": "perl-filepath-rmtree-symlink(43308)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43308"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448 and CVE-2004-0452."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2008:017",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00006.html"
},
{
"name": "FEDORA-2008-5739",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg01025.html"
},
{
"name": "29902",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29902"
},
{
"name": "MDVSA-2008:165",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:165"
},
{
"name": "http://rt.cpan.org/Public/Bug/Display.html?id=36982",
"refsource": "MISC",
"url": "http://rt.cpan.org/Public/Bug/Display.html?id=36982"
},
{
"name": "31687",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31687"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=487319"
},
{
"name": "1020373",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020373"
},
{
"name": "30790",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30790"
},
{
"name": "30837",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30837"
},
{
"name": "perl-filepath-rmtree-symlink(43308)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43308"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2827",
"datePublished": "2008-06-23T19:00:00",
"dateReserved": "2008-06-23T00:00:00",
"dateUpdated": "2024-08-07T09:14:14.805Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-12723
Vulnerability from cvelistv5
Published
2020-06-05 14:20
Modified
2024-08-04 12:04
Severity ?
EPSS score ?
Summary
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.480Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-202006-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"name": "FEDORA-2020-fd73c08076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"name": "openSUSE-SU-2020:0850",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Perl/perl5/issues/16947"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Perl/perl5/issues/17743"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:21:14",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-202006-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"name": "FEDORA-2020-fd73c08076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"name": "openSUSE-SU-2020:0850",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Perl/perl5/issues/16947"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Perl/perl5/issues/17743"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12723",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-202006-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"name": "FEDORA-2020-fd73c08076",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"name": "openSUSE-SU-2020:0850",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3",
"refsource": "CONFIRM",
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"name": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod",
"refsource": "CONFIRM",
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200611-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"name": "https://github.com/Perl/perl5/issues/16947",
"refsource": "MISC",
"url": "https://github.com/Perl/perl5/issues/16947"
},
{
"name": "https://github.com/Perl/perl5/issues/17743",
"refsource": "MISC",
"url": "https://github.com/Perl/perl5/issues/17743"
},
{
"name": "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a",
"refsource": "CONFIRM",
"url": "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12723",
"datePublished": "2020-06-05T14:20:50",
"dateReserved": "2020-05-08T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.480Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2011-0761
Vulnerability from cvelistv5
Published
2011-05-13 17:00
Modified
2024-08-06 22:05
Severity ?
EPSS score ?
Summary
Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.toucan-system.com/advisories/tssa-2011-03.txt | x_refsource_MISC | |
| http://securityreason.com/securityalert/8248 | third-party-advisory, x_refsource_SREASON | |
| http://securitytracker.com/id?1025507 | vdb-entry, x_refsource_SECTRACK | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/67355 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/47766 | vdb-entry, x_refsource_BID | |
| http://www.securityfocus.com/archive/1/517916/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:05:53.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.toucan-system.com/advisories/tssa-2011-03.txt"
},
{
"name": "8248",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/8248"
},
{
"name": "1025507",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1025507"
},
{
"name": "perl-functions-dos(67355)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67355"
},
{
"name": "47766",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/47766"
},
{
"name": "20110509 TSSA-2011-03 - Perl : multiple functions null pointer dereference uppon parameters injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/517916/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-05-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.toucan-system.com/advisories/tssa-2011-03.txt"
},
{
"name": "8248",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/8248"
},
{
"name": "1025507",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1025507"
},
{
"name": "perl-functions-dos(67355)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67355"
},
{
"name": "47766",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/47766"
},
{
"name": "20110509 TSSA-2011-03 - Perl : multiple functions null pointer dereference uppon parameters injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/517916/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2011-0761",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.toucan-system.com/advisories/tssa-2011-03.txt",
"refsource": "MISC",
"url": "http://www.toucan-system.com/advisories/tssa-2011-03.txt"
},
{
"name": "8248",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/8248"
},
{
"name": "1025507",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1025507"
},
{
"name": "perl-functions-dos(67355)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/67355"
},
{
"name": "47766",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/47766"
},
{
"name": "20110509 TSSA-2011-03 - Perl : multiple functions null pointer dereference uppon parameters injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/517916/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2011-0761",
"datePublished": "2011-05-13T17:00:00",
"dateReserved": "2011-02-03T00:00:00",
"dateUpdated": "2024-08-06T22:05:53.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5303
Vulnerability from cvelistv5
Published
2008-12-01 17:00
Modified
2024-08-07 10:49
Severity ?
EPSS score ?
Summary
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.751Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32980",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32980"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"name": "DSA-1678",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1678"
},
{
"name": "USN-700-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"name": "[oss-security] 20081128 Re: [oss-security] CVE Request - cups, dovecot-managesieve, perl, wireshark",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/2"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905"
},
{
"name": "oval:org.mitre.oval:def:6680",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6680"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "33314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33314"
},
{
"name": "oval:org.mitre.oval:def:9699",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9699"
},
{
"name": "20090120 rPSA-2009-0011-1 perl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"name": "USN-700-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "40052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/40052"
},
{
"name": "RHSA-2010:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"name": "filepath-rmtree-symlink(47044)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47044"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.gossamer-threads.com/lists/perl/porters/233695#233695"
},
{
"name": "MDVSA-2010:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32980",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32980"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"name": "DSA-1678",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1678"
},
{
"name": "USN-700-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"name": "[oss-security] 20081128 Re: [oss-security] CVE Request - cups, dovecot-managesieve, perl, wireshark",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/2"
},
{
"name": "APPLE-SA-2010-03-29-1",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905"
},
{
"name": "oval:org.mitre.oval:def:6680",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6680"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "33314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33314"
},
{
"name": "oval:org.mitre.oval:def:9699",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9699"
},
{
"name": "20090120 rPSA-2009-0011-1 perl",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"name": "USN-700-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "40052",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/40052"
},
{
"name": "RHSA-2010:0458",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"name": "filepath-rmtree-symlink(47044)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47044"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.gossamer-threads.com/lists/perl/porters/233695#233695"
},
{
"name": "MDVSA-2010:116",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32980",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32980"
},
{
"name": "http://wiki.rpath.com/Advisories:rPSA-2009-0011",
"refsource": "CONFIRM",
"url": "http://wiki.rpath.com/Advisories:rPSA-2009-0011"
},
{
"name": "DSA-1678",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1678"
},
{
"name": "USN-700-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-700-1"
},
{
"name": "[oss-security] 20081128 Re: [oss-security] CVE Request - cups, dovecot-managesieve, perl, wireshark",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/11/28/2"
},
{
"name": "APPLE-SA-2010-03-29-1",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286905"
},
{
"name": "oval:org.mitre.oval:def:6680",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6680"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=286922#36"
},
{
"name": "http://support.apple.com/kb/HT4077",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT4077"
},
{
"name": "33314",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33314"
},
{
"name": "oval:org.mitre.oval:def:9699",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9699"
},
{
"name": "20090120 rPSA-2009-0011-1 perl",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/500210/100/0/threaded"
},
{
"name": "USN-700-2",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-700-2"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "40052",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/40052"
},
{
"name": "RHSA-2010:0458",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2010-0458.html"
},
{
"name": "filepath-rmtree-symlink(47044)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47044"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"name": "http://www.gossamer-threads.com/lists/perl/porters/233695#233695",
"refsource": "MISC",
"url": "http://www.gossamer-threads.com/lists/perl/porters/233695#233695"
},
{
"name": "MDVSA-2010:116",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:116"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5303",
"datePublished": "2008-12-01T17:00:00",
"dateReserved": "2008-12-01T00:00:00",
"dateUpdated": "2024-08-07T10:49:12.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-10543
Vulnerability from cvelistv5
Published
2020-06-05 13:17
Modified
2024-08-04 11:06
Severity ?
EPSS score ?
Summary
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:09.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-202006-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"name": "FEDORA-2020-fd73c08076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"name": "openSUSE-SU-2020:0850",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:20:49",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-202006-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"name": "FEDORA-2020-fd73c08076",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"name": "openSUSE-SU-2020:0850",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10543",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-202006-03",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"name": "FEDORA-2020-fd73c08076",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
},
{
"name": "openSUSE-SU-2020:0850",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed",
"refsource": "CONFIRM",
"url": "https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed"
},
{
"name": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3",
"refsource": "CONFIRM",
"url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"name": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod",
"refsource": "CONFIRM",
"url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200611-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10543",
"datePublished": "2020-06-05T13:17:49",
"dateReserved": "2020-03-13T00:00:00",
"dateUpdated": "2024-08-04T11:06:09.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12837
Vulnerability from cvelistv5
Published
2017-09-19 18:00
Modified
2024-08-05 18:51
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.debian.org/security/2017/dsa-3982 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/100860 | vdb-entry, x_refsource_BID | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1 | x_refsource_CONFIRM | |
| https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20180426-0001/ | x_refsource_CONFIRM | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1492091 | x_refsource_CONFIRM | |
| https://rt.perl.org/Public/Bug/Display.html?id=131582 | x_refsource_CONFIRM | |
| https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:06.539Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3982",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"name": "100860",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100860"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492091"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131582"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a \u0027\\N{}\u0027 escape and the case-insensitive modifier."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-3982",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"name": "100860",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100860"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492091"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131582"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12837",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a \u0027\\N{}\u0027 escape and the case-insensitive modifier."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3982",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3982"
},
{
"name": "100860",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100860"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180426-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1492091",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1492091"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=131582",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131582"
},
{
"name": "https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/commitdiff/96c83ed78aeea1a0496dd2b2d935869a822dc8a5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12837",
"datePublished": "2017-09-19T18:00:00",
"dateReserved": "2017-08-11T00:00:00",
"dateUpdated": "2024-08-05T18:51:06.539Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2018-6798
Vulnerability from cvelistv5
Published
2018-04-17 20:00
Modified
2024-08-05 06:10
Severity ?
EPSS score ?
Summary
An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:1192 | vendor-advisory, x_refsource_REDHAT | |
| http://www.securitytracker.com/id/1040681 | vdb-entry, x_refsource_SECTRACK | |
| https://usn.ubuntu.com/3625-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://www.debian.org/security/2018/dsa-4172 | vendor-advisory, x_refsource_DEBIAN | |
| https://security.gentoo.org/glsa/201909-01 | vendor-advisory, x_refsource_GENTOO | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://rt.perl.org/Public/Bug/Display.html?id=132063 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:11.392Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:1192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1192"
},
{
"name": "1040681",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1040681"
},
{
"name": "USN-3625-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"name": "DSA-4172",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=132063"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "RHSA-2018:1192",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:1192"
},
{
"name": "1040681",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1040681"
},
{
"name": "USN-3625-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"name": "DSA-4172",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"name": "GLSA-201909-01",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=132063"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6798",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:1192",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:1192"
},
{
"name": "1040681",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1040681"
},
{
"name": "USN-3625-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3625-1/"
},
{
"name": "DSA-4172",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2018/dsa-4172"
},
{
"name": "GLSA-201909-01",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=132063",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=132063"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6798",
"datePublished": "2018-04-17T20:00:00",
"dateReserved": "2018-02-06T00:00:00",
"dateUpdated": "2024-08-05T06:10:11.392Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2014-4330
Vulnerability from cvelistv5
Published
2014-09-30 16:00
Modified
2024-08-06 11:12
Severity ?
EPSS score ?
Summary
The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T11:12:34.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128422/Perl-5.20.1-Deep-Recursion-Stack-Overflow.html"
},
{
"name": "20140925 LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/533543/100/0/threaded"
},
{
"name": "61441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61441"
},
{
"name": "FEDORA-2014-11453",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139441.html"
},
{
"name": "MDVSA-2015:136",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:136"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://metacpan.org/pod/distribution/Data-Dumper/Changes"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.lsexperts.de/advisories/lse-2014-06-10.txt"
},
{
"name": "70142",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/70142"
},
{
"name": "perl-cve20144330-dos(96216)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96216"
},
{
"name": "[perl.perl5.porters] 20140918 fix for CVE-2014-4330 present in blead",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2014/09/msg220118.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"name": "USN-2916-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"name": "20140925 LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/84"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2014-0406.html"
},
{
"name": "61961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/61961"
},
{
"name": "[oss-security] 20140925 LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2014/q3/692"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-09-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-09T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128422/Perl-5.20.1-Deep-Recursion-Stack-Overflow.html"
},
{
"name": "20140925 LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/533543/100/0/threaded"
},
{
"name": "61441",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61441"
},
{
"name": "FEDORA-2014-11453",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139441.html"
},
{
"name": "MDVSA-2015:136",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:136"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://metacpan.org/pod/distribution/Data-Dumper/Changes"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.lsexperts.de/advisories/lse-2014-06-10.txt"
},
{
"name": "70142",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/70142"
},
{
"name": "perl-cve20144330-dos(96216)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96216"
},
{
"name": "[perl.perl5.porters] 20140918 fix for CVE-2014-4330 present in blead",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2014/09/msg220118.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"name": "USN-2916-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"name": "20140925 LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Sep/84"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2014-0406.html"
},
{
"name": "61961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/61961"
},
{
"name": "[oss-security] 20140925 LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2014/q3/692"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-4330",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://packetstormsecurity.com/files/128422/Perl-5.20.1-Deep-Recursion-Stack-Overflow.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128422/Perl-5.20.1-Deep-Recursion-Stack-Overflow.html"
},
{
"name": "20140925 LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/533543/100/0/threaded"
},
{
"name": "61441",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61441"
},
{
"name": "FEDORA-2014-11453",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2014-September/139441.html"
},
{
"name": "MDVSA-2015:136",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:136"
},
{
"name": "https://metacpan.org/pod/distribution/Data-Dumper/Changes",
"refsource": "CONFIRM",
"url": "https://metacpan.org/pod/distribution/Data-Dumper/Changes"
},
{
"name": "https://www.lsexperts.de/advisories/lse-2014-06-10.txt",
"refsource": "CONFIRM",
"url": "https://www.lsexperts.de/advisories/lse-2014-06-10.txt"
},
{
"name": "70142",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/70142"
},
{
"name": "perl-cve20144330-dos(96216)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/96216"
},
{
"name": "[perl.perl5.porters] 20140918 fix for CVE-2014-4330 present in blead",
"refsource": "MLIST",
"url": "http://www.nntp.perl.org/group/perl.perl5.porters/2014/09/msg220118.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"
},
{
"name": "USN-2916-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2916-1"
},
{
"name": "20140925 LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Sep/84"
},
{
"name": "http://advisories.mageia.org/MGASA-2014-0406.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2014-0406.html"
},
{
"name": "61961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/61961"
},
{
"name": "[oss-security] 20140925 LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow",
"refsource": "MLIST",
"url": "http://seclists.org/oss-sec/2014/q3/692"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-4330",
"datePublished": "2014-09-30T16:00:00",
"dateReserved": "2014-06-18T00:00:00",
"dateUpdated": "2024-08-06T11:12:34.783Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47038
Vulnerability from cvelistv5
Published
2023-12-18 13:43
Modified
2024-11-27 20:34
Severity ?
EPSS score ?
Summary
A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2024:2228 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/errata/RHSA-2024:3128 | vendor-advisory, x_refsource_REDHAT | |
| https://access.redhat.com/security/cve/CVE-2023-47038 | vdb-entry, x_refsource_REDHAT | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 | ||
| https://bugzilla.redhat.com/show_bug.cgi?id=2249523 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 5.30.0 ≤ Version: 5.36.0 ≤ Version: 5.38.0 ≤ |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.214Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2024:2228",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2228"
},
{
"name": "RHSA-2024:3128",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3128"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-47038"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746"
},
{
"name": "RHBZ#2249523",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249523"
},
{
"tags": [
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNEEWAACXQCEEAKSG7XX2D5YDRWLCIZJ/"
},
{
"tags": [
"x_transferred"
],
"url": "https://perldoc.perl.org/perl5382delta#CVE-2023-47038-Write-past-buffer-end-via-illegal-user-defined-Unicode-property"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-47038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T20:34:17.016514Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T20:34:37.926Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/Perl/perl5",
"defaultStatus": "unaffected",
"packageName": "perl",
"versions": [
{
"lessThan": "5.34.3",
"status": "affected",
"version": "5.30.0",
"versionType": "semver"
},
{
"lessThan": "5.36.3",
"status": "affected",
"version": "5.36.0",
"versionType": "semver"
},
{
"lessThan": "5.38.2",
"status": "affected",
"version": "5.38.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::appstream"
],
"defaultStatus": "affected",
"packageName": "perl:5.32",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "8100020240314121426.9fe1d287",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream"
],
"defaultStatus": "affected",
"packageName": "perl",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "4:5.32.1-481.el9",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "perl",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "perl",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "perl",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "perl:5.30/perl",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
}
],
"datePublic": "2023-11-25T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in perl 5.30.0 through 5.38.0. This issue occurs when a crafted regular expression is compiled by perl, which can allow an attacker controlled byte buffer overflow in a heap allocated buffer."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-23T03:31:40.627Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2024:2228",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:2228"
},
{
"name": "RHSA-2024:3128",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2024:3128"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-47038"
},
{
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746"
},
{
"name": "RHBZ#2249523",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249523"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-11T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-11-25T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Perl: write past buffer end via illegal user-defined unicode property",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-47038",
"datePublished": "2023-12-18T13:43:07.713Z",
"dateReserved": "2023-10-30T13:58:15.255Z",
"dateUpdated": "2024-11-27T20:34:37.926Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6329
Vulnerability from cvelistv5
Published
2013-01-04 21:00
Modified
2024-08-06 21:28
Severity ?
EPSS score ?
Summary
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "MDVSA-2013:113",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"name": "[foswiki-announce] 20121212 Security Alert CVE-2012-6329: Foswiki MAKETEXT Variable Allows Arbitrary Shell Command Execution",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod"
},
{
"name": "[perl5-porters] 20121205 Re: security notice: Locale::Maketext",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://code.activestate.com/lists/perl5-porters/187763/"
},
{
"name": "[oss-security] 20121211 Re: CVE request: perl-modules",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/12/11/4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884354"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032"
},
{
"name": "USN-2099-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2099-1"
},
{
"name": "[perl5-porters] 20121205 security notice: Locale::Maketext",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://code.activestate.com/lists/perl5-porters/187746/"
},
{
"name": "RHSA-2013:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"name": "56950",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/56950"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-12-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "MDVSA-2013:113",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"name": "[foswiki-announce] 20121212 Security Alert CVE-2012-6329: Foswiki MAKETEXT Variable Allows Arbitrary Shell Command Execution",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod"
},
{
"name": "[perl5-porters] 20121205 Re: security notice: Locale::Maketext",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://code.activestate.com/lists/perl5-porters/187763/"
},
{
"name": "[oss-security] 20121211 Re: CVE request: perl-modules",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/12/11/4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884354"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032"
},
{
"name": "USN-2099-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2099-1"
},
{
"name": "[perl5-porters] 20121205 security notice: Locale::Maketext",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://code.activestate.com/lists/perl5-porters/187746/"
},
{
"name": "RHSA-2013:0685",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"name": "56950",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/56950"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6329",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"
},
{
"name": "MDVSA-2013:113",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:113"
},
{
"name": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329",
"refsource": "CONFIRM",
"url": "http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329"
},
{
"name": "[foswiki-announce] 20121212 Security Alert CVE-2012-6329: Foswiki MAKETEXT Variable Allows Arbitrary Shell Command Execution",
"refsource": "MLIST",
"url": "http://sourceforge.net/mailarchive/message.php?msg_id=30219695"
},
{
"name": "http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8"
},
{
"name": "http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod",
"refsource": "CONFIRM",
"url": "http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod"
},
{
"name": "[perl5-porters] 20121205 Re: security notice: Locale::Maketext",
"refsource": "MLIST",
"url": "http://code.activestate.com/lists/perl5-porters/187763/"
},
{
"name": "[oss-security] 20121211 Re: CVE request: perl-modules",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/12/11/4"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=884354",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=884354"
},
{
"name": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032",
"refsource": "CONFIRM",
"url": "https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032"
},
{
"name": "USN-2099-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2099-1"
},
{
"name": "[perl5-porters] 20121205 security notice: Locale::Maketext",
"refsource": "MLIST",
"url": "http://code.activestate.com/lists/perl5-porters/187746/"
},
{
"name": "RHSA-2013:0685",
"refsource": "REDHAT",
"url": "http://rhn.redhat.com/errata/RHSA-2013-0685.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10705"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10735"
},
{
"name": "56950",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/56950"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6329",
"datePublished": "2013-01-04T21:00:00",
"dateReserved": "2012-12-10T00:00:00",
"dateUpdated": "2024-08-06T21:28:39.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-47039
Vulnerability from cvelistv5
Published
2024-01-02 05:30
Modified
2024-11-06 14:44
Severity ?
EPSS score ?
Summary
A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://access.redhat.com/security/cve/CVE-2023-47039 | vdb-entry, x_refsource_REDHAT | |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746 | ||
| https://bugzilla.redhat.com/show_bug.cgi?id=2249525 | issue-tracking, x_refsource_REDHAT |
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ▼ |
Version: 0 ≤ Version: 5.36.0 ≤ Version: 5.38.0 ≤ |
||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:01:22.573Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-47039"
},
{
"tags": [
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746"
},
{
"name": "RHBZ#2249525",
"tags": [
"issue-tracking",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249525"
},
{
"tags": [
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20240208-0005/"
},
{
"tags": [
"x_transferred"
],
"url": "https://perldoc.perl.org/perl5382delta#CVE-2023-47039-Perl-for-Windows-binary-hijacking-vulnerability"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/Perl/perl5",
"defaultStatus": "unaffected",
"packageName": "perl",
"versions": [
{
"lessThan": "5.34.3",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "5.36.3",
"status": "affected",
"version": "5.36.0",
"versionType": "semver"
},
{
"lessThan": "5.38.2",
"status": "affected",
"version": "5.38.0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unaffected",
"packageName": "perl",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unaffected",
"packageName": "perl",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "perl",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "perl:5.30/perl",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "perl:5.32/perl",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "unaffected",
"packageName": "perl",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
}
],
"datePublic": "2023-11-25T00:00:00+00:00",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell (`cmd.exe`). When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute `cmd.exe` within the operating system. However, due to path search order issues, Perl initially looks for cmd.exe in the current working directory. This flaw allows an attacker with limited privileges to place`cmd.exe` in locations with weak permissions, such as `C:\\ProgramData`. By doing so, arbitrary code can be executed when an administrator attempts to use this executable from these compromised locations."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T14:44:52.252Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2023-47039"
},
{
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056746"
},
{
"name": "RHBZ#2249525",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2249525"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-11T00:00:00+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2023-11-25T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Perl: perl for windows binary hijacking vulnerability",
"x_redhatCweChain": "CWE-122: Heap-based Buffer Overflow"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2023-47039",
"datePublished": "2024-01-02T05:30:53.168Z",
"dateReserved": "2023-10-30T13:58:15.255Z",
"dateUpdated": "2024-11-06T14:44:52.252Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2010-1158
Vulnerability from cvelistv5
Published
2010-04-20 15:00
Modified
2024-08-07 01:14
Severity ?
EPSS score ?
Summary
Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.
References
| ▼ | URL | Tags |
|---|---|---|
| http://bugs.gentoo.org/show_bug.cgi?id=313565 | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2010/04/14/3 | mailing-list, x_refsource_MLIST | |
| http://www.openwall.com/lists/oss-security/2010/04/08/9 | mailing-list, x_refsource_MLIST | |
| http://secunia.com/advisories/55314 | third-party-advisory, x_refsource_SECUNIA | |
| https://bugzilla.redhat.com/show_bug.cgi?id=580605 | x_refsource_MISC | |
| http://perldoc.perl.org/perl5100delta.html | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:14:06.375Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=313565"
},
{
"name": "[oss-security] 20100414 Re: CVE Request -- perl v5.8.* -- stack overflow by processing certain regex (Gentoo BTS#313565 / RH BZ#580605)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/04/14/3"
},
{
"name": "[oss-security] 20100408 CVE Request -- perl v5.8.* -- stack overflow by processing certain regex (Gentoo BTS#313565 / RH BZ#580605)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2010/04/08/9"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/55314"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=580605"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://perldoc.perl.org/perl5100delta.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-04-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-24T09:00:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=313565"
},
{
"name": "[oss-security] 20100414 Re: CVE Request -- perl v5.8.* -- stack overflow by processing certain regex (Gentoo BTS#313565 / RH BZ#580605)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/04/14/3"
},
{
"name": "[oss-security] 20100408 CVE Request -- perl v5.8.* -- stack overflow by processing certain regex (Gentoo BTS#313565 / RH BZ#580605)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2010/04/08/9"
},
{
"name": "55314",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/55314"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=580605"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://perldoc.perl.org/perl5100delta.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2010-1158",
"datePublished": "2010-04-20T15:00:00",
"dateReserved": "2010-03-29T00:00:00",
"dateUpdated": "2024-08-07T01:14:06.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2017-12814
Vulnerability from cvelistv5
Published
2017-09-27 17:00
Modified
2024-08-05 18:51
Severity ?
EPSS score ?
Summary
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityfocus.com/bid/101051 | vdb-entry, x_refsource_BID | |
| https://www.oracle.com/security-alerts/cpujul2020.html | x_refsource_MISC | |
| https://rt.perl.org/Public/Bug/Display.html?id=131665 | x_refsource_CONFIRM | |
| https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1 | x_refsource_CONFIRM | |
| https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1 | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20180426-0001/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T18:51:06.126Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "101051",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101051"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131665"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-09-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-15T02:22:55",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "101051",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101051"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131665"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-12814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "101051",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101051"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://rt.perl.org/Public/Bug/Display.html?id=131665",
"refsource": "CONFIRM",
"url": "https://rt.perl.org/Public/Bug/Display.html?id=131665"
},
{
"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.26.1-RC1"
},
{
"name": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1",
"refsource": "CONFIRM",
"url": "https://perl5.git.perl.org/perl.git/log/refs/tags/v5.24.3-RC1"
},
{
"name": "https://security.netapp.com/advisory/ntap-20180426-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20180426-0001/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-12814",
"datePublished": "2017-09-27T17:00:00",
"dateReserved": "2017-08-11T00:00:00",
"dateUpdated": "2024-08-05T18:51:06.126Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
var-201812-0271
Vulnerability from variot
Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Perl Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Perl is prone to the following multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. 1. An integer-overflow vulnerability 2. A heap-based buffer-overflow vulnerability Attackers can exploit these issues to execute arbitrary code on the affected application. Failed attempts will likely cause a denial-of-service condition. 7) - noarch, x86_64
The following packages have been upgraded to a later upstream version: rh-perl526-perl (5.26.3), rh-perl526-perl-Module-CoreList (5.20181130).
For the stable distribution (stretch), these problems have been fixed in version 5.24.1-3+deb9u5.
We recommend that you upgrade your perl packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Important: perl security update Advisory ID: RHSA-2019:0109-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:0109 Issue date: 2019-01-21 CVE Names: CVE-2018-18311 =====================================================================
- Summary:
An update for perl is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x
- Description:
Perl is a high-level programming language that is commonly used for system administration utilities and web programming.
Security Fix(es):
- perl: Integer overflow leading to buffer overflow in Perl_my_setenv() (CVE-2018-18311)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank the Perl project for reporting this issue. Upstream acknowledges Jayakrishna Menon as the original reporter. Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: perl-5.16.3-294.el7_6.src.rpm
noarch: perl-CPAN-1.9800-294.el7_6.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.noarch.rpm perl-Package-Constants-0.02-294.el7_6.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm
x86_64: perl-5.16.3-294.el7_6.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm perl-core-5.16.3-294.el7_6.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.i686.rpm perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-devel-5.16.3-294.el7_6.i686.rpm perl-devel-5.16.3-294.el7_6.x86_64.rpm perl-libs-5.16.3-294.el7_6.i686.rpm perl-libs-5.16.3-294.el7_6.x86_64.rpm perl-macros-5.16.3-294.el7_6.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-tests-5.16.3-294.el7_6.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: perl-5.16.3-294.el7_6.src.rpm
noarch: perl-CPAN-1.9800-294.el7_6.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.noarch.rpm perl-Package-Constants-0.02-294.el7_6.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm
x86_64: perl-5.16.3-294.el7_6.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm perl-core-5.16.3-294.el7_6.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.i686.rpm perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-devel-5.16.3-294.el7_6.i686.rpm perl-devel-5.16.3-294.el7_6.x86_64.rpm perl-libs-5.16.3-294.el7_6.i686.rpm perl-libs-5.16.3-294.el7_6.x86_64.rpm perl-macros-5.16.3-294.el7_6.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-tests-5.16.3-294.el7_6.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: perl-5.16.3-294.el7_6.src.rpm
noarch: perl-CPAN-1.9800-294.el7_6.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.noarch.rpm perl-Package-Constants-0.02-294.el7_6.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm
ppc64: perl-5.16.3-294.el7_6.ppc64.rpm perl-Time-Piece-1.20.1-294.el7_6.ppc64.rpm perl-core-5.16.3-294.el7_6.ppc64.rpm perl-debuginfo-5.16.3-294.el7_6.ppc.rpm perl-debuginfo-5.16.3-294.el7_6.ppc64.rpm perl-devel-5.16.3-294.el7_6.ppc.rpm perl-devel-5.16.3-294.el7_6.ppc64.rpm perl-libs-5.16.3-294.el7_6.ppc.rpm perl-libs-5.16.3-294.el7_6.ppc64.rpm perl-macros-5.16.3-294.el7_6.ppc64.rpm
ppc64le: perl-5.16.3-294.el7_6.ppc64le.rpm perl-Time-Piece-1.20.1-294.el7_6.ppc64le.rpm perl-core-5.16.3-294.el7_6.ppc64le.rpm perl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm perl-devel-5.16.3-294.el7_6.ppc64le.rpm perl-libs-5.16.3-294.el7_6.ppc64le.rpm perl-macros-5.16.3-294.el7_6.ppc64le.rpm
s390x: perl-5.16.3-294.el7_6.s390x.rpm perl-Time-Piece-1.20.1-294.el7_6.s390x.rpm perl-core-5.16.3-294.el7_6.s390x.rpm perl-debuginfo-5.16.3-294.el7_6.s390.rpm perl-debuginfo-5.16.3-294.el7_6.s390x.rpm perl-devel-5.16.3-294.el7_6.s390.rpm perl-devel-5.16.3-294.el7_6.s390x.rpm perl-libs-5.16.3-294.el7_6.s390.rpm perl-libs-5.16.3-294.el7_6.s390x.rpm perl-macros-5.16.3-294.el7_6.s390x.rpm
x86_64: perl-5.16.3-294.el7_6.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm perl-core-5.16.3-294.el7_6.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.i686.rpm perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-devel-5.16.3-294.el7_6.i686.rpm perl-devel-5.16.3-294.el7_6.x86_64.rpm perl-libs-5.16.3-294.el7_6.i686.rpm perl-libs-5.16.3-294.el7_6.x86_64.rpm perl-macros-5.16.3-294.el7_6.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source: perl-5.16.3-294.el7_6.src.rpm
aarch64: perl-5.16.3-294.el7_6.aarch64.rpm perl-Time-Piece-1.20.1-294.el7_6.aarch64.rpm perl-core-5.16.3-294.el7_6.aarch64.rpm perl-debuginfo-5.16.3-294.el7_6.aarch64.rpm perl-devel-5.16.3-294.el7_6.aarch64.rpm perl-libs-5.16.3-294.el7_6.aarch64.rpm perl-macros-5.16.3-294.el7_6.aarch64.rpm
noarch: perl-CPAN-1.9800-294.el7_6.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.noarch.rpm perl-Package-Constants-0.02-294.el7_6.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm
ppc64le: perl-5.16.3-294.el7_6.ppc64le.rpm perl-Time-Piece-1.20.1-294.el7_6.ppc64le.rpm perl-core-5.16.3-294.el7_6.ppc64le.rpm perl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm perl-devel-5.16.3-294.el7_6.ppc64le.rpm perl-libs-5.16.3-294.el7_6.ppc64le.rpm perl-macros-5.16.3-294.el7_6.ppc64le.rpm
s390x: perl-5.16.3-294.el7_6.s390x.rpm perl-Time-Piece-1.20.1-294.el7_6.s390x.rpm perl-core-5.16.3-294.el7_6.s390x.rpm perl-debuginfo-5.16.3-294.el7_6.s390.rpm perl-debuginfo-5.16.3-294.el7_6.s390x.rpm perl-devel-5.16.3-294.el7_6.s390.rpm perl-devel-5.16.3-294.el7_6.s390x.rpm perl-libs-5.16.3-294.el7_6.s390.rpm perl-libs-5.16.3-294.el7_6.s390x.rpm perl-macros-5.16.3-294.el7_6.s390x.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: perl-debuginfo-5.16.3-294.el7_6.ppc64.rpm perl-tests-5.16.3-294.el7_6.ppc64.rpm
ppc64le: perl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm perl-tests-5.16.3-294.el7_6.ppc64le.rpm
s390x: perl-debuginfo-5.16.3-294.el7_6.s390x.rpm perl-tests-5.16.3-294.el7_6.s390x.rpm
x86_64: perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-tests-5.16.3-294.el7_6.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
aarch64: perl-debuginfo-5.16.3-294.el7_6.aarch64.rpm perl-tests-5.16.3-294.el7_6.aarch64.rpm
ppc64le: perl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm perl-tests-5.16.3-294.el7_6.ppc64le.rpm
s390x: perl-debuginfo-5.16.3-294.el7_6.s390x.rpm perl-tests-5.16.3-294.el7_6.s390x.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: perl-5.16.3-294.el7_6.src.rpm
noarch: perl-CPAN-1.9800-294.el7_6.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.noarch.rpm perl-Package-Constants-0.02-294.el7_6.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.noarch.rpm
x86_64: perl-5.16.3-294.el7_6.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm perl-core-5.16.3-294.el7_6.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.i686.rpm perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-devel-5.16.3-294.el7_6.i686.rpm perl-devel-5.16.3-294.el7_6.x86_64.rpm perl-libs-5.16.3-294.el7_6.i686.rpm perl-libs-5.16.3-294.el7_6.x86_64.rpm perl-macros-5.16.3-294.el7_6.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: perl-debuginfo-5.16.3-294.el7_6.x86_64.rpm perl-tests-5.16.3-294.el7_6.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-18311 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXEYC0dzjgjWX9erEAQi+cg//SP5ltkBCVsa86sXT7nP94nQepzxwweEj EC1T/sqSYhSYJcftiJdmcxJk9g4wOns39SNJuvsiiajYarJeIFjUq2TpX/lxL3Qe YrrnZ2esaT+kTDPtCpzBoatZ6uSKZmAVBKmu1bQMmquRt6fbk9F3lWWzfUEfspuU RxfJplbKlejPsAAEUA4URdoC8Jey1cbKgrDOxqOGH1ipZyVsW8jvrrCZxCLKkeRR MyfngBxyTGld78ZoDipSMOInjs50Snh3xp+z4ZxPIpltaEiJHK9mbg5Psqvz8hZY S7RMVK4qPPJwFuPLEKBBNtwFneNotq1Hz4Pj1f2YvjsTv56N+IwudLAdHK8bQBA8 mTRgSNbn8T/22U67d6Pa+T1hL/5xstbOM2Jtj5CD++Oqh84mh8ZhWYFafAdCu/RS RRgSZIg3CCjS7C0y+to1BBNARWJm0ymko9NPVGW5anDvqCZfowbUEOe/t1suXbE9 pMJgi+p5JPJwWgA+PkYgeW60edGu1sobtV84QQtgUAjy6wgby2wHYPgJJVNt8TP8 6JkRCmHhbwjsreDy0v65oNWWwTsgUFzjl+KUk5nwh/JST6w+LjY/CCUTgTNyVQR3 ivFL/VNrTip4RQCASlWILYI95U0h+Fb1hL7xbQ5KevVNwS07MZdFhEcZWDTBj3Iw KtRzQvqVeHM= =kPNu -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra
macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra are now available and addresses the following:
AppleGraphicsControl Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved size validation. CVE-2019-8555: Zhiyi Zhang of 360 ESG Codesafe Team, Zhuo Liang and shrek_wzw of Qihoo 360 Nirvan Team
Bom Available for: macOS Mojave 10.14.3 Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved handling of file metadata. CVE-2019-6239: Ian Moorhouse and Michael Trimm
CFString Available for: macOS Mojave 10.14.3 Impact: Processing a maliciously crafted string may lead to a denial of service Description: A validation issue was addressed with improved logic. CVE-2019-8516: SWIPS Team of Frifee Inc.
configd Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8552: Mohamed Ghannam (@_simo36)
Contacts Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2019-8511: an anonymous researcher
CoreCrypto Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher
DiskArbitration Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password Description: A logic issue was addressed with improved state management. CVE-2019-8522: Colin Meginnis (@falc420)
FaceTime Available for: macOS Mojave 10.14.3 Impact: A user's video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing Description: An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. CVE-2019-8550: Lauren Guzniczak of Keystone Academy
Feedback Assistant Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to gain root privileges Description: A race condition was addressed with additional validation. CVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs
Feedback Assistant Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to overwrite arbitrary files Description: This issue was addressed with improved checks. CVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs
file Available for: macOS Mojave 10.14.3 Impact: Processing a maliciously crafted file might disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6237: an anonymous researcher
Graphics Drivers Available for: macOS Mojave 10.14.3 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8519: Aleksandr Tarasikov (@astarasikov), Juwei Lin (@panicaII) and Junzhi Lu of Trend Micro Research working with Trend Micro's Zero Day Initiative
iAP Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher
IOGraphics Available for: macOS Mojave 10.14.3 Impact: A Mac may not lock when disconnecting from an external monitor Description: A lock handling issue was addressed with improved lock handling. CVE-2019-8533: an anonymous researcher, James Eagan of Télécom ParisTech, R. Scott Kemp of MIT, Romke van Dijk of Z-CERT
IOHIDFamily Available for: macOS Mojave 10.14.3 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A memory corruption issue was addressed with improved state management. CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
IOKit Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A local user may be able to read kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8504: an anonymous researcher
IOKit SCSI Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro
Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A buffer overflow was addressed with improved size validation. CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)
Kernel Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3 Impact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8508: Dr. Silvio Cesare of InfoSect
Kernel Available for: macOS Mojave 10.14.3 Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2019-8514: Samuel Groß of Google Project Zero
Kernel Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to determine kernel memory layout Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team
Kernel Available for: macOS Mojave 10.14.3 Impact: A local user may be able to read kernel memory Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-7293: Ned Williamson of Google
Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan) CVE-2019-8510: Stefan Esser of Antid0te UG
Messages Available for: macOS Mojave 10.14.3 Impact: A local user may be able to view sensitive user information Description: An access issue was addressed with additional sandbox restrictions. CVE-2019-8546: ChiYuan Chang
Notes Available for: macOS Mojave 10.14.3 Impact: A local user may be able to view a user's locked notes Description: An access issue was addressed with improved memory management. CVE-2019-8537: Greg Walker (gregwalker.us)
PackageKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved validation. CVE-2019-8561: Jaron Bradley of Crowdstrike
Perl Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: Multiple issues in Perl Description: Multiple issues in Perl were addressed in this update. CVE-2018-12015: Jakub Wilk CVE-2018-18311: Jayakrishna Menon CVE-2018-18313: Eiichi Tsukata
Power Management Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation. CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure (ssd-disclosure.com)
QuartzCore Available for: macOS Mojave 10.14.3 Impact: Processing malicious data may lead to unexpected application termination Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-8507: Kai Lu or Fortinet's FortiGuard Labs
Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2019-8526: Linus Henze (pinauten.de)
Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8520: Antonio Groza, The UK's National Cyber Security Centre (NCSC)
Siri Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to initiate a Dictation request without user authorization Description: An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. CVE-2019-8502: Luke Deshotels of North Carolina State University, Jordan Beichler of North Carolina State University, William Enck of North Carolina State University, Costin Carabaș of University POLITEHNICA of Bucharest, and Răzvan Deaconescu of University POLITEHNICA of Bucharest
Time Machine Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A local user may be able to execute arbitrary shell commands Description: This issue was addressed with improved checks. CVE-2019-8513: CodeColorist of Ant-Financial LightYear Labs
TrueTypeScaler Available for: macOS Mojave 10.14.3 Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero Day Initiative
XPC Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to overwrite arbitrary files Description: This issue was addressed with improved checks. CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs
Additional recognition
Accounts We would like to acknowledge Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt for their assistance.
Books We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.
Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.
Mail We would like to acknowledge Craig Young of Tripwire VERT and Hanno Böck for their assistance.
Time Machine We would like to acknowledge CodeColorist of Ant-Financial LightYear Labs for their assistance.
Installation note:
macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZWQgpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3E4zA/9 FvnChJHCmmH34DmCi+LGXO/fatCVVvvSHDWm1+bPjl8CeYcF+zZYACkQKxFoNpDT vyiBJnNveCQEHeBvqSyRF8dfsTf4fr0MrFS1uIQVRPf2St6fZ27vDnC6fg269r0D Eqnz0raFUa3bLUirteRMJwAqdGaVKwsNzM13qP4QEdrB14XkwZA0yQBunltFYU33 iAesKeejDLdhwkjfhmmjTlVPZmnABx2ZCfj2v7TiPxTOjfYbXcN8sY2LDHEOWNaM ucrGBMfGH/ehStXAsIArwcLGOl6SI+6JywWVcm9lG6jUHSeSk9BPF6R4JzGrEHZB sSo87+U8b63KA2GkYecwh6xvE5EchQku/fj0d2zbOlg+T2bMbyc6Al2nefsYnX5p 7BuhdZxqq3m3Gme2qRY0eye6wch1BTHhK+zctrVH2XeMaUpeanopVRI8AD+hZJ1J +9oQX8kSa7hzJYPmohA4Wi/Rp9FpKpgXYNBn1A9DgSAvf+eyfWJX0aZXmQZfn/k7 OLz3EmSKvXv0i67L9g2XYeX7GFBMqf4xWeztKLUYFafu73t1mTxZJICcYeTxebS0 zBJdkOHwP9GxsSonblDgPScQPdW85l0fangn7qqiexCVp4JsCGBc0Wuy1lc+MyzS 1YmrDRhRl4aYOf4UGgtKI6ncvM77Y30ECPV3A6vl+wk= =QV0f -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-3834-1 December 03, 2018
perl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Perl.
Software Description: - perl: Practical Extraction and Report Language
Details:
Jayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. (CVE-2018-18311)
Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18312)
Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. (CVE-2018-18313)
Jakub Wilk discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18314)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10: perl 5.26.2-7ubuntu0.1
Ubuntu 18.04 LTS: perl 5.26.1-6ubuntu0.3
Ubuntu 16.04 LTS: perl 5.22.1-9ubuntu0.6
Ubuntu 14.04 LTS: perl 5.18.2-2ubuntu1.7
In general, a standard system update will make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0271",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "e-series santricity os controller",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.0.0"
},
{
"model": "snapdriver",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "enterprise linux server tus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "openshift container platform",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "3.11"
},
{
"model": "perl",
"scope": "lt",
"trust": 1.0,
"vendor": "perl",
"version": "5.26.3"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.8.2.8"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "8.1.1"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "29"
},
{
"model": "enterprise linux server aus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "perl",
"scope": "lt",
"trust": 1.0,
"vendor": "perl",
"version": "5.28.1"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "enterprise linux desktop",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux workstation",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux eus",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.4"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "perl",
"scope": "gte",
"trust": 1.0,
"vendor": "perl",
"version": "5.28.0"
},
{
"model": "web gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2"
},
{
"model": "enterprise linux server",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "snap creator framework",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.10"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "web gateway",
"scope": "lt",
"trust": 1.0,
"vendor": "mcafee",
"version": "7.7.2.21"
},
{
"model": "perl",
"scope": "lt",
"trust": 0.8,
"vendor": "the perl",
"version": "5.28.x"
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "perl",
"scope": "eq",
"trust": 0.8,
"vendor": "the perl",
"version": "5.28.1"
},
{
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "7"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.28"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.26.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.26"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.24.3"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.22.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.20.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.20.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.18.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.16"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.14"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.12.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.12"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.11"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.10"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.9.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.8.10"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.8.9"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.8.8"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.8.7"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.8.6"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.8.5"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.8.4"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.8.3"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.8"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.8.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.8.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.24"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.22"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.20"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.18"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.17.7"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.16.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.16.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.14.3"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.14.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.14.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.13.9"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.13.8"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.13.7"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.13.6"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.13.5"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.13.4"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.13.3"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.13.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.13.11"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.13.10"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.13.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.13.0"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.12.3"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.12.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.11.5"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.11.4"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.11.3"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.11.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.11.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.10.1"
},
{
"model": "perl",
"scope": "ne",
"trust": 0.3,
"vendor": "perl",
"version": "5.28.1"
},
{
"model": "perl",
"scope": "ne",
"trust": 0.3,
"vendor": "perl",
"version": "5.26.3"
}
],
"sources": [
{
"db": "BID",
"id": "106145"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012765"
},
{
"db": "NVD",
"id": "CVE-2018-18311"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.26.3",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.28.1",
"versionStartIncluding": "5.28.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapdriver:-:*:*:*:*:unix:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.14.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.1.1",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.8.2.8",
"versionStartIncluding": "7.8.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.7.2.21",
"versionStartIncluding": "7.7.2",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18311"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "151001"
},
{
"db": "PACKETSTORM",
"id": "153965"
},
{
"db": "PACKETSTORM",
"id": "151000"
},
{
"db": "PACKETSTORM",
"id": "151248"
}
],
"trust": 0.4
},
"cve": "CVE-2018-18311",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-18311",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-128858",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-18311",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-18311",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-128858",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128858"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012765"
},
{
"db": "NVD",
"id": "CVE-2018-18311"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations. Perl Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Perl is prone to the following multiple buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer. \n1. An integer-overflow vulnerability\n2. A heap-based buffer-overflow vulnerability\nAttackers can exploit these issues to execute arbitrary code on the affected application. Failed attempts will likely cause a denial-of-service condition. 7) - noarch, x86_64\n\n3. \n\nThe following packages have been upgraded to a later upstream version:\nrh-perl526-perl (5.26.3), rh-perl526-perl-Module-CoreList (5.20181130). \n\nFor the stable distribution (stretch), these problems have been fixed in\nversion 5.24.1-3+deb9u5. \n\nWe recommend that you upgrade your perl packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Important: perl security update\nAdvisory ID: RHSA-2019:0109-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:0109\nIssue date: 2019-01-21\nCVE Names: CVE-2018-18311 \n=====================================================================\n\n1. Summary:\n\nAn update for perl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x\n\n3. Description:\n\nPerl is a high-level programming language that is commonly used for system\nadministration utilities and web programming. \n\nSecurity Fix(es):\n\n* perl: Integer overflow leading to buffer overflow in Perl_my_setenv()\n(CVE-2018-18311)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank the Perl project for reporting this issue. \nUpstream acknowledges Jayakrishna Menon as the original reporter. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nperl-5.16.3-294.el7_6.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-294.el7_6.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm\nperl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm\nperl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm\nperl-IO-Zlib-1.10-294.el7_6.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm\nperl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm\nperl-Module-Loaded-0.08-294.el7_6.noarch.rpm\nperl-Object-Accessor-0.42-294.el7_6.noarch.rpm\nperl-Package-Constants-0.02-294.el7_6.noarch.rpm\nperl-Pod-Escapes-1.04-294.el7_6.noarch.rpm\n\nx86_64:\nperl-5.16.3-294.el7_6.x86_64.rpm\nperl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm\nperl-core-5.16.3-294.el7_6.x86_64.rpm\nperl-debuginfo-5.16.3-294.el7_6.i686.rpm\nperl-debuginfo-5.16.3-294.el7_6.x86_64.rpm\nperl-devel-5.16.3-294.el7_6.i686.rpm\nperl-devel-5.16.3-294.el7_6.x86_64.rpm\nperl-libs-5.16.3-294.el7_6.i686.rpm\nperl-libs-5.16.3-294.el7_6.x86_64.rpm\nperl-macros-5.16.3-294.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nperl-debuginfo-5.16.3-294.el7_6.x86_64.rpm\nperl-tests-5.16.3-294.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nperl-5.16.3-294.el7_6.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-294.el7_6.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm\nperl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm\nperl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm\nperl-IO-Zlib-1.10-294.el7_6.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm\nperl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm\nperl-Module-Loaded-0.08-294.el7_6.noarch.rpm\nperl-Object-Accessor-0.42-294.el7_6.noarch.rpm\nperl-Package-Constants-0.02-294.el7_6.noarch.rpm\nperl-Pod-Escapes-1.04-294.el7_6.noarch.rpm\n\nx86_64:\nperl-5.16.3-294.el7_6.x86_64.rpm\nperl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm\nperl-core-5.16.3-294.el7_6.x86_64.rpm\nperl-debuginfo-5.16.3-294.el7_6.i686.rpm\nperl-debuginfo-5.16.3-294.el7_6.x86_64.rpm\nperl-devel-5.16.3-294.el7_6.i686.rpm\nperl-devel-5.16.3-294.el7_6.x86_64.rpm\nperl-libs-5.16.3-294.el7_6.i686.rpm\nperl-libs-5.16.3-294.el7_6.x86_64.rpm\nperl-macros-5.16.3-294.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nperl-debuginfo-5.16.3-294.el7_6.x86_64.rpm\nperl-tests-5.16.3-294.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nperl-5.16.3-294.el7_6.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-294.el7_6.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm\nperl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm\nperl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm\nperl-IO-Zlib-1.10-294.el7_6.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm\nperl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm\nperl-Module-Loaded-0.08-294.el7_6.noarch.rpm\nperl-Object-Accessor-0.42-294.el7_6.noarch.rpm\nperl-Package-Constants-0.02-294.el7_6.noarch.rpm\nperl-Pod-Escapes-1.04-294.el7_6.noarch.rpm\n\nppc64:\nperl-5.16.3-294.el7_6.ppc64.rpm\nperl-Time-Piece-1.20.1-294.el7_6.ppc64.rpm\nperl-core-5.16.3-294.el7_6.ppc64.rpm\nperl-debuginfo-5.16.3-294.el7_6.ppc.rpm\nperl-debuginfo-5.16.3-294.el7_6.ppc64.rpm\nperl-devel-5.16.3-294.el7_6.ppc.rpm\nperl-devel-5.16.3-294.el7_6.ppc64.rpm\nperl-libs-5.16.3-294.el7_6.ppc.rpm\nperl-libs-5.16.3-294.el7_6.ppc64.rpm\nperl-macros-5.16.3-294.el7_6.ppc64.rpm\n\nppc64le:\nperl-5.16.3-294.el7_6.ppc64le.rpm\nperl-Time-Piece-1.20.1-294.el7_6.ppc64le.rpm\nperl-core-5.16.3-294.el7_6.ppc64le.rpm\nperl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm\nperl-devel-5.16.3-294.el7_6.ppc64le.rpm\nperl-libs-5.16.3-294.el7_6.ppc64le.rpm\nperl-macros-5.16.3-294.el7_6.ppc64le.rpm\n\ns390x:\nperl-5.16.3-294.el7_6.s390x.rpm\nperl-Time-Piece-1.20.1-294.el7_6.s390x.rpm\nperl-core-5.16.3-294.el7_6.s390x.rpm\nperl-debuginfo-5.16.3-294.el7_6.s390.rpm\nperl-debuginfo-5.16.3-294.el7_6.s390x.rpm\nperl-devel-5.16.3-294.el7_6.s390.rpm\nperl-devel-5.16.3-294.el7_6.s390x.rpm\nperl-libs-5.16.3-294.el7_6.s390.rpm\nperl-libs-5.16.3-294.el7_6.s390x.rpm\nperl-macros-5.16.3-294.el7_6.s390x.rpm\n\nx86_64:\nperl-5.16.3-294.el7_6.x86_64.rpm\nperl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm\nperl-core-5.16.3-294.el7_6.x86_64.rpm\nperl-debuginfo-5.16.3-294.el7_6.i686.rpm\nperl-debuginfo-5.16.3-294.el7_6.x86_64.rpm\nperl-devel-5.16.3-294.el7_6.i686.rpm\nperl-devel-5.16.3-294.el7_6.x86_64.rpm\nperl-libs-5.16.3-294.el7_6.i686.rpm\nperl-libs-5.16.3-294.el7_6.x86_64.rpm\nperl-macros-5.16.3-294.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\nperl-5.16.3-294.el7_6.src.rpm\n\naarch64:\nperl-5.16.3-294.el7_6.aarch64.rpm\nperl-Time-Piece-1.20.1-294.el7_6.aarch64.rpm\nperl-core-5.16.3-294.el7_6.aarch64.rpm\nperl-debuginfo-5.16.3-294.el7_6.aarch64.rpm\nperl-devel-5.16.3-294.el7_6.aarch64.rpm\nperl-libs-5.16.3-294.el7_6.aarch64.rpm\nperl-macros-5.16.3-294.el7_6.aarch64.rpm\n\nnoarch:\nperl-CPAN-1.9800-294.el7_6.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm\nperl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm\nperl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm\nperl-IO-Zlib-1.10-294.el7_6.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm\nperl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm\nperl-Module-Loaded-0.08-294.el7_6.noarch.rpm\nperl-Object-Accessor-0.42-294.el7_6.noarch.rpm\nperl-Package-Constants-0.02-294.el7_6.noarch.rpm\nperl-Pod-Escapes-1.04-294.el7_6.noarch.rpm\n\nppc64le:\nperl-5.16.3-294.el7_6.ppc64le.rpm\nperl-Time-Piece-1.20.1-294.el7_6.ppc64le.rpm\nperl-core-5.16.3-294.el7_6.ppc64le.rpm\nperl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm\nperl-devel-5.16.3-294.el7_6.ppc64le.rpm\nperl-libs-5.16.3-294.el7_6.ppc64le.rpm\nperl-macros-5.16.3-294.el7_6.ppc64le.rpm\n\ns390x:\nperl-5.16.3-294.el7_6.s390x.rpm\nperl-Time-Piece-1.20.1-294.el7_6.s390x.rpm\nperl-core-5.16.3-294.el7_6.s390x.rpm\nperl-debuginfo-5.16.3-294.el7_6.s390.rpm\nperl-debuginfo-5.16.3-294.el7_6.s390x.rpm\nperl-devel-5.16.3-294.el7_6.s390.rpm\nperl-devel-5.16.3-294.el7_6.s390x.rpm\nperl-libs-5.16.3-294.el7_6.s390.rpm\nperl-libs-5.16.3-294.el7_6.s390x.rpm\nperl-macros-5.16.3-294.el7_6.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nperl-debuginfo-5.16.3-294.el7_6.ppc64.rpm\nperl-tests-5.16.3-294.el7_6.ppc64.rpm\n\nppc64le:\nperl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm\nperl-tests-5.16.3-294.el7_6.ppc64le.rpm\n\ns390x:\nperl-debuginfo-5.16.3-294.el7_6.s390x.rpm\nperl-tests-5.16.3-294.el7_6.s390x.rpm\n\nx86_64:\nperl-debuginfo-5.16.3-294.el7_6.x86_64.rpm\nperl-tests-5.16.3-294.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\nperl-debuginfo-5.16.3-294.el7_6.aarch64.rpm\nperl-tests-5.16.3-294.el7_6.aarch64.rpm\n\nppc64le:\nperl-debuginfo-5.16.3-294.el7_6.ppc64le.rpm\nperl-tests-5.16.3-294.el7_6.ppc64le.rpm\n\ns390x:\nperl-debuginfo-5.16.3-294.el7_6.s390x.rpm\nperl-tests-5.16.3-294.el7_6.s390x.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nperl-5.16.3-294.el7_6.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-294.el7_6.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.noarch.rpm\nperl-ExtUtils-Embed-1.30-294.el7_6.noarch.rpm\nperl-ExtUtils-Install-1.58-294.el7_6.noarch.rpm\nperl-IO-Zlib-1.10-294.el7_6.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-294.el7_6.noarch.rpm\nperl-Module-CoreList-2.76.02-294.el7_6.noarch.rpm\nperl-Module-Loaded-0.08-294.el7_6.noarch.rpm\nperl-Object-Accessor-0.42-294.el7_6.noarch.rpm\nperl-Package-Constants-0.02-294.el7_6.noarch.rpm\nperl-Pod-Escapes-1.04-294.el7_6.noarch.rpm\n\nx86_64:\nperl-5.16.3-294.el7_6.x86_64.rpm\nperl-Time-Piece-1.20.1-294.el7_6.x86_64.rpm\nperl-core-5.16.3-294.el7_6.x86_64.rpm\nperl-debuginfo-5.16.3-294.el7_6.i686.rpm\nperl-debuginfo-5.16.3-294.el7_6.x86_64.rpm\nperl-devel-5.16.3-294.el7_6.i686.rpm\nperl-devel-5.16.3-294.el7_6.x86_64.rpm\nperl-libs-5.16.3-294.el7_6.i686.rpm\nperl-libs-5.16.3-294.el7_6.x86_64.rpm\nperl-macros-5.16.3-294.el7_6.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nperl-debuginfo-5.16.3-294.el7_6.x86_64.rpm\nperl-tests-5.16.3-294.el7_6.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-18311\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXEYC0dzjgjWX9erEAQi+cg//SP5ltkBCVsa86sXT7nP94nQepzxwweEj\nEC1T/sqSYhSYJcftiJdmcxJk9g4wOns39SNJuvsiiajYarJeIFjUq2TpX/lxL3Qe\nYrrnZ2esaT+kTDPtCpzBoatZ6uSKZmAVBKmu1bQMmquRt6fbk9F3lWWzfUEfspuU\nRxfJplbKlejPsAAEUA4URdoC8Jey1cbKgrDOxqOGH1ipZyVsW8jvrrCZxCLKkeRR\nMyfngBxyTGld78ZoDipSMOInjs50Snh3xp+z4ZxPIpltaEiJHK9mbg5Psqvz8hZY\nS7RMVK4qPPJwFuPLEKBBNtwFneNotq1Hz4Pj1f2YvjsTv56N+IwudLAdHK8bQBA8\nmTRgSNbn8T/22U67d6Pa+T1hL/5xstbOM2Jtj5CD++Oqh84mh8ZhWYFafAdCu/RS\nRRgSZIg3CCjS7C0y+to1BBNARWJm0ymko9NPVGW5anDvqCZfowbUEOe/t1suXbE9\npMJgi+p5JPJwWgA+PkYgeW60edGu1sobtV84QQtgUAjy6wgby2wHYPgJJVNt8TP8\n6JkRCmHhbwjsreDy0v65oNWWwTsgUFzjl+KUk5nwh/JST6w+LjY/CCUTgTNyVQR3\nivFL/VNrTip4RQCASlWILYI95U0h+Fb1hL7xbQ5KevVNwS07MZdFhEcZWDTBj3Iw\nKtRzQvqVeHM=\n=kPNu\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update\n2019-002 High Sierra, Security Update 2019-002 Sierra\n\nmacOS Mojave 10.14.4, Security Update 2019-002 High Sierra,\nSecurity Update 2019-002 Sierra are now available and\naddresses the following:\n\nAppleGraphicsControl\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2019-8555: Zhiyi Zhang of 360 ESG Codesafe Team, Zhuo Liang and\nshrek_wzw of Qihoo 360 Nirvan Team\n\nBom\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved handling of file\nmetadata. \nCVE-2019-6239: Ian Moorhouse and Michael Trimm\n\nCFString\nAvailable for: macOS Mojave 10.14.3\nImpact: Processing a maliciously crafted string may lead to a denial\nof service\nDescription: A validation issue was addressed with improved logic. \nCVE-2019-8516: SWIPS Team of Frifee Inc. \n\nconfigd\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2019-8552: Mohamed Ghannam (@_simo36)\n\nContacts\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2019-8511: an anonymous researcher\n\nCoreCrypto\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-8542: an anonymous researcher\n\nDiskArbitration\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: An encrypted volume may be unmounted and remounted by a\ndifferent user without prompting for the password\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2019-8522: Colin Meginnis (@falc420)\n\nFaceTime\nAvailable for: macOS Mojave 10.14.3\nImpact: A user\u0027s video may not be paused in a FaceTime call if they\nexit the FaceTime app while the call is ringing\nDescription: An issue existed in the pausing of FaceTime video. The\nissue was resolved with improved logic. \nCVE-2019-8550: Lauren Guzniczak of Keystone Academy\n\nFeedback Assistant\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to gain root privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs\n\nFeedback Assistant\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to overwrite arbitrary\nfiles\nDescription: This issue was addressed with improved checks. \nCVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs\n\nfile\nAvailable for: macOS Mojave 10.14.3\nImpact: Processing a maliciously crafted file might disclose user\ninformation\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-6237: an anonymous researcher\n\nGraphics Drivers\nAvailable for: macOS Mojave 10.14.3\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8519: Aleksandr Tarasikov (@astarasikov), Juwei Lin\n(@panicaII) and Junzhi Lu of Trend Micro Research working with Trend\nMicro\u0027s Zero Day Initiative\n\niAP\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-8542: an anonymous researcher\n\nIOGraphics\nAvailable for: macOS Mojave 10.14.3\nImpact: A Mac may not lock when disconnecting from an external\nmonitor\nDescription: A lock handling issue was addressed with improved lock\nhandling. \nCVE-2019-8533: an anonymous researcher, James Eagan of T\u00e9l\u00e9com\nParisTech, R. Scott Kemp of MIT, Romke van Dijk of Z-CERT\n\nIOHIDFamily\nAvailable for: macOS Mojave 10.14.3\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team\n\nIOKit\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3\nImpact: A local user may be able to read kernel memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2019-8504: an anonymous researcher\n\nIOKit SCSI\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.3\nImpact: Mounting a maliciously crafted NFS network share may lead to\narbitrary code execution with system privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-8508: Dr. Silvio Cesare of InfoSect\n\nKernel\nAvailable for: macOS Mojave 10.14.3\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2019-8514: Samuel Gro\u00df of Google Project Zero\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.3\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for: macOS Mojave 10.14.3\nImpact: A local user may be able to read kernel memory\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-7293: Ned Williamson of Google\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed with improved input\nvalidation. \nCVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)\nCVE-2019-8510: Stefan Esser of Antid0te UG\n\nMessages\nAvailable for: macOS Mojave 10.14.3\nImpact: A local user may be able to view sensitive user information\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2019-8546: ChiYuan Chang\n\nNotes\nAvailable for: macOS Mojave 10.14.3\nImpact: A local user may be able to view a user\u0027s locked notes\nDescription: An access issue was addressed with improved memory\nmanagement. \nCVE-2019-8537: Greg Walker (gregwalker.us)\n\nPackageKit\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2019-8561: Jaron Bradley of Crowdstrike\n\nPerl\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: Multiple issues in Perl\nDescription: Multiple issues in Perl were addressed in this update. \nCVE-2018-12015: Jakub Wilk\nCVE-2018-18311: Jayakrishna Menon\nCVE-2018-18313: Eiichi Tsukata\n\nPower Management\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: Multiple input validation issues existed in MIG\ngenerated code. These issues were addressed with improved validation. \nCVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure\n(ssd-disclosure.com)\n\nQuartzCore\nAvailable for: macOS Mojave 10.14.3\nImpact: Processing malicious data may lead to unexpected application\ntermination\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2019-8507: Kai Lu or Fortinet\u0027s FortiGuard Labs\n\nSecurity\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: An application may be able to gain elevated privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2019-8526: Linus Henze (pinauten.de)\n\nSecurity\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8520: Antonio Groza, The UK\u0027s National Cyber Security Centre\n(NCSC)\n\nSiri\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to initiate a Dictation\nrequest without user authorization\nDescription: An API issue existed in the handling of dictation\nrequests. This issue was addressed with improved validation. \nCVE-2019-8502: Luke Deshotels of North Carolina State University,\nJordan Beichler of North Carolina State University, William Enck of\nNorth Carolina State University, Costin Caraba\u0219 of University\nPOLITEHNICA of Bucharest, and R\u0103zvan Deaconescu of University\nPOLITEHNICA of Bucharest\n\nTime Machine\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A local user may be able to execute arbitrary shell commands\nDescription: This issue was addressed with improved checks. \nCVE-2019-8513: CodeColorist of Ant-Financial LightYear Labs\n\nTrueTypeScaler\nAvailable for: macOS Mojave 10.14.3\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero\nDay Initiative\n\nXPC\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.3\nImpact: A malicious application may be able to overwrite arbitrary\nfiles\nDescription: This issue was addressed with improved checks. \nCVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs\n\nAdditional recognition\n\nAccounts\nWe would like to acknowledge Milan Stute of Secure Mobile Networking\nLab at Technische Universit\u00e4t Darmstadt for their assistance. \n\nBooks\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for\ntheir assistance. \n\nKernel\nWe would like to acknowledge Brandon Azad of Google Project Zero for\ntheir assistance. \n\nMail\nWe would like to acknowledge Craig Young of Tripwire VERT and Hanno\nB\u00f6ck for their assistance. \n\nTime Machine\nWe would like to acknowledge CodeColorist of Ant-Financial LightYear\nLabs for their assistance. \n\nInstallation note:\n\nmacOS Mojave 10.14.4, Security Update 2019-002 High Sierra,\nSecurity Update 2019-002 Sierra may be obtained from the\nMac App Store or Apple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZWQgpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3E4zA/9\nFvnChJHCmmH34DmCi+LGXO/fatCVVvvSHDWm1+bPjl8CeYcF+zZYACkQKxFoNpDT\nvyiBJnNveCQEHeBvqSyRF8dfsTf4fr0MrFS1uIQVRPf2St6fZ27vDnC6fg269r0D\nEqnz0raFUa3bLUirteRMJwAqdGaVKwsNzM13qP4QEdrB14XkwZA0yQBunltFYU33\niAesKeejDLdhwkjfhmmjTlVPZmnABx2ZCfj2v7TiPxTOjfYbXcN8sY2LDHEOWNaM\nucrGBMfGH/ehStXAsIArwcLGOl6SI+6JywWVcm9lG6jUHSeSk9BPF6R4JzGrEHZB\nsSo87+U8b63KA2GkYecwh6xvE5EchQku/fj0d2zbOlg+T2bMbyc6Al2nefsYnX5p\n7BuhdZxqq3m3Gme2qRY0eye6wch1BTHhK+zctrVH2XeMaUpeanopVRI8AD+hZJ1J\n+9oQX8kSa7hzJYPmohA4Wi/Rp9FpKpgXYNBn1A9DgSAvf+eyfWJX0aZXmQZfn/k7\nOLz3EmSKvXv0i67L9g2XYeX7GFBMqf4xWeztKLUYFafu73t1mTxZJICcYeTxebS0\nzBJdkOHwP9GxsSonblDgPScQPdW85l0fangn7qqiexCVp4JsCGBc0Wuy1lc+MyzS\n1YmrDRhRl4aYOf4UGgtKI6ncvM77Y30ECPV3A6vl+wk=\n=QV0f\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-3834-1\nDecember 03, 2018\n\nperl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Perl. \n\nSoftware Description:\n- perl: Practical Extraction and Report Language\n\nDetails:\n\nJayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. (CVE-2018-18311)\n\nEiichi Tsukata discovered that Perl incorrectly handled certain regular\nexpressions. This\nissue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. \n(CVE-2018-18312)\n\nEiichi Tsukata discovered that Perl incorrectly handled certain regular\nexpressions. An attacker could use this issue to cause Perl to crash,\nresulting in a denial of service. (CVE-2018-18313)\n\nJakub Wilk discovered that Perl incorrectly handled certain regular\nexpressions. An attacker could use this issue to cause Perl to crash,\nresulting in a denial of service. This issue only affected Ubuntu 16.04\nLTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18314)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n perl 5.26.2-7ubuntu0.1\n\nUbuntu 18.04 LTS:\n perl 5.26.1-6ubuntu0.3\n\nUbuntu 16.04 LTS:\n perl 5.22.1-9ubuntu0.6\n\nUbuntu 14.04 LTS:\n perl 5.18.2-2ubuntu1.7\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18311"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012765"
},
{
"db": "BID",
"id": "106145"
},
{
"db": "VULHUB",
"id": "VHN-128858"
},
{
"db": "PACKETSTORM",
"id": "151001"
},
{
"db": "PACKETSTORM",
"id": "153965"
},
{
"db": "PACKETSTORM",
"id": "151000"
},
{
"db": "PACKETSTORM",
"id": "150523"
},
{
"db": "PACKETSTORM",
"id": "151248"
},
{
"db": "PACKETSTORM",
"id": "152222"
},
{
"db": "PACKETSTORM",
"id": "150564"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-18311",
"trust": 2.9
},
{
"db": "BID",
"id": "106145",
"trust": 1.4
},
{
"db": "SECTRACK",
"id": "1042181",
"trust": 1.1
},
{
"db": "MCAFEE",
"id": "SB10278",
"trust": 1.1
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012765",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "151001",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "153965",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "150564",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "151248",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "151000",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "150523",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "150565",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153652",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "153814",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "154385",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-128858",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "152222",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128858"
},
{
"db": "BID",
"id": "106145"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012765"
},
{
"db": "PACKETSTORM",
"id": "151001"
},
{
"db": "PACKETSTORM",
"id": "153965"
},
{
"db": "PACKETSTORM",
"id": "151000"
},
{
"db": "PACKETSTORM",
"id": "150523"
},
{
"db": "PACKETSTORM",
"id": "151248"
},
{
"db": "PACKETSTORM",
"id": "152222"
},
{
"db": "PACKETSTORM",
"id": "150564"
},
{
"db": "NVD",
"id": "CVE-2018-18311"
}
]
},
"id": "VAR-201812-0271",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-128858"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:38:14.990000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-4347",
"trust": 0.8,
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"title": "Perl_my_setenv(); handle integer wrap",
"trust": 0.8,
"url": "https://github.com/perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be"
},
{
"title": "[SECURITY] Fedora 29 Update: perl-5.28.1-425.fc29",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rwqgeb543qn7ssbrkyjm6psoc3rlygsm/"
},
{
"title": "USN-3834-1",
"trust": 0.8,
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"title": "USN-3834-2",
"trust": 0.8,
"url": "https://usn.ubuntu.com/3834-2/"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012765"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128858"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012765"
},
{
"db": "NVD",
"id": "CVE-2018-18311"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.2,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646730"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18311"
},
{
"trust": 1.4,
"url": "https://github.com/perl/perl5/commit/34716e2a6ee2af96078d62b065b7785c001194be"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:0001"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:0010"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:0109"
},
{
"trust": 1.2,
"url": "https://access.redhat.com/errata/rhsa-2019:2400"
},
{
"trust": 1.1,
"url": "http://www.securityfocus.com/bid/106145"
},
{
"trust": 1.1,
"url": "https://seclists.org/bugtraq/2019/mar/42"
},
{
"trust": 1.1,
"url": "https://metacpan.org/changes/release/shay/perl-5.26.3"
},
{
"trust": 1.1,
"url": "https://metacpan.org/changes/release/shay/perl-5.28.1"
},
{
"trust": 1.1,
"url": "https://rt.perl.org/ticket/display.html?id=133204"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"trust": 1.1,
"url": "https://support.apple.com/kb/ht209600"
},
{
"trust": 1.1,
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"trust": 1.1,
"url": "http://seclists.org/fulldisclosure/2019/mar/49"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"trust": 1.1,
"url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00039.html"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhba-2019:0327"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:1790"
},
{
"trust": 1.1,
"url": "https://access.redhat.com/errata/rhsa-2019:1942"
},
{
"trust": 1.1,
"url": "http://www.securitytracker.com/id/1042181"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"trust": 1.1,
"url": "https://usn.ubuntu.com/3834-2/"
},
{
"trust": 1.0,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=sb10278"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rwqgeb543qn7ssbrkyjm6psoc3rlygsm/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18311"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2018-18311"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-18314"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18313"
},
{
"trust": 0.4,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18312"
},
{
"trust": 0.4,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18314"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646751"
},
{
"trust": 0.3,
"url": "https://github.com/perl/perl5/commit/19a498a461d7c81ae3507c450953d1148efecf4f"
},
{
"trust": 0.3,
"url": "www.perl.org"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-18313"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-18312"
},
{
"trust": 0.1,
"url": "https://kc.mcafee.com/corporate/index?page=content\u0026amp;id=sb10278"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rwqgeb543qn7ssbrkyjm6psoc3rlygsm/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/perl"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8514"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8519"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8502"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8516"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6239"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6237"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8526"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8527"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12015"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8533"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8517"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8521"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8504"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8510"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8508"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8530"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8513"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8529"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8507"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/perl/5.26.1-6ubuntu0.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/perl/5.22.1-9ubuntu0.6"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/perl/5.18.2-2ubuntu1.7"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3834-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/perl/5.26.2-7ubuntu0.1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128858"
},
{
"db": "BID",
"id": "106145"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012765"
},
{
"db": "PACKETSTORM",
"id": "151001"
},
{
"db": "PACKETSTORM",
"id": "153965"
},
{
"db": "PACKETSTORM",
"id": "151000"
},
{
"db": "PACKETSTORM",
"id": "150523"
},
{
"db": "PACKETSTORM",
"id": "151248"
},
{
"db": "PACKETSTORM",
"id": "152222"
},
{
"db": "PACKETSTORM",
"id": "150564"
},
{
"db": "NVD",
"id": "CVE-2018-18311"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-128858"
},
{
"db": "BID",
"id": "106145"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012765"
},
{
"db": "PACKETSTORM",
"id": "151001"
},
{
"db": "PACKETSTORM",
"id": "153965"
},
{
"db": "PACKETSTORM",
"id": "151000"
},
{
"db": "PACKETSTORM",
"id": "150523"
},
{
"db": "PACKETSTORM",
"id": "151248"
},
{
"db": "PACKETSTORM",
"id": "152222"
},
{
"db": "PACKETSTORM",
"id": "150564"
},
{
"db": "NVD",
"id": "CVE-2018-18311"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-128858"
},
{
"date": "2018-11-29T00:00:00",
"db": "BID",
"id": "106145"
},
{
"date": "2019-02-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012765"
},
{
"date": "2019-01-03T02:57:52",
"db": "PACKETSTORM",
"id": "151001"
},
{
"date": "2019-08-07T20:08:30",
"db": "PACKETSTORM",
"id": "153965"
},
{
"date": "2019-01-03T02:57:21",
"db": "PACKETSTORM",
"id": "151000"
},
{
"date": "2018-11-30T15:01:16",
"db": "PACKETSTORM",
"id": "150523"
},
{
"date": "2019-01-22T16:02:14",
"db": "PACKETSTORM",
"id": "151248"
},
{
"date": "2019-03-26T14:40:53",
"db": "PACKETSTORM",
"id": "152222"
},
{
"date": "2018-12-03T21:10:16",
"db": "PACKETSTORM",
"id": "150564"
},
{
"date": "2018-12-07T21:29:00.407000",
"db": "NVD",
"id": "CVE-2018-18311"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-128858"
},
{
"date": "2018-11-29T00:00:00",
"db": "BID",
"id": "106145"
},
{
"date": "2019-02-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012765"
},
{
"date": "2023-11-07T02:55:02.103000",
"db": "NVD",
"id": "CVE-2018-18311"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "network",
"sources": [
{
"db": "BID",
"id": "106145"
}
],
"trust": 0.3
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Perl Buffer error vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012765"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow",
"sources": [
{
"db": "PACKETSTORM",
"id": "151001"
},
{
"db": "PACKETSTORM",
"id": "153965"
},
{
"db": "PACKETSTORM",
"id": "151000"
},
{
"db": "PACKETSTORM",
"id": "151248"
}
],
"trust": 0.4
}
}
var-201508-0153
Vulnerability from variot
Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression. Perl is prone to a denial-of-service vulnerability. Successful exploits will allow attackers to cause a denial-of-service condition. Apple OS X is a dedicated operating system developed by Apple for Mac computers. Perl is a free and powerful cross-platform programming language developed by American programmer Larry Wall. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006
OS X Yosemite v10.10.5 and Security Update 2015-006 is now available and addresses the following:
apache Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in Apache 2.4.16, the most serious of which may allow a remote attacker to cause a denial of service. Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.16. These were addressed by updating Apache to version 2.4.16. CVE-ID CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 CVE-2015-3185
apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in PHP 5.5.20, the most serious of which may lead to arbitrary code execution. Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.20. These were addressed by updating Apache to version 5.5.27. CVE-ID CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-3330 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148
Apple ID OD Plug-in Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able change the password of a local user Description: In some circumstances, a state management issue existed in password authentication. The issue was addressed through improved state management. CVE-ID CVE-2015-3799 : an anonymous researcher working with HP's Zero Day Initiative
AppleGraphicsControl Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in AppleGraphicsControl which could have led to the disclosure of kernel memory layout. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5768 : JieTao Yang of KeenTeam
Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOBluetoothHCIController. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3779 : Teddy Reed of Facebook Security
Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: A memory management issue could have led to the disclosure of kernel memory layout. This issue was addressed with improved memory management. CVE-ID CVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze Networks
Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious app may be able to access notifications from other iCloud devices Description: An issue existed where a malicious app could access a Bluetooth-paired Mac or iOS device's Notification Center notifications via the Apple Notification Center Service. The issue affected devices using Handoff and logged into the same iCloud account. This issue was resolved by revoking access to the Apple Notification Center Service. CVE-ID CVE-2015-3786 : Xiaolong Bai (Tsinghua University), System Security Lab (Indiana University), Tongxin Li (Peking University), XiaoFeng Wang (Indiana University)
Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: An attacker with privileged network position may be able to perform denial of service attack using malformed Bluetooth packets Description: An input validation issue existed in parsing of Bluetooth ACL packets. This issue was addressed through improved input validation. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-3777 : mitp0sh of [PDX]
bootp Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious Wi-Fi network may be able to determine networks a device has previously accessed Description: Upon connecting to a Wi-Fi network, iOS may have broadcast MAC addresses of previously accessed networks via the DNAv4 protocol. This issue was addressed through disabling DNAv4 on unencrypted Wi-Fi networks. CVE-ID CVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute, University of Oxford (on the EPSRC Being There project)
CloudKit Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to access the iCloud user record of a previously signed in user Description: A state inconsistency existed in CloudKit when signing out users. This issue was addressed through improved state handling. CVE-ID CVE-2015-3782 : Deepkanwal Plaha of University of Toronto
CoreMedia Playback Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in CoreMedia Playback. These were addressed through improved memory handling. CVE-ID CVE-2015-5777 : Apple CVE-2015-5778 : Apple
CoreText Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team
CoreText Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team
curl Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities in cURL and libcurl prior to 7.38.0, one of which may allow remote attackers to bypass the Same Origin Policy. Description: Multiple vulnerabilities existed in cURL and libcurl prior to 7.38.0. These issues were addressed by updating cURL to version 7.43.0. CVE-ID CVE-2014-3613 CVE-2014-3620 CVE-2014-3707 CVE-2014-8150 CVE-2014-8151 CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148 CVE-2015-3153
Data Detectors Engine Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a sequence of unicode characters can lead to an unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in processing of Unicode characters. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5750 : M1x7e1 of Safeye Team (www.safeye.org)
Date & Time pref pane Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Applications that rely on system time may have unexpected behavior Description: An authorization issue existed when modifying the system date and time preferences. This issue was addressed with additional authorization checks. CVE-ID CVE-2015-3757 : Mark S C Smith
Dictionary Application Available for: OS X Yosemite v10.10 to v10.10.4 Impact: An attacker with a privileged network position may be able to intercept users' Dictionary app queries Description: An issue existed in the Dictionary app, which did not properly secure user communications. This issue was addressed by moving Dictionary queries to HTTPS. CVE-ID CVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security Team
DiskImages Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team
dyld Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A path validation issue existed in dyld. This was addressed through improved environment sanitization. CVE-ID CVE-2015-3760 : beist of grayhash, Stefan Esser
FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-3804 : Apple CVE-2015-5775 : Apple
FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team
groff Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple issues in pdfroff Description: Multiple issues existed in pdfroff, the most serious of which may allow arbitrary filesystem modification. These issues were addressed by removing pdfroff. CVE-ID CVE-2009-5044 CVE-2009-5078
ImageIO Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of TIFF images. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5758 : Apple
ImageIO Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Visiting a maliciously crafted website may result in the disclosure of process memory Description: An uninitialized memory access issue existed in ImageIO's handling of PNG and TIFF images. Visiting a malicious website may result in sending data from process memory to the website. This issue is addressed through improved memory initialization and additional validation of PNG and TIFF images. CVE-ID CVE-2015-5781 : Michal Zalewski CVE-2015-5782 : Michal Zalewski
Install Framework Legacy Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with root privileges Description: An issue existed in how Install.framework's 'runner' binary dropped privileges. This issue was addressed through improved privilege management. CVE-ID CVE-2015-5784 : Ian Beer of Google Project Zero
Install Framework Legacy Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A race condition existed in Install.framework's 'runner' binary that resulted in privileges being incorrectly dropped. This issue was addressed through improved object locking. CVE-ID CVE-2015-5754 : Ian Beer of Google Project Zero
IOFireWireFamily Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: Memory corruption issues existed in IOFireWireFamily. These issues were addressed through additional type input validation. CVE-ID CVE-2015-3769 : Ilja van Sprundel CVE-2015-3771 : Ilja van Sprundel CVE-2015-3772 : Ilja van Sprundel
IOGraphics Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOGraphics. This issue was addressed through additional type input validation. CVE-ID CVE-2015-3770 : Ilja van Sprundel CVE-2015-5783 : Ilja van Sprundel
IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5774 : TaiG Jailbreak Team
Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in the mach_port_space_info interface, which could have led to the disclosure of kernel memory layout. This was addressed by disabling the mach_port_space_info interface. This issue was addressed through improved validation of IOKit API arguments. CVE-ID CVE-2015-3768 : Ilja van Sprundel
Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to cause a system denial of service Description: A resource exhaustion issue existed in the fasttrap driver. This was addressed through improved memory handling. CVE-ID CVE-2015-5747 : Maxime VILLARD of m00nbsd
Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to cause a system denial of service Description: A validation issue existed in the mounting of HFS volumes. This was addressed by adding additional checks. CVE-ID CVE-2015-5748 : Maxime VILLARD of m00nbsd
Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute unsigned code Description: An issue existed that allowed unsigned code to be appended to signed code in a specially crafted executable file. This issue was addressed through improved code signature validation. CVE-ID CVE-2015-3806 : TaiG Jailbreak Team
Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A specially crafted executable file could allow unsigned, malicious code to execute Description: An issue existed in the way multi-architecture executable files were evaluated that could have allowed unsigned code to be executed. This issue was addressed through improved validation of executable files. CVE-ID CVE-2015-3803 : TaiG Jailbreak Team
Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute unsigned code Description: A validation issue existed in the handling of Mach-O files. This was addressed by adding additional checks. CVE-ID CVE-2015-3802 : TaiG Jailbreak Team CVE-2015-3805 : TaiG Jailbreak Team
Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted plist may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption existed in processing of malformed plists. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein (@jollyjinx) of Jinx Germany
Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A path validation issue existed. This was addressed through improved environment sanitization. These were addressed through improved memory handling. CVE-ID CVE-2015-3796 : Ian Beer of Google Project Zero CVE-2015-3797 : Ian Beer of Google Project Zero CVE-2015-3798 : Ian Beer of Google Project Zero
Libinfo Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in handling AF_INET6 sockets. These were addressed by improved memory handling. This issue was addressed through improved lock state checking. CVE-ID CVE-2015-5757 : Lufeng Li of Qihoo 360
libxml2 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2, the most serious of which may allow a remote attacker to cause a denial of service Description: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2. These were addressed by updating libxml2 to version 2.9.2. CVE-ID CVE-2012-6685 : Felix Groebert of Google CVE-2014-0191 : Felix Groebert of Google
libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory access issue existed in libxml2. This was addressed by improved memory handling CVE-ID CVE-2014-3660 : Felix Groebert of Google
libxml2 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory corruption issue existed in parsing of XML files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3807 : Apple
libxpc Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in handling of malformed XPC messages. This issue was improved through improved bounds checking. CVE-ID CVE-2015-3795 : Mathew Rowley
mail_cmds Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary shell commands Description: A validation issue existed in the mailx parsing of email addresses. This was addressed by improved sanitization. CVE-ID CVE-2014-7844
Notification Center OSX Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to access all notifications previously displayed to users Description: An issue existed in Notification Center, which did not properly delete user notifications. This issue was addressed by correctly deleting notifications dismissed by users. CVE-ID CVE-2015-3764 : Jonathan Zdziarski
ntfs Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in NTFS. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze Networks
OpenSSH Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Remote attackers may be able to circumvent a time delay for failed login attempts and conduct brute-force attacks Description: An issue existed when processing keyboard-interactive devices. This issue was addressed through improved authentication request validation. CVE-ID CVE-2015-5600
OpenSSL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg, the most serious of which may allow a remote attacker to cause a denial of service. Description: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg. This issue was addressed through improved memory handling. CVE-ID CVE-2013-7422
PostgreSQL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: An attacker may be able to cause unexpected application termination or gain access to data without proper authentication Description: Multiple issues existed in PostgreSQL 9.2.4. These issues were addressed by updating PostgreSQL to 9.2.13. CVE-ID CVE-2014-0067 CVE-2014-8161 CVE-2015-0241 CVE-2015-0242 CVE-2015-0243 CVE-2015-0244
python Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in Python 2.7.6, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in Python versions prior to 2.7.6. These were addressed by updating Python to version 2.7.10. CVE-ID CVE-2013-7040 CVE-2013-7338 CVE-2014-1912 CVE-2014-7185 CVE-2014-9365
QL Office Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted Office document may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing of Office documents. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5773 : Apple
QL Office Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML file may lead to disclosure of user information Description: An external entity reference issue existed in XML file parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A.
Quartz Composer Framework Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing of QuickTime files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5771 : Apple
Quick Look Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Searching for a previously viewed website may launch the web browser and render that website Description: An issue existed where QuickLook had the capability to execute JavaScript. The issue was addressed by disallowing execution of JavaScript. CVE-ID CVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole
QuickTime 7 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3772 CVE-2015-3779 CVE-2015-5753 : Apple CVE-2015-5779 : Apple
QuickTime 7 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3765 : Joe Burnett of Audio Poison CVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-5751 : WalkerFuz
SceneKit Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Viewing a maliciously crafted Collada file may lead to arbitrary code execution Description: A heap buffer overflow existed in SceneKit's handling of Collada files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5772 : Apple
SceneKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in SceneKit. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3783 : Haris Andrianakis of Google Security Team
Security Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A standard user may be able to gain access to admin privileges without proper authentication Description: An issue existed in handling of user authentication. This issue was addressed through improved authentication checks. CVE-ID CVE-2015-3775 : [Eldon Ahrold]
SMBClient Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the SMB client. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3773 : Ilja van Sprundel
Speech UI Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted unicode string with speech alerts enabled may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in handling of Unicode strings. This issue was addressed by improved memory handling. CVE-ID CVE-2015-3794 : Adam Greenbaum of Refinitive
sudo Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in sudo versions prior to 1.7.10p9, the most serious of which may allow an attacker access to arbitrary files Description: Multiple vulnerabilities existed in sudo versions prior to 1.7.10p9. These were addressed by updating sudo to version 1.7.10p9. CVE-ID CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 CVE-2013-2777 CVE-2014-0106 CVE-2014-9680
tcpdump Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in tcpdump 4.7.3, the most serious of which may allow a remote attacker to cause a denial of service. Description: Multiple vulnerabilities existed in tcpdump versions prior to 4.7.3. These were addressed by updating tcpdump to version 4.7.3. CVE-ID CVE-2014-8767 CVE-2014-8769 CVE-2014-9140
Text Formats Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted text file may lead to disclosure of user information Description: An XML external entity reference issue existed with TextEdit parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team
udf Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3767 : beist of grayhash
OS X Yosemite v10.10.5 includes the security content of Safari 8.0.8: https://support.apple.com/en-us/HT205033
OS X Yosemite 10.10.5 and Security Update 2015-006 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIcBAEBCAAGBQJVzM3+AAoJEBcWfLTuOo7tx/YP/RTsUUx0UTk7rXj6AEcHmiR4 Y2xTUOXqRmxhieSbsGK9laKL5++lIzkGh5RC7oYag0+OgWtZz+EU/EtdoEJmGNJ6 +PgoEnizYdKhO1kos1KCHOwG6UFCqoeEm6Icm33nVUqWp7uAmhVRMRxtMJEScLSR 2LpsK0grIhFXtJGqu053TSKSCa1UTab8XWteZTT84uFGMSKbAFONj5CPIrR6+uev QpVTwrnskPDBOXJwGhjypvIBTbt2aa1wjCukOAWFHwf7Pma/QUdhKRkUK4vAb9/k fu2t2fBOvSMguJHRO+340NsQR9LvmdruBeAyNUH64srF1jtbAg0QnvZsPyO5aIyR A8WrzHl3oIc0II0y7VpI+3o0J3Nn03EcBPtIKeoeyznnjNziDm72HPI2d2+5ZSRz xjAd4Nmw+dgGq+UMkusIXgtRK4HcEpwzfImf3zqnKHakSncnFPhGKyNEgn8bK9a7 AeAvSqMXXsJg8weHUF2NLnAn/42k2wIE8d5BOLaIy13xz6MJn7VUI21pK0zCaGBF sfkRFZP0eEVh8ZzU/nWp9E5KDpbsd72biJwvjWH4OrmkfzUWxStQiVwPTxtZD9LW c5ZWe+vqZJV9eYRH2hAOMPaYkOQ5Z4DySNVVOFAG0eq9til8+V0k3L7ipIVd2XUB msu6gVP8uZhFYNb8byVJ =+0e/ -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201507-11
https://security.gentoo.org/
Severity: Normal Title: Perl: Denial of Service Date: July 10, 2015 Bugs: #216671 ID: 201507-11
Synopsis
A vulnerability in Perl allows a remote attacker to cause Denial of Service.
Background
Perl is a highly capable, feature-rich programming language.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-lang/perl < 5.20.1-r4 >= 5.20.1-r4
Description
S_regmatch() function lacks proper checks before passing arguments to atoi()
Impact
A remote attacker could send a specially crafted input, possibly resulting in a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Perl users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.20.1-r4"
References
[ 1 ] CVE-2013-7422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7422
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201507-11
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-2916-1 March 02, 2016
perl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in Perl.
Software Description: - perl: Practical Extraction and Report Language
Details:
It was discovered that Perl incorrectly handled certain regular expressions with an invalid backreference. (CVE-2013-7422)
Markus Vervier discovered that Perl incorrectly handled nesting in the Data::Dumper module. (CVE-2014-4330)
Stephane Chazelas discovered that Perl incorrectly handled duplicate environment variables. An attacker could possibly use this issue to bypass the taint protection mechanism. (CVE-2016-2381)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.10: perl 5.20.2-6ubuntu0.2
Ubuntu 14.04 LTS: perl 5.18.2-2ubuntu1.1
Ubuntu 12.04 LTS: perl 5.14.2-6ubuntu2.5
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2916-1 CVE-2013-7422, CVE-2014-4330, CVE-2016-2381
Package Information: https://launchpad.net/ubuntu/+source/perl/5.20.2-6ubuntu0.2 https://launchpad.net/ubuntu/+source/perl/5.18.2-2ubuntu1.1 https://launchpad.net/ubuntu/+source/perl/5.14.2-6ubuntu2.5
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201508-0153",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "perl",
"scope": "eq",
"trust": 1.6,
"vendor": "perl",
"version": "5.18.4"
},
{
"model": "mac os x",
"scope": "lte",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.4"
},
{
"model": "perl",
"scope": "lt",
"trust": 0.8,
"vendor": "the perl",
"version": "5.20"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10 to 10.10.4"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.19.4"
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.4"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.3"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.2"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.1"
},
{
"model": "mac os",
"scope": "eq",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10"
},
{
"model": "perl",
"scope": "ne",
"trust": 0.3,
"vendor": "perl",
"version": "5.19.5"
},
{
"model": "mac os",
"scope": "ne",
"trust": 0.3,
"vendor": "apple",
"version": "x10.10.5"
}
],
"sources": [
{
"db": "BID",
"id": "75704"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004258"
},
{
"db": "NVD",
"id": "CVE-2013-7422"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-675"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.10.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:perl:perl:5.18.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7422"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "andrewn [at] locus.net",
"sources": [
{
"db": "BID",
"id": "75704"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-675"
}
],
"trust": 0.9
},
"cve": "CVE-2013-7422",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2013-7422",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-67424",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2013-7422",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201507-675",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-67424",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67424"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004258"
},
{
"db": "NVD",
"id": "CVE-2013-7422"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-675"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression. Perl is prone to a denial-of-service vulnerability. \nSuccessful exploits will allow attackers to cause a denial-of-service condition. Apple OS X is a dedicated operating system developed by Apple for Mac computers. Perl is a free and powerful cross-platform programming language developed by American programmer Larry Wall. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update\n2015-006\n\nOS X Yosemite v10.10.5 and Security Update 2015-006 is now available\nand addresses the following:\n\napache\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact: Multiple vulnerabilities existed in Apache 2.4.16, the most\nserious of which may allow a remote attacker to cause a denial of\nservice. \nDescription: Multiple vulnerabilities existed in Apache versions\nprior to 2.4.16. These were addressed by updating Apache to version\n2.4.16. \nCVE-ID\nCVE-2014-3581\nCVE-2014-3583\nCVE-2014-8109\nCVE-2015-0228\nCVE-2015-0253\nCVE-2015-3183\nCVE-2015-3185\n\napache_mod_php\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact: Multiple vulnerabilities existed in PHP 5.5.20, the most\nserious of which may lead to arbitrary code execution. \nDescription: Multiple vulnerabilities existed in PHP versions prior\nto 5.5.20. These were addressed by updating Apache to version 5.5.27. \nCVE-ID\nCVE-2015-2783\nCVE-2015-2787\nCVE-2015-3307\nCVE-2015-3329\nCVE-2015-3330\nCVE-2015-4021\nCVE-2015-4022\nCVE-2015-4024\nCVE-2015-4025\nCVE-2015-4026\nCVE-2015-4147\nCVE-2015-4148\n\nApple ID OD Plug-in\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: A malicious application may be able change the password of a\nlocal user\nDescription: In some circumstances, a state management issue existed\nin password authentication. The issue was addressed through improved\nstate management. \nCVE-ID\nCVE-2015-3799 : an anonymous researcher working with HP\u0027s Zero Day\nInitiative\n\nAppleGraphicsControl\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An issue existed in AppleGraphicsControl which could\nhave led to the disclosure of kernel memory layout. This issue was\naddressed through improved bounds checking. \nCVE-ID\nCVE-2015-5768 : JieTao Yang of KeenTeam\n\nBluetooth\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue existed in\nIOBluetoothHCIController. This issue was addressed through improved\nmemory handling. \nCVE-ID\nCVE-2015-3779 : Teddy Reed of Facebook Security\n\nBluetooth\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A memory management issue could have led to the\ndisclosure of kernel memory layout. This issue was addressed with\nimproved memory management. \nCVE-ID\nCVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze\nNetworks\n\nBluetooth\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: A malicious app may be able to access notifications from\nother iCloud devices\nDescription: An issue existed where a malicious app could access a\nBluetooth-paired Mac or iOS device\u0027s Notification Center\nnotifications via the Apple Notification Center Service. The issue\naffected devices using Handoff and logged into the same iCloud\naccount. This issue was resolved by revoking access to the Apple\nNotification Center Service. \nCVE-ID\nCVE-2015-3786 : Xiaolong Bai (Tsinghua University), System Security\nLab (Indiana University), Tongxin Li (Peking University), XiaoFeng\nWang (Indiana University)\n\nBluetooth\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: An attacker with privileged network position may be able to\nperform denial of service attack using malformed Bluetooth packets\nDescription: An input validation issue existed in parsing of\nBluetooth ACL packets. This issue was addressed through improved\ninput validation. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-3777 : mitp0sh of [PDX]\n\nbootp\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: A malicious Wi-Fi network may be able to determine networks\na device has previously accessed\nDescription: Upon connecting to a Wi-Fi network, iOS may have\nbroadcast MAC addresses of previously accessed networks via the DNAv4\nprotocol. This issue was addressed through disabling DNAv4 on\nunencrypted Wi-Fi networks. \nCVE-ID\nCVE-2015-3778 : Piers O\u0027Hanlon of Oxford Internet Institute,\nUniversity of Oxford (on the EPSRC Being There project)\n\nCloudKit\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: A malicious application may be able to access the iCloud\nuser record of a previously signed in user\nDescription: A state inconsistency existed in CloudKit when signing\nout users. This issue was addressed through improved state handling. \nCVE-ID\nCVE-2015-3782 : Deepkanwal Plaha of University of Toronto\n\nCoreMedia Playback\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Memory corruption issues existed in CoreMedia Playback. \nThese were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5777 : Apple\nCVE-2015-5778 : Apple\n\nCoreText\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact: Processing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team\n\nCoreText\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: Processing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team\n\ncurl\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: Multiple vulnerabilities in cURL and libcurl prior to\n7.38.0, one of which may allow remote attackers to bypass the Same\nOrigin Policy. \nDescription: Multiple vulnerabilities existed in cURL and libcurl\nprior to 7.38.0. These issues were addressed by updating cURL to\nversion 7.43.0. \nCVE-ID\nCVE-2014-3613\nCVE-2014-3620\nCVE-2014-3707\nCVE-2014-8150\nCVE-2014-8151\nCVE-2015-3143\nCVE-2015-3144\nCVE-2015-3145\nCVE-2015-3148\nCVE-2015-3153\n\nData Detectors Engine\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: Processing a sequence of unicode characters can lead to an\nunexpected application termination or arbitrary code execution\nDescription: Memory corruption issues existed in processing of\nUnicode characters. These issues were addressed through improved\nmemory handling. \nCVE-ID\nCVE-2015-5750 : M1x7e1 of Safeye Team (www.safeye.org)\n\nDate \u0026 Time pref pane\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: Applications that rely on system time may have unexpected\nbehavior\nDescription: An authorization issue existed when modifying the\nsystem date and time preferences. This issue was addressed with\nadditional authorization checks. \nCVE-ID\nCVE-2015-3757 : Mark S C Smith\n\nDictionary Application\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: An attacker with a privileged network position may be able\nto intercept users\u0027 Dictionary app queries\nDescription: An issue existed in the Dictionary app, which did not\nproperly secure user communications. This issue was addressed by\nmoving Dictionary queries to HTTPS. \nCVE-ID\nCVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security\nTeam\n\nDiskImages\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: Processing a maliciously crafted DMG file may lead to an\nunexpected application termination or arbitrary code execution with\nsystem privileges\nDescription: A memory corruption issue existed in parsing of\nmalformed DMG images. This issue was addressed through improved\nmemory handling. \nCVE-ID\nCVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team\n\ndyld\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A path validation issue existed in dyld. This was\naddressed through improved environment sanitization. \nCVE-ID\nCVE-2015-3760 : beist of grayhash, Stefan Esser\n\nFontParser\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact: Processing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-3804 : Apple\nCVE-2015-5775 : Apple\n\nFontParser\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact: Processing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team\n\ngroff\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: Multiple issues in pdfroff\nDescription: Multiple issues existed in pdfroff, the most serious of\nwhich may allow arbitrary filesystem modification. These issues were\naddressed by removing pdfroff. \nCVE-ID\nCVE-2009-5044\nCVE-2009-5078\n\nImageIO\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: Processing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in the processing of\nTIFF images. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5758 : Apple\n\nImageIO\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: Visiting a maliciously crafted website may result in the\ndisclosure of process memory\nDescription: An uninitialized memory access issue existed in\nImageIO\u0027s handling of PNG and TIFF images. Visiting a malicious\nwebsite may result in sending data from process memory to the\nwebsite. This issue is addressed through improved memory\ninitialization and additional validation of PNG and TIFF images. \nCVE-ID\nCVE-2015-5781 : Michal Zalewski\nCVE-2015-5782 : Michal Zalewski\n\nInstall Framework Legacy\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: A malicious application may be able to execute arbitrary\ncode with root privileges\nDescription: An issue existed in how Install.framework\u0027s \u0027runner\u0027\nbinary dropped privileges. This issue was addressed through improved\nprivilege management. \nCVE-ID\nCVE-2015-5784 : Ian Beer of Google Project Zero\n\nInstall Framework Legacy\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A race condition existed in\nInstall.framework\u0027s \u0027runner\u0027 binary that resulted in\nprivileges being incorrectly dropped. This issue was addressed\nthrough improved object locking. \nCVE-ID\nCVE-2015-5754 : Ian Beer of Google Project Zero\n\nIOFireWireFamily\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: Memory corruption issues existed in IOFireWireFamily. \nThese issues were addressed through additional type input validation. \nCVE-ID\nCVE-2015-3769 : Ilja van Sprundel\nCVE-2015-3771 : Ilja van Sprundel\nCVE-2015-3772 : Ilja van Sprundel\n\nIOGraphics\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A memory corruption issue existed in IOGraphics. This\nissue was addressed through additional type input validation. \nCVE-ID\nCVE-2015-3770 : Ilja van Sprundel\nCVE-2015-5783 : Ilja van Sprundel\n\nIOHIDFamily\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A buffer overflow issue existed in IOHIDFamily. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5774 : TaiG Jailbreak Team\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An issue existed in the mach_port_space_info interface,\nwhich could have led to the disclosure of kernel memory layout. This\nwas addressed by disabling the mach_port_space_info interface. This issue was addressed through improved validation of\nIOKit API arguments. \nCVE-ID\nCVE-2015-3768 : Ilja van Sprundel\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: A local user may be able to cause a system denial of service\nDescription: A resource exhaustion issue existed in the fasttrap\ndriver. This was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5747 : Maxime VILLARD of m00nbsd\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: A local user may be able to cause a system denial of service\nDescription: A validation issue existed in the mounting of HFS\nvolumes. This was addressed by adding additional checks. \nCVE-ID\nCVE-2015-5748 : Maxime VILLARD of m00nbsd\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: A malicious application may be able to execute unsigned code\nDescription: An issue existed that allowed unsigned code to be\nappended to signed code in a specially crafted executable file. This\nissue was addressed through improved code signature validation. \nCVE-ID\nCVE-2015-3806 : TaiG Jailbreak Team\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: A specially crafted executable file could allow unsigned,\nmalicious code to execute\nDescription: An issue existed in the way multi-architecture\nexecutable files were evaluated that could have allowed unsigned code\nto be executed. This issue was addressed through improved validation\nof executable files. \nCVE-ID\nCVE-2015-3803 : TaiG Jailbreak Team\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: A local user may be able to execute unsigned code\nDescription: A validation issue existed in the handling of Mach-O\nfiles. This was addressed by adding additional checks. \nCVE-ID\nCVE-2015-3802 : TaiG Jailbreak Team\nCVE-2015-3805 : TaiG Jailbreak Team\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: Parsing a maliciously crafted plist may lead to an\nunexpected application termination or arbitrary code execution with\nsystem privileges\nDescription: A memory corruption existed in processing of malformed\nplists. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein\n(@jollyjinx) of Jinx Germany\n\nKernel\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A path validation issue existed. This was addressed\nthrough improved environment sanitization. \nThese were addressed through improved memory handling. \nCVE-ID\nCVE-2015-3796 : Ian Beer of Google Project Zero\nCVE-2015-3797 : Ian Beer of Google Project Zero\nCVE-2015-3798 : Ian Beer of Google Project Zero\n\nLibinfo\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact: A remote attacker may be able to cause unexpected\napplication termination or arbitrary code execution\nDescription: Memory corruption issues existed in handling AF_INET6\nsockets. These were addressed by improved memory handling. \nThis issue was addressed through improved lock state checking. \nCVE-ID\nCVE-2015-5757 : Lufeng Li of Qihoo 360\n\nlibxml2\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact: Multiple vulnerabilities existed in libxml2 versions prior\nto 2.9.2, the most serious of which may allow a remote attacker to\ncause a denial of service\nDescription: Multiple vulnerabilities existed in libxml2 versions\nprior to 2.9.2. These were addressed by updating libxml2 to version\n2.9.2. \nCVE-ID\nCVE-2012-6685 : Felix Groebert of Google\nCVE-2014-0191 : Felix Groebert of Google\n\nlibxml2\nAvailable for: OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact: Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription: A memory access issue existed in libxml2. This was\naddressed by improved memory handling\nCVE-ID\nCVE-2014-3660 : Felix Groebert of Google\n\nlibxml2\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact: Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription: A memory corruption issue existed in parsing of XML\nfiles. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-3807 : Apple\n\nlibxpc\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription: A memory corruption issue existed in handling of\nmalformed XPC messages. This issue was improved through improved\nbounds checking. \nCVE-ID\nCVE-2015-3795 : Mathew Rowley\n\nmail_cmds\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: A local user may be able to execute arbitrary shell commands\nDescription: A validation issue existed in the mailx parsing of\nemail addresses. This was addressed by improved sanitization. \nCVE-ID\nCVE-2014-7844\n\nNotification Center OSX\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: A malicious application may be able to access all\nnotifications previously displayed to users\nDescription: An issue existed in Notification Center, which did not\nproperly delete user notifications. This issue was addressed by\ncorrectly deleting notifications dismissed by users. \nCVE-ID\nCVE-2015-3764 : Jonathan Zdziarski\n\nntfs\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: A local user may be able to execute arbitrary code with\nsystem privileges\nDescription: A memory corruption issue existed in NTFS. This issue\nwas addressed through improved memory handling. \nCVE-ID\nCVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze\nNetworks\n\nOpenSSH\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: Remote attackers may be able to circumvent a time delay for\nfailed login attempts and conduct brute-force attacks\nDescription: An issue existed when processing keyboard-interactive\ndevices. This issue was addressed through improved authentication\nrequest validation. \nCVE-ID\nCVE-2015-5600\n\nOpenSSL\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact: Multiple vulnerabilities existed in OpenSSL versions prior\nto 0.9.8zg, the most serious of which may allow a remote attacker to\ncause a denial of service. \nDescription: Multiple vulnerabilities existed in OpenSSL versions\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\n0.9.8zg. This issue was addressed through improved\nmemory handling. \nCVE-ID\nCVE-2013-7422\n\nPostgreSQL\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact: An attacker may be able to cause unexpected application\ntermination or gain access to data without proper authentication\nDescription: Multiple issues existed in PostgreSQL 9.2.4. These\nissues were addressed by updating PostgreSQL to 9.2.13. \nCVE-ID\nCVE-2014-0067\nCVE-2014-8161\nCVE-2015-0241\nCVE-2015-0242\nCVE-2015-0243\nCVE-2015-0244\n\npython\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: Multiple vulnerabilities existed in Python 2.7.6, the most\nserious of which may lead to arbitrary code execution\nDescription: Multiple vulnerabilities existed in Python versions\nprior to 2.7.6. These were addressed by updating Python to version\n2.7.10. \nCVE-ID\nCVE-2013-7040\nCVE-2013-7338\nCVE-2014-1912\nCVE-2014-7185\nCVE-2014-9365\n\nQL Office\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact: Parsing a maliciously crafted Office document may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in parsing of Office\ndocuments. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5773 : Apple\n\nQL Office\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: Parsing a maliciously crafted XML file may lead to\ndisclosure of user information\nDescription: An external entity reference issue existed in XML file\nparsing. This issue was addressed through improved parsing. \nCVE-ID\nCVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. \n\nQuartz Composer Framework\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact: Parsing a maliciously crafted QuickTime file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: A memory corruption issue existed in parsing of\nQuickTime files. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5771 : Apple\n\nQuick Look\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: Searching for a previously viewed website may launch the web\nbrowser and render that website\nDescription: An issue existed where QuickLook had the capability to\nexecute JavaScript. The issue was addressed by disallowing execution\nof JavaScript. \nCVE-ID\nCVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole\n\nQuickTime 7\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact: Processing a maliciously crafted file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in QuickTime. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-3772\nCVE-2015-3779\nCVE-2015-5753 : Apple\nCVE-2015-5779 : Apple\n\nQuickTime 7\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact: Processing a maliciously crafted file may lead to an\nunexpected application termination or arbitrary code execution\nDescription: Multiple memory corruption issues existed in QuickTime. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-3765 : Joe Burnett of Audio Poison\nCVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos\nCVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos\nCVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos\nCVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos\nCVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos\nCVE-2015-5751 : WalkerFuz\n\nSceneKit\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: Viewing a maliciously crafted Collada file may lead to\narbitrary code execution\nDescription: A heap buffer overflow existed in SceneKit\u0027s handling\nof Collada files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5772 : Apple\n\nSceneKit\nAvailable for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact: A remote attacker may be able to cause unexpected\napplication termination or arbitrary code execution\nDescription: A memory corruption issue existed in SceneKit. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-3783 : Haris Andrianakis of Google Security Team\n\nSecurity\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: A standard user may be able to gain access to admin\nprivileges without proper authentication\nDescription: An issue existed in handling of user authentication. \nThis issue was addressed through improved authentication checks. \nCVE-ID\nCVE-2015-3775 : [Eldon Ahrold]\n\nSMBClient\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: A remote attacker may be able to cause unexpected\napplication termination or arbitrary code execution\nDescription: A memory corruption issue existed in the SMB client. \nThis issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-3773 : Ilja van Sprundel\n\nSpeech UI\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: Parsing a maliciously crafted unicode string with speech\nalerts enabled may lead to an unexpected application termination or\narbitrary code execution\nDescription: A memory corruption issue existed in handling of\nUnicode strings. This issue was addressed by improved memory\nhandling. \nCVE-ID\nCVE-2015-3794 : Adam Greenbaum of Refinitive\n\nsudo\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: Multiple vulnerabilities existed in sudo versions prior to\n1.7.10p9, the most serious of which may allow an attacker access to\narbitrary files\nDescription: Multiple vulnerabilities existed in sudo versions prior\nto 1.7.10p9. These were addressed by updating sudo to version\n1.7.10p9. \nCVE-ID\nCVE-2013-1775\nCVE-2013-1776\nCVE-2013-2776\nCVE-2013-2777\nCVE-2014-0106\nCVE-2014-9680\n\ntcpdump\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: Multiple vulnerabilities existed in tcpdump 4.7.3, the most\nserious of which may allow a remote attacker to cause a denial of\nservice. \nDescription: Multiple vulnerabilities existed in tcpdump versions\nprior to 4.7.3. These were addressed by updating tcpdump to version\n4.7.3. \nCVE-ID\nCVE-2014-8767\nCVE-2014-8769\nCVE-2014-9140\n\nText Formats\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: Parsing a maliciously crafted text file may lead to\ndisclosure of user information\nDescription: An XML external entity reference issue existed with\nTextEdit parsing. This issue was addressed through improved parsing. \nCVE-ID\nCVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team\n\nudf\nAvailable for: OS X Yosemite v10.10 to v10.10.4\nImpact: Processing a maliciously crafted DMG file may lead to an\nunexpected application termination or arbitrary code execution with\nsystem privileges\nDescription: A memory corruption issue existed in parsing of\nmalformed DMG images. This issue was addressed through improved\nmemory handling. \nCVE-ID\nCVE-2015-3767 : beist of grayhash\n\nOS X Yosemite v10.10.5 includes the security content of Safari 8.0.8:\nhttps://support.apple.com/en-us/HT205033\n\nOS X Yosemite 10.10.5 and Security Update 2015-006 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n\n\n-----BEGIN PGP SIGNATURE-----\n\niQIcBAEBCAAGBQJVzM3+AAoJEBcWfLTuOo7tx/YP/RTsUUx0UTk7rXj6AEcHmiR4\nY2xTUOXqRmxhieSbsGK9laKL5++lIzkGh5RC7oYag0+OgWtZz+EU/EtdoEJmGNJ6\n+PgoEnizYdKhO1kos1KCHOwG6UFCqoeEm6Icm33nVUqWp7uAmhVRMRxtMJEScLSR\n2LpsK0grIhFXtJGqu053TSKSCa1UTab8XWteZTT84uFGMSKbAFONj5CPIrR6+uev\nQpVTwrnskPDBOXJwGhjypvIBTbt2aa1wjCukOAWFHwf7Pma/QUdhKRkUK4vAb9/k\nfu2t2fBOvSMguJHRO+340NsQR9LvmdruBeAyNUH64srF1jtbAg0QnvZsPyO5aIyR\nA8WrzHl3oIc0II0y7VpI+3o0J3Nn03EcBPtIKeoeyznnjNziDm72HPI2d2+5ZSRz\nxjAd4Nmw+dgGq+UMkusIXgtRK4HcEpwzfImf3zqnKHakSncnFPhGKyNEgn8bK9a7\nAeAvSqMXXsJg8weHUF2NLnAn/42k2wIE8d5BOLaIy13xz6MJn7VUI21pK0zCaGBF\nsfkRFZP0eEVh8ZzU/nWp9E5KDpbsd72biJwvjWH4OrmkfzUWxStQiVwPTxtZD9LW\nc5ZWe+vqZJV9eYRH2hAOMPaYkOQ5Z4DySNVVOFAG0eq9til8+V0k3L7ipIVd2XUB\nmsu6gVP8uZhFYNb8byVJ\n=+0e/\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201507-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Perl: Denial of Service\n Date: July 10, 2015\n Bugs: #216671\n ID: 201507-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability in Perl allows a remote attacker to cause Denial of\nService. \n\nBackground\n==========\n\nPerl is a highly capable, feature-rich programming language. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-lang/perl \u003c 5.20.1-r4 \u003e= 5.20.1-r4 \n\nDescription\n===========\n\nS_regmatch() function lacks proper checks before passing arguments to\natoi()\n\nImpact\n======\n\nA remote attacker could send a specially crafted input, possibly\nresulting in a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Perl users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-lang/perl-5.20.1-r4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-7422\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7422\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201507-11\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ============================================================================\nUbuntu Security Notice USN-2916-1\nMarch 02, 2016\n\nperl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Perl. \n\nSoftware Description:\n- perl: Practical Extraction and Report Language\n\nDetails:\n\nIt was discovered that Perl incorrectly handled certain regular expressions\nwith an invalid backreference. (CVE-2013-7422)\n\nMarkus Vervier discovered that Perl incorrectly handled nesting in the\nData::Dumper module. (CVE-2014-4330)\n\nStephane Chazelas discovered that Perl incorrectly handled duplicate\nenvironment variables. An attacker could possibly use this issue to bypass\nthe taint protection mechanism. (CVE-2016-2381)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n perl 5.20.2-6ubuntu0.2\n\nUbuntu 14.04 LTS:\n perl 5.18.2-2ubuntu1.1\n\nUbuntu 12.04 LTS:\n perl 5.14.2-6ubuntu2.5\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2916-1\n CVE-2013-7422, CVE-2014-4330, CVE-2016-2381\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/perl/5.20.2-6ubuntu0.2\n https://launchpad.net/ubuntu/+source/perl/5.18.2-2ubuntu1.1\n https://launchpad.net/ubuntu/+source/perl/5.14.2-6ubuntu2.5\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-7422"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004258"
},
{
"db": "BID",
"id": "75704"
},
{
"db": "VULHUB",
"id": "VHN-67424"
},
{
"db": "PACKETSTORM",
"id": "133079"
},
{
"db": "PACKETSTORM",
"id": "132639"
},
{
"db": "PACKETSTORM",
"id": "136050"
}
],
"trust": 2.25
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-67424",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67424"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-7422",
"trust": 3.1
},
{
"db": "BID",
"id": "75704",
"trust": 2.0
},
{
"db": "JVN",
"id": "JVNVU94440136",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004258",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201507-675",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "132639",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "136050",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-67424",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133079",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67424"
},
{
"db": "BID",
"id": "75704"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004258"
},
{
"db": "PACKETSTORM",
"id": "133079"
},
{
"db": "PACKETSTORM",
"id": "132639"
},
{
"db": "PACKETSTORM",
"id": "136050"
},
{
"db": "NVD",
"id": "CVE-2013-7422"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-675"
}
]
},
"id": "VAR-201508-0153",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-67424"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:41:02.829000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple security updates",
"trust": 0.8,
"url": "https://support.apple.com/en-us/ht201222"
},
{
"title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "http://support.apple.com/en-us/ht205031"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "http://support.apple.com/ja-jp/ht205031"
},
{
"title": "[perl #119505] Segfault from bad backreference",
"trust": 0.8,
"url": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004258"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-189",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67424"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004258"
},
{
"db": "NVD",
"id": "CVE-2013-7422"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/75704"
},
{
"trust": 1.7,
"url": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06"
},
{
"trust": 1.7,
"url": "https://support.apple.com/kb/ht205031"
},
{
"trust": 1.2,
"url": "https://security.gentoo.org/glsa/201507-11"
},
{
"trust": 1.2,
"url": "http://www.ubuntu.com/usn/usn-2916-1"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7422"
},
{
"trust": 0.8,
"url": "http://jvn.jp/vu/jvnvu94440136/index.html"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7422"
},
{
"trust": 0.3,
"url": "www.perl.org"
},
{
"trust": 0.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7422"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8109"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1775"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3583"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3613"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7185"
},
{
"trust": 0.1,
"url": "https://support.apple.com/en-us/ht205033"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8161"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2776"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8767"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-5044"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3620"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-2777"
},
{
"trust": 0.1,
"url": "http://www.apple.com/support/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3581"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-7844"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0106"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-1776"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8769"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7338"
},
{
"trust": 0.1,
"url": "https://www.safeye.org)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3707"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0191"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-0067"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2009-5078"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-7040"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2012-6685"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8150"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-8151"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-3660"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-1912"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-7422"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/perl/5.20.2-6ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/perl/5.14.2-6ubuntu2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-2381"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/perl/5.18.2-2ubuntu1.1"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2014-4330"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-67424"
},
{
"db": "BID",
"id": "75704"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004258"
},
{
"db": "PACKETSTORM",
"id": "133079"
},
{
"db": "PACKETSTORM",
"id": "132639"
},
{
"db": "PACKETSTORM",
"id": "136050"
},
{
"db": "NVD",
"id": "CVE-2013-7422"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-675"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-67424"
},
{
"db": "BID",
"id": "75704"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-004258"
},
{
"db": "PACKETSTORM",
"id": "133079"
},
{
"db": "PACKETSTORM",
"id": "132639"
},
{
"db": "PACKETSTORM",
"id": "136050"
},
{
"db": "NVD",
"id": "CVE-2013-7422"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-675"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-08-16T00:00:00",
"db": "VULHUB",
"id": "VHN-67424"
},
{
"date": "2015-01-29T00:00:00",
"db": "BID",
"id": "75704"
},
{
"date": "2015-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004258"
},
{
"date": "2015-08-13T22:15:27",
"db": "PACKETSTORM",
"id": "133079"
},
{
"date": "2015-07-10T15:43:30",
"db": "PACKETSTORM",
"id": "132639"
},
{
"date": "2016-03-03T00:58:09",
"db": "PACKETSTORM",
"id": "136050"
},
{
"date": "2015-08-16T23:59:00.097000",
"db": "NVD",
"id": "CVE-2013-7422"
},
{
"date": "2015-01-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-675"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2016-12-22T00:00:00",
"db": "VULHUB",
"id": "VHN-67424"
},
{
"date": "2015-11-03T19:02:00",
"db": "BID",
"id": "75704"
},
{
"date": "2015-08-21T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-004258"
},
{
"date": "2016-12-22T02:59:04.577000",
"db": "NVD",
"id": "CVE-2013-7422"
},
{
"date": "2015-08-17T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201507-675"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "132639"
},
{
"db": "CNNVD",
"id": "CNNVD-201507-675"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple OS X Used in products such as Perl of regcomp.c Integer underflow vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-004258"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "digital error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201507-675"
}
],
"trust": 0.6
}
}
var-202006-1806
Vulnerability from variot
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. A security vulnerability exists in the regcomp.c file in versions prior to Perl 5.30.3. An attacker could exploit this vulnerability to cause a denial of service or potentially execute code.
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in.
Bug fix:
-
RHACM 2.0.8 images (BZ #1915461)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1915461 - RHACM 2.0.8 images 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
-
Improved analytics collection to collect the playbook status for all hosts in a playbook run
-
Description:
Security Fix(es):
- Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253
- Upgraded to a more recent version of Django to address CVE-2021-3281.
- Upgraded to a more recent version of autobahn to address CVE-2020-35678.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Upgraded to the latest oVirt inventory plugin to resolve a number of inventory syncing issues that can occur on RHEL7.
- Upgraded to the latest theforeman.foreman inventory plugin to resolve a few bugs and performance regressions.
- Fixed several issues related to how Tower rotates its log files.
- Fixed a bug which can prevent Tower from installing on RHEL8 with certain non-en_US.UTF-8 locales.
- Fixed a bug which can cause unanticipated delays in certain playbook output.
- Fixed a bug which can cause job runs to fail for playbooks that print certain types of raw binary data.
- Fixed a bug which can cause unnecessary records in the Activity Stream when Automation Analytics data is collected.
- Fixed a bug which can cause Tower PostgreSQL backups to fail when a non-default PostgreSQL username is specified.
- Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches.
- Fixed a bug which can cause certain long-running jobs running on isolated nodes to unexpectedly fail. Solution:
For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html
- Bugs fixed (https://bugzilla.redhat.com/):
1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1919969 - CVE-2021-3281 django: Potential directory-traversal via archive.extract() 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape
- It includes built-in features to help in building a more successful API program, including access control, rate limits, payment gateway integration, and developer experience tools. Bugs fixed (https://bugzilla.redhat.com/):
1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash
-
7.4) - noarch, x86_64
-
8) - aarch64, noarch, ppc64le, s390x, x86_64
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: perl security update Advisory ID: RHSA-2021:0883-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0883 Issue date: 2021-03-16 CVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 ==================================================================== 1. Summary:
An update for perl is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x
- Description:
Perl is a high-level programming language that is commonly used for system administration utilities and web programming.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.6):
Source: perl-5.16.3-294.el7_6.1.src.rpm
noarch: perl-CPAN-1.9800-294.el7_6.1.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.1.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.1.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.1.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.1.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.1.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.1.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.1.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.1.noarch.rpm perl-Package-Constants-0.02-294.el7_6.1.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.1.noarch.rpm
x86_64: perl-5.16.3-294.el7_6.1.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.1.x86_64.rpm perl-core-5.16.3-294.el7_6.1.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.1.i686.rpm perl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm perl-devel-5.16.3-294.el7_6.1.i686.rpm perl-devel-5.16.3-294.el7_6.1.x86_64.rpm perl-libs-5.16.3-294.el7_6.1.i686.rpm perl-libs-5.16.3-294.el7_6.1.x86_64.rpm perl-macros-5.16.3-294.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6):
x86_64: perl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm perl-tests-5.16.3-294.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: perl-5.16.3-294.el7_6.1.src.rpm
noarch: perl-CPAN-1.9800-294.el7_6.1.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.1.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.1.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.1.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.1.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.1.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.1.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.1.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.1.noarch.rpm perl-Package-Constants-0.02-294.el7_6.1.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.1.noarch.rpm
ppc64: perl-5.16.3-294.el7_6.1.ppc64.rpm perl-Time-Piece-1.20.1-294.el7_6.1.ppc64.rpm perl-core-5.16.3-294.el7_6.1.ppc64.rpm perl-debuginfo-5.16.3-294.el7_6.1.ppc.rpm perl-debuginfo-5.16.3-294.el7_6.1.ppc64.rpm perl-devel-5.16.3-294.el7_6.1.ppc.rpm perl-devel-5.16.3-294.el7_6.1.ppc64.rpm perl-libs-5.16.3-294.el7_6.1.ppc.rpm perl-libs-5.16.3-294.el7_6.1.ppc64.rpm perl-macros-5.16.3-294.el7_6.1.ppc64.rpm
ppc64le: perl-5.16.3-294.el7_6.1.ppc64le.rpm perl-Time-Piece-1.20.1-294.el7_6.1.ppc64le.rpm perl-core-5.16.3-294.el7_6.1.ppc64le.rpm perl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm perl-devel-5.16.3-294.el7_6.1.ppc64le.rpm perl-libs-5.16.3-294.el7_6.1.ppc64le.rpm perl-macros-5.16.3-294.el7_6.1.ppc64le.rpm
s390x: perl-5.16.3-294.el7_6.1.s390x.rpm perl-Time-Piece-1.20.1-294.el7_6.1.s390x.rpm perl-core-5.16.3-294.el7_6.1.s390x.rpm perl-debuginfo-5.16.3-294.el7_6.1.s390.rpm perl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm perl-devel-5.16.3-294.el7_6.1.s390.rpm perl-devel-5.16.3-294.el7_6.1.s390x.rpm perl-libs-5.16.3-294.el7_6.1.s390.rpm perl-libs-5.16.3-294.el7_6.1.s390x.rpm perl-macros-5.16.3-294.el7_6.1.s390x.rpm
x86_64: perl-5.16.3-294.el7_6.1.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_6.1.x86_64.rpm perl-core-5.16.3-294.el7_6.1.x86_64.rpm perl-debuginfo-5.16.3-294.el7_6.1.i686.rpm perl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm perl-devel-5.16.3-294.el7_6.1.i686.rpm perl-devel-5.16.3-294.el7_6.1.x86_64.rpm perl-libs-5.16.3-294.el7_6.1.i686.rpm perl-libs-5.16.3-294.el7_6.1.x86_64.rpm perl-macros-5.16.3-294.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source: perl-5.16.3-294.el7_6.1.src.rpm
aarch64: perl-5.16.3-294.el7_6.1.aarch64.rpm perl-Time-Piece-1.20.1-294.el7_6.1.aarch64.rpm perl-core-5.16.3-294.el7_6.1.aarch64.rpm perl-debuginfo-5.16.3-294.el7_6.1.aarch64.rpm perl-devel-5.16.3-294.el7_6.1.aarch64.rpm perl-libs-5.16.3-294.el7_6.1.aarch64.rpm perl-macros-5.16.3-294.el7_6.1.aarch64.rpm
noarch: perl-CPAN-1.9800-294.el7_6.1.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.1.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_6.1.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_6.1.noarch.rpm perl-IO-Zlib-1.10-294.el7_6.1.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_6.1.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_6.1.noarch.rpm perl-Module-Loaded-0.08-294.el7_6.1.noarch.rpm perl-Object-Accessor-0.42-294.el7_6.1.noarch.rpm perl-Package-Constants-0.02-294.el7_6.1.noarch.rpm perl-Pod-Escapes-1.04-294.el7_6.1.noarch.rpm
ppc64le: perl-5.16.3-294.el7_6.1.ppc64le.rpm perl-Time-Piece-1.20.1-294.el7_6.1.ppc64le.rpm perl-core-5.16.3-294.el7_6.1.ppc64le.rpm perl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm perl-devel-5.16.3-294.el7_6.1.ppc64le.rpm perl-libs-5.16.3-294.el7_6.1.ppc64le.rpm perl-macros-5.16.3-294.el7_6.1.ppc64le.rpm
s390x: perl-5.16.3-294.el7_6.1.s390x.rpm perl-Time-Piece-1.20.1-294.el7_6.1.s390x.rpm perl-core-5.16.3-294.el7_6.1.s390x.rpm perl-debuginfo-5.16.3-294.el7_6.1.s390.rpm perl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm perl-devel-5.16.3-294.el7_6.1.s390.rpm perl-devel-5.16.3-294.el7_6.1.s390x.rpm perl-libs-5.16.3-294.el7_6.1.s390.rpm perl-libs-5.16.3-294.el7_6.1.s390x.rpm perl-macros-5.16.3-294.el7_6.1.s390x.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 7.6):
ppc64: perl-debuginfo-5.16.3-294.el7_6.1.ppc64.rpm perl-tests-5.16.3-294.el7_6.1.ppc64.rpm
ppc64le: perl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm perl-tests-5.16.3-294.el7_6.1.ppc64le.rpm
s390x: perl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm perl-tests-5.16.3-294.el7_6.1.s390x.rpm
x86_64: perl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm perl-tests-5.16.3-294.el7_6.1.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
aarch64: perl-debuginfo-5.16.3-294.el7_6.1.aarch64.rpm perl-tests-5.16.3-294.el7_6.1.aarch64.rpm
ppc64le: perl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm perl-tests-5.16.3-294.el7_6.1.ppc64le.rpm
s390x: perl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm perl-tests-5.16.3-294.el7_6.1.s390x.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-12723 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYFDHuNzjgjWX9erEAQhhNA/9GQIs+FbNQuFMBT9C+/U2BUo/umK4rSk4 Je72FDg879OTTVSXCEsyWVJc+rgh5tvEMaN/89LXmJdOFngSjN9FBK3LFOMONOgD mhr9atQAGvJyUv9pzuKLAxd4fPab365w5OeID7GFcpWKV+EoutUkr+imnkLk1jQ5 eEzk8RFk0s6ZaAg/bpxWDbeAM1rGk6XQ+eZ0mOZjqiP3qb8nCVhg6kWChcxQMsJs 5MGzXQduqmFViwIgRJ1BiRTjg8iOLQ8kPwh8DRYKKArIkNoFQeMpNGQurYWZ32mg pgLo2/anveDKgr5AhphpNC/UveyFlVc7FrvSyB4pzf11h2EJ1eXcts56fXgmOYRX UOSFI0tzFlM+TrGicY9QpVlWZaO6TFdOAog2eZjUB5iFrK+Zha//vsqXlsceFBjw j/DHO3oeV1RP353Ukg2fi4Jusrw94wfPJd++q5PiS/gI2q5MsvN4gBE7pR/jgI9I 95p20J86uiuvYHp12nMvtOYXaTGB1VZOYjEeofRnWFMR1LstC7z1KKldUS6Mxrxq A1kGH2yGx1qwrVfS9D0NeqrTrO/Tht01K0O5S13iidHm+Jg/Gv7xqvU0Ph3KVFiZ 0LTEUZ09XX5/pCzbawmb0Tyy86M97o7RIvJVdqWQXR1GNP6KrFYjDmMuAVNAc3iZ rPmCgN8s+cI=aYxA -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1806",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.2.0"
},
{
"model": "configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.2.0.8"
},
{
"model": "communications performance intelligence center",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.0.0.0"
},
{
"model": "communications eagle application processor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "perl",
"scope": "lt",
"trust": 1.0,
"vendor": "perl",
"version": "5.30.3"
},
{
"model": "communications performance intelligence center",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.0.2.1"
},
{
"model": "tekelec platform distribution",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.7.1"
},
{
"model": "communications performance intelligence center",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.0.1.0"
},
{
"model": "tekelec platform distribution",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications lsms",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "communications eagle application processor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.4.0"
},
{
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "communications performance intelligence center",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.0.3.1"
},
{
"model": "communications lsms",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "communications offline mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "snap creator framework",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.8,
"vendor": "the perl",
"version": "5.30.3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006179"
},
{
"db": "NVD",
"id": "CVE-2020-12723"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.30.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.7.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.4",
"versionStartIncluding": "13.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.4.0",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.4.0.3.1",
"versionStartIncluding": "10.4.0.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.3.0.2.1",
"versionStartIncluding": "10.3.0.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12723"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "161656"
},
{
"db": "PACKETSTORM",
"id": "161726"
},
{
"db": "PACKETSTORM",
"id": "161728"
},
{
"db": "PACKETSTORM",
"id": "162130"
},
{
"db": "PACKETSTORM",
"id": "162245"
},
{
"db": "PACKETSTORM",
"id": "161437"
},
{
"db": "PACKETSTORM",
"id": "161843"
}
],
"trust": 0.7
},
"cve": "CVE-2020-12723",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 5.0,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-006179",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-165430",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-12723",
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "JVNDB-2020-006179",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-12723",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006179",
"trust": 0.8,
"value": "High"
},
{
"author": "VULHUB",
"id": "VHN-165430",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-12723",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165430"
},
{
"db": "VULMON",
"id": "CVE-2020-12723"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006179"
},
{
"db": "NVD",
"id": "CVE-2020-12723"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. A security vulnerability exists in the regcomp.c file in versions prior to Perl 5.30.3. An attacker could exploit this vulnerability to cause a denial of service or potentially execute code. \n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in. \n\nBug fix:\n\n* RHACM 2.0.8 images (BZ #1915461)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1915461 - RHACM 2.0.8 images\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n\n5. \n* Improved analytics collection to collect the playbook status for all\nhosts in a playbook run\n\n3. Description:\n\nSecurity Fix(es):\n\n* Addressed a security issue which can allow a malicious playbook author to\nelevate to the awx user from outside the isolated environment:\nCVE-2021-20253\n* Upgraded to a more recent version of Django to address CVE-2021-3281. \n* Upgraded to a more recent version of autobahn to address CVE-2020-35678. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Upgraded to the latest oVirt inventory plugin to resolve a number of\ninventory syncing issues that can occur on RHEL7. \n* Upgraded to the latest theforeman.foreman inventory plugin to resolve a\nfew bugs and performance regressions. \n* Fixed several issues related to how Tower rotates its log files. \n* Fixed a bug which can prevent Tower from installing on RHEL8 with certain\nnon-en_US.UTF-8 locales. \n* Fixed a bug which can cause unanticipated delays in certain playbook\noutput. \n* Fixed a bug which can cause job runs to fail for playbooks that print\ncertain types of raw binary data. \n* Fixed a bug which can cause unnecessary records in the Activity Stream\nwhen Automation Analytics data is collected. \n* Fixed a bug which can cause Tower PostgreSQL backups to fail when a\nnon-default PostgreSQL username is specified. \n* Fixed a bug which can intermittently cause access to encrypted Tower\nsettings to fail, resulting in failed job launches. \n* Fixed a bug which can cause certain long-running jobs running on isolated\nnodes to unexpectedly fail. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection\n1919969 - CVE-2021-3281 django: Potential directory-traversal via archive.extract()\n1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape\n\n5. It includes built-in features to\nhelp in building a more successful API program, including access control,\nrate limits, payment gateway integration, and developer experience tools. Bugs fixed (https://bugzilla.redhat.com/):\n\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n\n5. 7.4) - noarch, x86_64\n\n3. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: perl security update\nAdvisory ID: RHSA-2021:0883-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0883\nIssue date: 2021-03-16\nCVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723\n====================================================================\n1. Summary:\n\nAn update for perl is now available for Red Hat Enterprise Linux 7.6\nExtended Update Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.6) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 7.6) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, noarch, ppc64le, s390x\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x\n\n3. Description:\n\nPerl is a high-level programming language that is commonly used for system\nadministration utilities and web programming. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.6):\n\nSource:\nperl-5.16.3-294.el7_6.1.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-294.el7_6.1.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.1.noarch.rpm\nperl-ExtUtils-Embed-1.30-294.el7_6.1.noarch.rpm\nperl-ExtUtils-Install-1.58-294.el7_6.1.noarch.rpm\nperl-IO-Zlib-1.10-294.el7_6.1.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-294.el7_6.1.noarch.rpm\nperl-Module-CoreList-2.76.02-294.el7_6.1.noarch.rpm\nperl-Module-Loaded-0.08-294.el7_6.1.noarch.rpm\nperl-Object-Accessor-0.42-294.el7_6.1.noarch.rpm\nperl-Package-Constants-0.02-294.el7_6.1.noarch.rpm\nperl-Pod-Escapes-1.04-294.el7_6.1.noarch.rpm\n\nx86_64:\nperl-5.16.3-294.el7_6.1.x86_64.rpm\nperl-Time-Piece-1.20.1-294.el7_6.1.x86_64.rpm\nperl-core-5.16.3-294.el7_6.1.x86_64.rpm\nperl-debuginfo-5.16.3-294.el7_6.1.i686.rpm\nperl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm\nperl-devel-5.16.3-294.el7_6.1.i686.rpm\nperl-devel-5.16.3-294.el7_6.1.x86_64.rpm\nperl-libs-5.16.3-294.el7_6.1.i686.rpm\nperl-libs-5.16.3-294.el7_6.1.x86_64.rpm\nperl-macros-5.16.3-294.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6):\n\nx86_64:\nperl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm\nperl-tests-5.16.3-294.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nperl-5.16.3-294.el7_6.1.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-294.el7_6.1.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.1.noarch.rpm\nperl-ExtUtils-Embed-1.30-294.el7_6.1.noarch.rpm\nperl-ExtUtils-Install-1.58-294.el7_6.1.noarch.rpm\nperl-IO-Zlib-1.10-294.el7_6.1.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-294.el7_6.1.noarch.rpm\nperl-Module-CoreList-2.76.02-294.el7_6.1.noarch.rpm\nperl-Module-Loaded-0.08-294.el7_6.1.noarch.rpm\nperl-Object-Accessor-0.42-294.el7_6.1.noarch.rpm\nperl-Package-Constants-0.02-294.el7_6.1.noarch.rpm\nperl-Pod-Escapes-1.04-294.el7_6.1.noarch.rpm\n\nppc64:\nperl-5.16.3-294.el7_6.1.ppc64.rpm\nperl-Time-Piece-1.20.1-294.el7_6.1.ppc64.rpm\nperl-core-5.16.3-294.el7_6.1.ppc64.rpm\nperl-debuginfo-5.16.3-294.el7_6.1.ppc.rpm\nperl-debuginfo-5.16.3-294.el7_6.1.ppc64.rpm\nperl-devel-5.16.3-294.el7_6.1.ppc.rpm\nperl-devel-5.16.3-294.el7_6.1.ppc64.rpm\nperl-libs-5.16.3-294.el7_6.1.ppc.rpm\nperl-libs-5.16.3-294.el7_6.1.ppc64.rpm\nperl-macros-5.16.3-294.el7_6.1.ppc64.rpm\n\nppc64le:\nperl-5.16.3-294.el7_6.1.ppc64le.rpm\nperl-Time-Piece-1.20.1-294.el7_6.1.ppc64le.rpm\nperl-core-5.16.3-294.el7_6.1.ppc64le.rpm\nperl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm\nperl-devel-5.16.3-294.el7_6.1.ppc64le.rpm\nperl-libs-5.16.3-294.el7_6.1.ppc64le.rpm\nperl-macros-5.16.3-294.el7_6.1.ppc64le.rpm\n\ns390x:\nperl-5.16.3-294.el7_6.1.s390x.rpm\nperl-Time-Piece-1.20.1-294.el7_6.1.s390x.rpm\nperl-core-5.16.3-294.el7_6.1.s390x.rpm\nperl-debuginfo-5.16.3-294.el7_6.1.s390.rpm\nperl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm\nperl-devel-5.16.3-294.el7_6.1.s390.rpm\nperl-devel-5.16.3-294.el7_6.1.s390x.rpm\nperl-libs-5.16.3-294.el7_6.1.s390.rpm\nperl-libs-5.16.3-294.el7_6.1.s390x.rpm\nperl-macros-5.16.3-294.el7_6.1.s390x.rpm\n\nx86_64:\nperl-5.16.3-294.el7_6.1.x86_64.rpm\nperl-Time-Piece-1.20.1-294.el7_6.1.x86_64.rpm\nperl-core-5.16.3-294.el7_6.1.x86_64.rpm\nperl-debuginfo-5.16.3-294.el7_6.1.i686.rpm\nperl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm\nperl-devel-5.16.3-294.el7_6.1.i686.rpm\nperl-devel-5.16.3-294.el7_6.1.x86_64.rpm\nperl-libs-5.16.3-294.el7_6.1.i686.rpm\nperl-libs-5.16.3-294.el7_6.1.x86_64.rpm\nperl-macros-5.16.3-294.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):\n\nSource:\nperl-5.16.3-294.el7_6.1.src.rpm\n\naarch64:\nperl-5.16.3-294.el7_6.1.aarch64.rpm\nperl-Time-Piece-1.20.1-294.el7_6.1.aarch64.rpm\nperl-core-5.16.3-294.el7_6.1.aarch64.rpm\nperl-debuginfo-5.16.3-294.el7_6.1.aarch64.rpm\nperl-devel-5.16.3-294.el7_6.1.aarch64.rpm\nperl-libs-5.16.3-294.el7_6.1.aarch64.rpm\nperl-macros-5.16.3-294.el7_6.1.aarch64.rpm\n\nnoarch:\nperl-CPAN-1.9800-294.el7_6.1.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-294.el7_6.1.noarch.rpm\nperl-ExtUtils-Embed-1.30-294.el7_6.1.noarch.rpm\nperl-ExtUtils-Install-1.58-294.el7_6.1.noarch.rpm\nperl-IO-Zlib-1.10-294.el7_6.1.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-294.el7_6.1.noarch.rpm\nperl-Module-CoreList-2.76.02-294.el7_6.1.noarch.rpm\nperl-Module-Loaded-0.08-294.el7_6.1.noarch.rpm\nperl-Object-Accessor-0.42-294.el7_6.1.noarch.rpm\nperl-Package-Constants-0.02-294.el7_6.1.noarch.rpm\nperl-Pod-Escapes-1.04-294.el7_6.1.noarch.rpm\n\nppc64le:\nperl-5.16.3-294.el7_6.1.ppc64le.rpm\nperl-Time-Piece-1.20.1-294.el7_6.1.ppc64le.rpm\nperl-core-5.16.3-294.el7_6.1.ppc64le.rpm\nperl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm\nperl-devel-5.16.3-294.el7_6.1.ppc64le.rpm\nperl-libs-5.16.3-294.el7_6.1.ppc64le.rpm\nperl-macros-5.16.3-294.el7_6.1.ppc64le.rpm\n\ns390x:\nperl-5.16.3-294.el7_6.1.s390x.rpm\nperl-Time-Piece-1.20.1-294.el7_6.1.s390x.rpm\nperl-core-5.16.3-294.el7_6.1.s390x.rpm\nperl-debuginfo-5.16.3-294.el7_6.1.s390.rpm\nperl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm\nperl-devel-5.16.3-294.el7_6.1.s390.rpm\nperl-devel-5.16.3-294.el7_6.1.s390x.rpm\nperl-libs-5.16.3-294.el7_6.1.s390.rpm\nperl-libs-5.16.3-294.el7_6.1.s390x.rpm\nperl-macros-5.16.3-294.el7_6.1.s390x.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 7.6):\n\nppc64:\nperl-debuginfo-5.16.3-294.el7_6.1.ppc64.rpm\nperl-tests-5.16.3-294.el7_6.1.ppc64.rpm\n\nppc64le:\nperl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm\nperl-tests-5.16.3-294.el7_6.1.ppc64le.rpm\n\ns390x:\nperl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm\nperl-tests-5.16.3-294.el7_6.1.s390x.rpm\n\nx86_64:\nperl-debuginfo-5.16.3-294.el7_6.1.x86_64.rpm\nperl-tests-5.16.3-294.el7_6.1.x86_64.rpm\n\nRed Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):\n\naarch64:\nperl-debuginfo-5.16.3-294.el7_6.1.aarch64.rpm\nperl-tests-5.16.3-294.el7_6.1.aarch64.rpm\n\nppc64le:\nperl-debuginfo-5.16.3-294.el7_6.1.ppc64le.rpm\nperl-tests-5.16.3-294.el7_6.1.ppc64le.rpm\n\ns390x:\nperl-debuginfo-5.16.3-294.el7_6.1.s390x.rpm\nperl-tests-5.16.3-294.el7_6.1.s390x.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-10543\nhttps://access.redhat.com/security/cve/CVE-2020-10878\nhttps://access.redhat.com/security/cve/CVE-2020-12723\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYFDHuNzjgjWX9erEAQhhNA/9GQIs+FbNQuFMBT9C+/U2BUo/umK4rSk4\nJe72FDg879OTTVSXCEsyWVJc+rgh5tvEMaN/89LXmJdOFngSjN9FBK3LFOMONOgD\nmhr9atQAGvJyUv9pzuKLAxd4fPab365w5OeID7GFcpWKV+EoutUkr+imnkLk1jQ5\neEzk8RFk0s6ZaAg/bpxWDbeAM1rGk6XQ+eZ0mOZjqiP3qb8nCVhg6kWChcxQMsJs\n5MGzXQduqmFViwIgRJ1BiRTjg8iOLQ8kPwh8DRYKKArIkNoFQeMpNGQurYWZ32mg\npgLo2/anveDKgr5AhphpNC/UveyFlVc7FrvSyB4pzf11h2EJ1eXcts56fXgmOYRX\nUOSFI0tzFlM+TrGicY9QpVlWZaO6TFdOAog2eZjUB5iFrK+Zha//vsqXlsceFBjw\nj/DHO3oeV1RP353Ukg2fi4Jusrw94wfPJd++q5PiS/gI2q5MsvN4gBE7pR/jgI9I\n95p20J86uiuvYHp12nMvtOYXaTGB1VZOYjEeofRnWFMR1LstC7z1KKldUS6Mxrxq\nA1kGH2yGx1qwrVfS9D0NeqrTrO/Tht01K0O5S13iidHm+Jg/Gv7xqvU0Ph3KVFiZ\n0LTEUZ09XX5/pCzbawmb0Tyy86M97o7RIvJVdqWQXR1GNP6KrFYjDmMuAVNAc3iZ\nrPmCgN8s+cI=aYxA\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-12723"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006179"
},
{
"db": "VULHUB",
"id": "VHN-165430"
},
{
"db": "VULMON",
"id": "CVE-2020-12723"
},
{
"db": "PACKETSTORM",
"id": "161656"
},
{
"db": "PACKETSTORM",
"id": "161726"
},
{
"db": "PACKETSTORM",
"id": "161728"
},
{
"db": "PACKETSTORM",
"id": "162130"
},
{
"db": "PACKETSTORM",
"id": "162245"
},
{
"db": "PACKETSTORM",
"id": "161437"
},
{
"db": "PACKETSTORM",
"id": "161843"
}
],
"trust": 2.43
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-12723",
"trust": 2.7
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006179",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "161437",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161728",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161726",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162130",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161656",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162245",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161843",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "162915",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159726",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "162021",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "159707",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161727",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161255",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-37943",
"trust": 0.1
},
{
"db": "CNNVD",
"id": "CNNVD-202006-146",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-165430",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-12723",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165430"
},
{
"db": "VULMON",
"id": "CVE-2020-12723"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006179"
},
{
"db": "PACKETSTORM",
"id": "161656"
},
{
"db": "PACKETSTORM",
"id": "161726"
},
{
"db": "PACKETSTORM",
"id": "161728"
},
{
"db": "PACKETSTORM",
"id": "162130"
},
{
"db": "PACKETSTORM",
"id": "162245"
},
{
"db": "PACKETSTORM",
"id": "161437"
},
{
"db": "PACKETSTORM",
"id": "161843"
},
{
"db": "NVD",
"id": "CVE-2020-12723"
}
]
},
"id": "VAR-202006-1806",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-165430"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:51:08.679000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "study_chunk: avoid mutating regexp program within GOSUB",
"trust": 0.8,
"url": "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a"
},
{
"title": "perl5/pod/perl5303delta.pod",
"trust": 0.8,
"url": "https://github.com/perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"title": "Segfault in S_study_chunk (regcomp.c:4870) #16947",
"trust": 0.8,
"url": "https://github.com/perl/perl5/issues/16947"
},
{
"title": "study_chunk recursion #17743",
"trust": 0.8,
"url": "https://github.com/perl/perl5/issues/17743"
},
{
"title": "Comparing changes",
"trust": 0.8,
"url": "https://github.com/perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"title": "editorGambasDelta",
"trust": 0.2,
"url": "https://github.com/d5n9smatrix/editorgambasdelta "
},
{
"title": "Red Hat: Moderate: perl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210557 - security advisory"
},
{
"title": "Red Hat: Moderate: perl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210343 - security advisory"
},
{
"title": "Debian CVElist Bug Report Logs: perl: regexp security issues: CVE-2020-10543, CVE-2020-10878, CVE-2020-12723",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=babe2a0596ddd17a5ad75cd3c30c45ff"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1610",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2021-1610"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.1.3 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210607 - security advisory"
},
{
"title": "IBM: Security Bulletin: Cloud Pak for Security contains security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=08f19f0be4d5dcf7486e5abcdb671477"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "visualGambasDelta",
"trust": 0.1,
"url": "https://github.com/d5n9smatrix/visualgambasdelta "
},
{
"title": "perl5283delta",
"trust": 0.1,
"url": "https://github.com/d5n9smatrix/perl5283delta "
},
{
"title": "litecoin-automation",
"trust": 0.1,
"url": "https://github.com/gzukel/litecoin-automation "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/d5n9smatrix/perltoc "
},
{
"title": "snykout",
"trust": 0.1,
"url": "https://github.com/garethr/snykout "
},
{
"title": "myapp-container-jaxrs",
"trust": 0.1,
"url": "https://github.com/akiraabe/myapp-container-jaxrs "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-12723"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006179"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-120",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165430"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006179"
},
{
"db": "NVD",
"id": "CVE-2020-12723"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12723"
},
{
"trust": 1.1,
"url": "https://github.com/perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"trust": 1.1,
"url": "https://github.com/perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"trust": 1.1,
"url": "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a"
},
{
"trust": 1.1,
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"trust": 1.1,
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"trust": 1.1,
"url": "https://github.com/perl/perl5/issues/16947"
},
{
"trust": 1.1,
"url": "https://github.com/perl/perl5/issues/17743"
},
{
"trust": 1.1,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.1,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.1,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-12723"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.7,
"url": "https://access.redhat.com/security/cve/cve-2020-12723"
},
{
"trust": 0.7,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10878"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2020-10543"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14351"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-25705"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-29661"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-14351"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35678"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20228"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20253"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20178"
},
{
"trust": 0.2,
"url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20191"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20253"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20191"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20180"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20228"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-35678"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20180"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-20178"
},
{
"trust": 0.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20230"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29661"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15436"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35513"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20230"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25705"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35513"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3281"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3281"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0780"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25211"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1129"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17006"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25656"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5188"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-12749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12401"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12402"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19126"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28374"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-1971"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7595"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_3scale_api_management/2.10/html-single/installing_3scale/index"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20265"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17006"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0427"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12401"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17023"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19532"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17023"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-12749"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-6829"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8177"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12403"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12243"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20388"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11756"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11756"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-7053"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12243"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12400"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-11727"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-1971"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11719"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-5094"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12403"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-11727"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14040"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5188"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9283"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19126"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-5094"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15903"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0427"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19956"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-17498"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-17498"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20907"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2018-20843"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19532"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12402"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1266"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0557"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0883"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-165430"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006179"
},
{
"db": "PACKETSTORM",
"id": "161656"
},
{
"db": "PACKETSTORM",
"id": "161726"
},
{
"db": "PACKETSTORM",
"id": "161728"
},
{
"db": "PACKETSTORM",
"id": "162130"
},
{
"db": "PACKETSTORM",
"id": "162245"
},
{
"db": "PACKETSTORM",
"id": "161437"
},
{
"db": "PACKETSTORM",
"id": "161843"
},
{
"db": "NVD",
"id": "CVE-2020-12723"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-165430"
},
{
"db": "VULMON",
"id": "CVE-2020-12723"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006179"
},
{
"db": "PACKETSTORM",
"id": "161656"
},
{
"db": "PACKETSTORM",
"id": "161726"
},
{
"db": "PACKETSTORM",
"id": "161728"
},
{
"db": "PACKETSTORM",
"id": "162130"
},
{
"db": "PACKETSTORM",
"id": "162245"
},
{
"db": "PACKETSTORM",
"id": "161437"
},
{
"db": "PACKETSTORM",
"id": "161843"
},
{
"db": "NVD",
"id": "CVE-2020-12723"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-05T00:00:00",
"db": "VULHUB",
"id": "VHN-165430"
},
{
"date": "2020-06-05T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12723"
},
{
"date": "2020-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006179"
},
{
"date": "2021-03-04T15:33:19",
"db": "PACKETSTORM",
"id": "161656"
},
{
"date": "2021-03-09T16:23:27",
"db": "PACKETSTORM",
"id": "161726"
},
{
"date": "2021-03-09T16:26:05",
"db": "PACKETSTORM",
"id": "161728"
},
{
"date": "2021-04-08T14:00:00",
"db": "PACKETSTORM",
"id": "162130"
},
{
"date": "2021-04-20T16:17:10",
"db": "PACKETSTORM",
"id": "162245"
},
{
"date": "2021-02-16T15:46:29",
"db": "PACKETSTORM",
"id": "161437"
},
{
"date": "2021-03-17T14:36:02",
"db": "PACKETSTORM",
"id": "161843"
},
{
"date": "2020-06-05T15:15:10.800000",
"db": "NVD",
"id": "CVE-2020-12723"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-165430"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-12723"
},
{
"date": "2020-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006179"
},
{
"date": "2023-11-07T03:15:43.870000",
"db": "NVD",
"id": "CVE-2020-12723"
}
]
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Perl Classic buffer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006179"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "overflow",
"sources": [
{
"db": "PACKETSTORM",
"id": "162245"
},
{
"db": "PACKETSTORM",
"id": "161843"
}
],
"trust": 0.2
}
}
var-201806-0648
Vulnerability from variot
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. Perl Contains a path traversal vulnerability.Information may be tampered with. Perl is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. Remote attackers may use a specially crafted request with directory-traversal sequences ('../') to retrieve arbitrary files from the affected system in the context of the application. Information obtained could aid in further attacks. Perl 5.26.2 and prior versions are vulnerable. Perl is a free and powerful cross-platform programming language developed by American programmer Larry Wall. A security vulnerability exists in the Archive::Tar module in Perl 5.26.2 and earlier. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: perl-Archive-Tar security update Advisory ID: RHSA-2019:2097-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2019:2097 Issue date: 2019-08-06 CVE Names: CVE-2018-12015 ==================================================================== 1. Summary:
An update for perl-Archive-Tar is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch Red Hat Enterprise Linux ComputeNode (v. 7) - noarch Red Hat Enterprise Linux Server (v. 7) - noarch Red Hat Enterprise Linux Workstation (v. 7) - noarch
Security Fix(es):
- perl: Directory traversal in Archive::Tar (CVE-2018-12015)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: perl-Archive-Tar-1.92-3.el7.src.rpm
noarch: perl-Archive-Tar-1.92-3.el7.noarch.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: perl-Archive-Tar-1.92-3.el7.src.rpm
noarch: perl-Archive-Tar-1.92-3.el7.noarch.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: perl-Archive-Tar-1.92-3.el7.src.rpm
noarch: perl-Archive-Tar-1.92-3.el7.noarch.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: perl-Archive-Tar-1.92-3.el7.src.rpm
noarch: perl-Archive-Tar-1.92-3.el7.noarch.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-12015 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/7.7_release_notes/index
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXUl4sdzjgjWX9erEAQi6mw//djhWEf/xKLvAzFGIg6vOsD6SI4LHGRCu t5wotZBi4U38ktEQ8QKBOKqZ1/69uvs3Y4h59aCcv1WU4BqbuWuW9ZAZoNadRieR tKy5CSroeWRoExQQPLTEiCCWWPavAi6zgLLoLAXm+XzJgds0gKEN7X61VqpxDBhh wksoovuhk9oljC3GVnJg7L5Z8aGDVVRv7wp1fBrJ9g5F6Dj0oQmxuhp4i581+2uZ Xqc+5NDMw0hw0REMym1YAzqQdUkW7UUR8AocEt3+D4IHqbTlCr2e8pFEvkFy2Rnd OPZixM33aKQMLej4AoNVCNr0VREcZRK2Eh36GCdCF3N/m9DqsqJWpW1AlqJotIbY V8VEv1JYf5Na/+NhNMrpeIbsFEoIpNTO2FLVUMEOlJRqIEJsBndGNMgukV2sMqtS 1qpGSlUJ6FN8SE0h08bCAyokMAHtRtx4sVrtpdWgg8lw5sauCeefxwAkJESdxGj0 ZRleyq0oEkwxpX2PhpWNqMLTb8oNhEMJ2IgIAGkdya8flqkJq/EMRieqHfeuXwvE IKT/kfjqKRoF9GthCdtzb5/oRlCwyGbgZZyji47ToMrZIZgaz9ZBS7/L3BPqkr6S fu/W8z7j3Q2Y8/ICOfcdcI2xH98UUcr0WkRUUt0EyA9XeyZKrPzzwsOgyTZpITYA gSxbbqDK1oQ=+IUg -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ========================================================================== Ubuntu Security Notice USN-3684-2 June 13, 2018
perl vulnerability
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 12.04 ESM
Summary:
Perl could be made to overwrite arbitrary files if it received a specially crafted archive file.
Software Description: - perl: Practical Extraction and Report Language
Details:
USN-3684-1 fixed a vulnerability in perl. This update provides the corresponding update for Ubuntu 12.04 ESM.
Original advisory details:
It was discovered that Perl incorrectly handled certain archive files. An attacker could possibly use this to overwrite arbitrary files.
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 12.04 ESM: perl 5.14.2-6ubuntu2.8
In general, a standard system update will make all the necessary changes. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-4226-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso June 12, 2018 https://www.debian.org/security/faq
Package : perl CVE ID : CVE-2018-12015 Debian Bug : 900834
Jakub Wilk discovered a directory traversal flaw in the Archive::Tar module, allowing an attacker to overwrite any file writable by the extracting user via a specially crafted tar archive.
For the oldstable distribution (jessie), this problem has been fixed in version 5.20.2-3+deb8u11.
For the stable distribution (stretch), this problem has been fixed in version 5.24.1-3+deb9u4.
We recommend that you upgrade your perl packages. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra
macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra are now available and addresses the following:
AppleGraphicsControl Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved size validation. CVE-2019-8555: Zhiyi Zhang of 360 ESG Codesafe Team, Zhuo Liang and shrek_wzw of Qihoo 360 Nirvan Team
Bom Available for: macOS Mojave 10.14.3 Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved handling of file metadata. CVE-2019-6239: Ian Moorhouse and Michael Trimm
CFString Available for: macOS Mojave 10.14.3 Impact: Processing a maliciously crafted string may lead to a denial of service Description: A validation issue was addressed with improved logic. CVE-2019-8516: SWIPS Team of Frifee Inc.
configd Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8552: Mohamed Ghannam (@_simo36)
Contacts Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2019-8511: an anonymous researcher
CoreCrypto Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher
DiskArbitration Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password Description: A logic issue was addressed with improved state management. CVE-2019-8522: Colin Meginnis (@falc420)
FaceTime Available for: macOS Mojave 10.14.3 Impact: A user's video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing Description: An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. CVE-2019-8550: Lauren Guzniczak of Keystone Academy
Feedback Assistant Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to gain root privileges Description: A race condition was addressed with additional validation. CVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs
Feedback Assistant Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to overwrite arbitrary files Description: This issue was addressed with improved checks. CVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs
file Available for: macOS Mojave 10.14.3 Impact: Processing a maliciously crafted file might disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6237: an anonymous researcher
Graphics Drivers Available for: macOS Mojave 10.14.3 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8519: Aleksandr Tarasikov (@astarasikov), Juwei Lin (@panicaII) and Junzhi Lu of Trend Micro Research working with Trend Micro's Zero Day Initiative
iAP Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher
IOGraphics Available for: macOS Mojave 10.14.3 Impact: A Mac may not lock when disconnecting from an external monitor Description: A lock handling issue was addressed with improved lock handling. CVE-2019-8533: an anonymous researcher, James Eagan of Télécom ParisTech, R. Scott Kemp of MIT, Romke van Dijk of Z-CERT
IOHIDFamily Available for: macOS Mojave 10.14.3 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A memory corruption issue was addressed with improved state management. CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
IOKit Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A local user may be able to read kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8504: an anonymous researcher
IOKit SCSI Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro
Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A buffer overflow was addressed with improved size validation. CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)
Kernel Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3 Impact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8508: Dr. Silvio Cesare of InfoSect
Kernel Available for: macOS Mojave 10.14.3 Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2019-8514: Samuel Groß of Google Project Zero
Kernel Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to determine kernel memory layout Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team
Kernel Available for: macOS Mojave 10.14.3 Impact: A local user may be able to read kernel memory Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-7293: Ned Williamson of Google
Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan) CVE-2019-8510: Stefan Esser of Antid0te UG
Messages Available for: macOS Mojave 10.14.3 Impact: A local user may be able to view sensitive user information Description: An access issue was addressed with additional sandbox restrictions. CVE-2019-8546: ChiYuan Chang
Notes Available for: macOS Mojave 10.14.3 Impact: A local user may be able to view a user's locked notes Description: An access issue was addressed with improved memory management. CVE-2019-8537: Greg Walker (gregwalker.us)
PackageKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved validation. CVE-2019-8561: Jaron Bradley of Crowdstrike
Perl Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: Multiple issues in Perl Description: Multiple issues in Perl were addressed in this update. CVE-2018-12015: Jakub Wilk CVE-2018-18311: Jayakrishna Menon CVE-2018-18313: Eiichi Tsukata
Power Management Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation. CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure (ssd-disclosure.com)
QuartzCore Available for: macOS Mojave 10.14.3 Impact: Processing malicious data may lead to unexpected application termination Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-8507: Kai Lu or Fortinet's FortiGuard Labs
Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2019-8526: Linus Henze (pinauten.de)
Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8520: Antonio Groza, The UK's National Cyber Security Centre (NCSC)
Siri Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to initiate a Dictation request without user authorization Description: An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. CVE-2019-8502: Luke Deshotels of North Carolina State University, Jordan Beichler of North Carolina State University, William Enck of North Carolina State University, Costin Carabaș of University POLITEHNICA of Bucharest, and Răzvan Deaconescu of University POLITEHNICA of Bucharest
Time Machine Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A local user may be able to execute arbitrary shell commands Description: This issue was addressed with improved checks. CVE-2019-8513: CodeColorist of Ant-Financial LightYear Labs
TrueTypeScaler Available for: macOS Mojave 10.14.3 Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero Day Initiative
XPC Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to overwrite arbitrary files Description: This issue was addressed with improved checks. CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs
Additional recognition
Accounts We would like to acknowledge Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt for their assistance.
Books We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.
Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.
Mail We would like to acknowledge Craig Young of Tripwire VERT and Hanno Böck for their assistance.
Time Machine We would like to acknowledge CodeColorist of Ant-Financial LightYear Labs for their assistance.
Installation note:
macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZWQgpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3E4zA/9 FvnChJHCmmH34DmCi+LGXO/fatCVVvvSHDWm1+bPjl8CeYcF+zZYACkQKxFoNpDT vyiBJnNveCQEHeBvqSyRF8dfsTf4fr0MrFS1uIQVRPf2St6fZ27vDnC6fg269r0D Eqnz0raFUa3bLUirteRMJwAqdGaVKwsNzM13qP4QEdrB14XkwZA0yQBunltFYU33 iAesKeejDLdhwkjfhmmjTlVPZmnABx2ZCfj2v7TiPxTOjfYbXcN8sY2LDHEOWNaM ucrGBMfGH/ehStXAsIArwcLGOl6SI+6JywWVcm9lG6jUHSeSk9BPF6R4JzGrEHZB sSo87+U8b63KA2GkYecwh6xvE5EchQku/fj0d2zbOlg+T2bMbyc6Al2nefsYnX5p 7BuhdZxqq3m3Gme2qRY0eye6wch1BTHhK+zctrVH2XeMaUpeanopVRI8AD+hZJ1J +9oQX8kSa7hzJYPmohA4Wi/Rp9FpKpgXYNBn1A9DgSAvf+eyfWJX0aZXmQZfn/k7 OLz3EmSKvXv0i67L9g2XYeX7GFBMqf4xWeztKLUYFafu73t1mTxZJICcYeTxebS0 zBJdkOHwP9GxsSonblDgPScQPdW85l0fangn7qqiexCVp4JsCGBc0Wuy1lc+MyzS 1YmrDRhRl4aYOf4UGgtKI6ncvM77Y30ECPV3A6vl+wk= =QV0f -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201806-0648",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.6,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "17.10"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "snapdrive",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "data ontap edge",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "8.0"
},
{
"model": "archive\\:\\:tar",
"scope": "lte",
"trust": 1.0,
"vendor": "archive tar",
"version": "2.28"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.4"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "snap creator framework",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "perl",
"scope": "lte",
"trust": 1.0,
"vendor": "perl",
"version": "5.26.2"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "archive::tar",
"scope": null,
"trust": 0.8,
"vendor": "archive tar",
"version": null
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "perl",
"scope": "lte",
"trust": 0.8,
"vendor": "the perl",
"version": "5.26.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.14"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.6.6"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.64"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.7.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.20.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.13.7"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.2.0"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.18"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.9.0"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.52"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.6.3"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.96"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.14.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "1.31"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.62"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.3.0"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.61"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.14.3"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.16"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.11.7"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.26.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.16.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.10.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.8.3"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.11.6"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.13.8"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.13.0"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.7.0"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "1.01"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.66"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.10.5"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.11.3"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.1.0"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.8.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.20"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.6.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.1.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.10.6"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "1.21"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.6.0"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.73"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.8.8"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.15"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "1.47"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.17.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "1.43"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.18.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.8.4"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.12.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.22.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.93"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.26"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.16.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "1.22"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.10.4"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.89"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.71"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.18.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "1.48"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.67"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.11.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.6.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.11.8"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.6"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.90"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.8.4"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.11.0"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.4.0"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.15.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.10.0"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.13.4"
},
{
"model": "rc1",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.10.0"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.92"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.8.8"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.2.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.85"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "1.49"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.88"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.80"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.68"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.8.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.8.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.13.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.11.4"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.63"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.5"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.5.0"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.8.5"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.11.3"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.83"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.86"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.3"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.87"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.9.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.65"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.10.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.13.0"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.84"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.4"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.24.3"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.13.11"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.12.3"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.91"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.99"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.8.7"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.20.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.24"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.10"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.97"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.11"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.6.5"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.9.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.8.7"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.2.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.13.6"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "1.44"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.8.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.81"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.98"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.7.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.11.4"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.94"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.16.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.8.5"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.70"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.8.9"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.8.3"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.17"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.8.10"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.13.10"
},
{
"model": "rc2",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.10.0"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.8"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.22"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.1.3"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.82"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.12"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.10.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.8.6"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.0.0"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.8.0"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.17.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.11.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.13.3"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.14.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "1.41"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "1.45"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.13.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.16"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.14"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.95"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.12.0"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.13.5"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.11.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.5.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "1.42"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "1.00"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.1.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "1.20"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.72"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "1.46"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.6.4"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.69"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.6.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.10.3"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "0.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.11.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.12.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.17.7"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.11.5"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.14.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.13.9"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.8.6"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.10.7"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "2.9.1"
}
],
"sources": [
{
"db": "BID",
"id": "104423"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006155"
},
{
"db": "NVD",
"id": "CVE-2018-12015"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-391"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "5.26.2",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:archive\\:\\:tar_project:archive\\:\\:tar:*:*:*:*:*:perl:*:*",
"cpe_name": [],
"versionEndIncluding": "2.28",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.14.4",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12015"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple,Red Hat",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-391"
}
],
"trust": 0.6
},
"cve": "CVE-2018-12015",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": true,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-12015",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-121932",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2018-12015",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-12015",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201806-391",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-121932",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-12015",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121932"
},
{
"db": "VULMON",
"id": "CVE-2018-12015"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006155"
},
{
"db": "NVD",
"id": "CVE-2018-12015"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-391"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name. Perl Contains a path traversal vulnerability.Information may be tampered with. Perl is prone to a directory-traversal vulnerability because the application fails to sufficiently sanitize user-supplied input. \nRemote attackers may use a specially crafted request with directory-traversal sequences (\u0027../\u0027) to retrieve arbitrary files from the affected system in the context of the application. Information obtained could aid in further attacks. \nPerl 5.26.2 and prior versions are vulnerable. Perl is a free and powerful cross-platform programming language developed by American programmer Larry Wall. A security vulnerability exists in the Archive::Tar module in Perl 5.26.2 and earlier. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: perl-Archive-Tar security update\nAdvisory ID: RHSA-2019:2097-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:2097\nIssue date: 2019-08-06\nCVE Names: CVE-2018-12015\n====================================================================\n1. Summary:\n\nAn update for perl-Archive-Tar is now available for Red Hat Enterprise\nLinux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch\nRed Hat Enterprise Linux Server (v. 7) - noarch\nRed Hat Enterprise Linux Workstation (v. 7) - noarch\n\n3. \n\nSecurity Fix(es):\n\n* perl: Directory traversal in Archive::Tar (CVE-2018-12015)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 7.7 Release Notes linked from the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nperl-Archive-Tar-1.92-3.el7.src.rpm\n\nnoarch:\nperl-Archive-Tar-1.92-3.el7.noarch.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nperl-Archive-Tar-1.92-3.el7.src.rpm\n\nnoarch:\nperl-Archive-Tar-1.92-3.el7.noarch.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nperl-Archive-Tar-1.92-3.el7.src.rpm\n\nnoarch:\nperl-Archive-Tar-1.92-3.el7.noarch.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nperl-Archive-Tar-1.92-3.el7.src.rpm\n\nnoarch:\nperl-Archive-Tar-1.92-3.el7.noarch.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-12015\nhttps://access.redhat.com/security/updates/classification/#moderate\nhttps://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/7.7_release_notes/index\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXUl4sdzjgjWX9erEAQi6mw//djhWEf/xKLvAzFGIg6vOsD6SI4LHGRCu\nt5wotZBi4U38ktEQ8QKBOKqZ1/69uvs3Y4h59aCcv1WU4BqbuWuW9ZAZoNadRieR\ntKy5CSroeWRoExQQPLTEiCCWWPavAi6zgLLoLAXm+XzJgds0gKEN7X61VqpxDBhh\nwksoovuhk9oljC3GVnJg7L5Z8aGDVVRv7wp1fBrJ9g5F6Dj0oQmxuhp4i581+2uZ\nXqc+5NDMw0hw0REMym1YAzqQdUkW7UUR8AocEt3+D4IHqbTlCr2e8pFEvkFy2Rnd\nOPZixM33aKQMLej4AoNVCNr0VREcZRK2Eh36GCdCF3N/m9DqsqJWpW1AlqJotIbY\nV8VEv1JYf5Na/+NhNMrpeIbsFEoIpNTO2FLVUMEOlJRqIEJsBndGNMgukV2sMqtS\n1qpGSlUJ6FN8SE0h08bCAyokMAHtRtx4sVrtpdWgg8lw5sauCeefxwAkJESdxGj0\nZRleyq0oEkwxpX2PhpWNqMLTb8oNhEMJ2IgIAGkdya8flqkJq/EMRieqHfeuXwvE\nIKT/kfjqKRoF9GthCdtzb5/oRlCwyGbgZZyji47ToMrZIZgaz9ZBS7/L3BPqkr6S\nfu/W8z7j3Q2Y8/ICOfcdcI2xH98UUcr0WkRUUt0EyA9XeyZKrPzzwsOgyTZpITYA\ngSxbbqDK1oQ=+IUg\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. ==========================================================================\nUbuntu Security Notice USN-3684-2\nJune 13, 2018\n\nperl vulnerability\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 12.04 ESM\n\nSummary:\n\nPerl could be made to overwrite arbitrary files if it received\na specially crafted archive file. \n\nSoftware Description:\n- perl: Practical Extraction and Report Language\n\nDetails:\n\nUSN-3684-1 fixed a vulnerability in perl. This update provides\nthe corresponding update for Ubuntu 12.04 ESM. \n\nOriginal advisory details:\n\n It was discovered that Perl incorrectly handled certain archive files. \n An attacker could possibly use this to overwrite arbitrary files. \n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 12.04 ESM:\n perl 5.14.2-6ubuntu2.8\n\nIn general, a standard system update will make all the necessary\nchanges. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4226-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJune 12, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : perl\nCVE ID : CVE-2018-12015\nDebian Bug : 900834\n\nJakub Wilk discovered a directory traversal flaw in the Archive::Tar\nmodule, allowing an attacker to overwrite any file writable by the\nextracting user via a specially crafted tar archive. \n\nFor the oldstable distribution (jessie), this problem has been fixed\nin version 5.20.2-3+deb8u11. \n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 5.24.1-3+deb9u4. \n\nWe recommend that you upgrade your perl packages. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update\n2019-002 High Sierra, Security Update 2019-002 Sierra\n\nmacOS Mojave 10.14.4, Security Update 2019-002 High Sierra,\nSecurity Update 2019-002 Sierra are now available and\naddresses the following:\n\nAppleGraphicsControl\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2019-8555: Zhiyi Zhang of 360 ESG Codesafe Team, Zhuo Liang and\nshrek_wzw of Qihoo 360 Nirvan Team\n\nBom\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved handling of file\nmetadata. \nCVE-2019-6239: Ian Moorhouse and Michael Trimm\n\nCFString\nAvailable for: macOS Mojave 10.14.3\nImpact: Processing a maliciously crafted string may lead to a denial\nof service\nDescription: A validation issue was addressed with improved logic. \nCVE-2019-8516: SWIPS Team of Frifee Inc. \n\nconfigd\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2019-8552: Mohamed Ghannam (@_simo36)\n\nContacts\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2019-8511: an anonymous researcher\n\nCoreCrypto\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-8542: an anonymous researcher\n\nDiskArbitration\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: An encrypted volume may be unmounted and remounted by a\ndifferent user without prompting for the password\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2019-8522: Colin Meginnis (@falc420)\n\nFaceTime\nAvailable for: macOS Mojave 10.14.3\nImpact: A user\u0027s video may not be paused in a FaceTime call if they\nexit the FaceTime app while the call is ringing\nDescription: An issue existed in the pausing of FaceTime video. The\nissue was resolved with improved logic. \nCVE-2019-8550: Lauren Guzniczak of Keystone Academy\n\nFeedback Assistant\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to gain root privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs\n\nFeedback Assistant\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to overwrite arbitrary\nfiles\nDescription: This issue was addressed with improved checks. \nCVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs\n\nfile\nAvailable for: macOS Mojave 10.14.3\nImpact: Processing a maliciously crafted file might disclose user\ninformation\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-6237: an anonymous researcher\n\nGraphics Drivers\nAvailable for: macOS Mojave 10.14.3\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8519: Aleksandr Tarasikov (@astarasikov), Juwei Lin\n(@panicaII) and Junzhi Lu of Trend Micro Research working with Trend\nMicro\u0027s Zero Day Initiative\n\niAP\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-8542: an anonymous researcher\n\nIOGraphics\nAvailable for: macOS Mojave 10.14.3\nImpact: A Mac may not lock when disconnecting from an external\nmonitor\nDescription: A lock handling issue was addressed with improved lock\nhandling. \nCVE-2019-8533: an anonymous researcher, James Eagan of T\u00e9l\u00e9com\nParisTech, R. Scott Kemp of MIT, Romke van Dijk of Z-CERT\n\nIOHIDFamily\nAvailable for: macOS Mojave 10.14.3\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team\n\nIOKit\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3\nImpact: A local user may be able to read kernel memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2019-8504: an anonymous researcher\n\nIOKit SCSI\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.3\nImpact: Mounting a maliciously crafted NFS network share may lead to\narbitrary code execution with system privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-8508: Dr. Silvio Cesare of InfoSect\n\nKernel\nAvailable for: macOS Mojave 10.14.3\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2019-8514: Samuel Gro\u00df of Google Project Zero\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.3\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for: macOS Mojave 10.14.3\nImpact: A local user may be able to read kernel memory\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-7293: Ned Williamson of Google\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed with improved input\nvalidation. \nCVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)\nCVE-2019-8510: Stefan Esser of Antid0te UG\n\nMessages\nAvailable for: macOS Mojave 10.14.3\nImpact: A local user may be able to view sensitive user information\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2019-8546: ChiYuan Chang\n\nNotes\nAvailable for: macOS Mojave 10.14.3\nImpact: A local user may be able to view a user\u0027s locked notes\nDescription: An access issue was addressed with improved memory\nmanagement. \nCVE-2019-8537: Greg Walker (gregwalker.us)\n\nPackageKit\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2019-8561: Jaron Bradley of Crowdstrike\n\nPerl\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: Multiple issues in Perl\nDescription: Multiple issues in Perl were addressed in this update. \nCVE-2018-12015: Jakub Wilk\nCVE-2018-18311: Jayakrishna Menon\nCVE-2018-18313: Eiichi Tsukata\n\nPower Management\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: Multiple input validation issues existed in MIG\ngenerated code. These issues were addressed with improved validation. \nCVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure\n(ssd-disclosure.com)\n\nQuartzCore\nAvailable for: macOS Mojave 10.14.3\nImpact: Processing malicious data may lead to unexpected application\ntermination\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2019-8507: Kai Lu or Fortinet\u0027s FortiGuard Labs\n\nSecurity\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: An application may be able to gain elevated privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2019-8526: Linus Henze (pinauten.de)\n\nSecurity\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8520: Antonio Groza, The UK\u0027s National Cyber Security Centre\n(NCSC)\n\nSiri\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to initiate a Dictation\nrequest without user authorization\nDescription: An API issue existed in the handling of dictation\nrequests. This issue was addressed with improved validation. \nCVE-2019-8502: Luke Deshotels of North Carolina State University,\nJordan Beichler of North Carolina State University, William Enck of\nNorth Carolina State University, Costin Caraba\u0219 of University\nPOLITEHNICA of Bucharest, and R\u0103zvan Deaconescu of University\nPOLITEHNICA of Bucharest\n\nTime Machine\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A local user may be able to execute arbitrary shell commands\nDescription: This issue was addressed with improved checks. \nCVE-2019-8513: CodeColorist of Ant-Financial LightYear Labs\n\nTrueTypeScaler\nAvailable for: macOS Mojave 10.14.3\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero\nDay Initiative\n\nXPC\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.3\nImpact: A malicious application may be able to overwrite arbitrary\nfiles\nDescription: This issue was addressed with improved checks. \nCVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs\n\nAdditional recognition\n\nAccounts\nWe would like to acknowledge Milan Stute of Secure Mobile Networking\nLab at Technische Universit\u00e4t Darmstadt for their assistance. \n\nBooks\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for\ntheir assistance. \n\nKernel\nWe would like to acknowledge Brandon Azad of Google Project Zero for\ntheir assistance. \n\nMail\nWe would like to acknowledge Craig Young of Tripwire VERT and Hanno\nB\u00f6ck for their assistance. \n\nTime Machine\nWe would like to acknowledge CodeColorist of Ant-Financial LightYear\nLabs for their assistance. \n\nInstallation note:\n\nmacOS Mojave 10.14.4, Security Update 2019-002 High Sierra,\nSecurity Update 2019-002 Sierra may be obtained from the\nMac App Store or Apple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZWQgpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3E4zA/9\nFvnChJHCmmH34DmCi+LGXO/fatCVVvvSHDWm1+bPjl8CeYcF+zZYACkQKxFoNpDT\nvyiBJnNveCQEHeBvqSyRF8dfsTf4fr0MrFS1uIQVRPf2St6fZ27vDnC6fg269r0D\nEqnz0raFUa3bLUirteRMJwAqdGaVKwsNzM13qP4QEdrB14XkwZA0yQBunltFYU33\niAesKeejDLdhwkjfhmmjTlVPZmnABx2ZCfj2v7TiPxTOjfYbXcN8sY2LDHEOWNaM\nucrGBMfGH/ehStXAsIArwcLGOl6SI+6JywWVcm9lG6jUHSeSk9BPF6R4JzGrEHZB\nsSo87+U8b63KA2GkYecwh6xvE5EchQku/fj0d2zbOlg+T2bMbyc6Al2nefsYnX5p\n7BuhdZxqq3m3Gme2qRY0eye6wch1BTHhK+zctrVH2XeMaUpeanopVRI8AD+hZJ1J\n+9oQX8kSa7hzJYPmohA4Wi/Rp9FpKpgXYNBn1A9DgSAvf+eyfWJX0aZXmQZfn/k7\nOLz3EmSKvXv0i67L9g2XYeX7GFBMqf4xWeztKLUYFafu73t1mTxZJICcYeTxebS0\nzBJdkOHwP9GxsSonblDgPScQPdW85l0fangn7qqiexCVp4JsCGBc0Wuy1lc+MyzS\n1YmrDRhRl4aYOf4UGgtKI6ncvM77Y30ECPV3A6vl+wk=\n=QV0f\n-----END PGP SIGNATURE-----\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-12015"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006155"
},
{
"db": "BID",
"id": "104423"
},
{
"db": "VULHUB",
"id": "VHN-121932"
},
{
"db": "VULMON",
"id": "CVE-2018-12015"
},
{
"db": "PACKETSTORM",
"id": "153939"
},
{
"db": "PACKETSTORM",
"id": "148182"
},
{
"db": "PACKETSTORM",
"id": "148186"
},
{
"db": "PACKETSTORM",
"id": "148159"
},
{
"db": "PACKETSTORM",
"id": "152222"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-12015",
"trust": 3.4
},
{
"db": "BID",
"id": "104423",
"trust": 2.1
},
{
"db": "SECTRACK",
"id": "1041048",
"trust": 1.8
},
{
"db": "PACKETSTORM",
"id": "153939",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "152222",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006155",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201806-391",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.2986",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2019.0990",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "148186",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148159",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "148182",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-121932",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-12015",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121932"
},
{
"db": "VULMON",
"id": "CVE-2018-12015"
},
{
"db": "BID",
"id": "104423"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006155"
},
{
"db": "PACKETSTORM",
"id": "153939"
},
{
"db": "PACKETSTORM",
"id": "148182"
},
{
"db": "PACKETSTORM",
"id": "148186"
},
{
"db": "PACKETSTORM",
"id": "148159"
},
{
"db": "PACKETSTORM",
"id": "152222"
},
{
"db": "NVD",
"id": "CVE-2018-12015"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-391"
}
]
},
"id": "VAR-201806-0648",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-121932"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:37:34.760000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "900834",
"trust": 0.8,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834"
},
{
"title": "DSA-4226",
"trust": 0.8,
"url": "https://www.debian.org/security/2018/dsa-4226"
},
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.perl.org/"
},
{
"title": "USN-3684-1",
"trust": 0.8,
"url": "https://usn.ubuntu.com/3684-1/"
},
{
"title": "USN-3684-2",
"trust": 0.8,
"url": "https://usn.ubuntu.com/3684-2/"
},
{
"title": "Red Hat: Moderate: perl-Archive-Tar security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20192097 - security advisory"
},
{
"title": "Debian CVElist Bug Report Logs: perl: CVE-2018-12015: Archive::Tar: directory traversal",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=ae01e1751a4de5ce20f0a869eb70bbc1"
},
{
"title": "Ubuntu Security Notice: perl vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3684-2"
},
{
"title": "Ubuntu Security Notice: perl vulnerability",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3684-1"
},
{
"title": "Debian Security Advisories: DSA-4226-1 perl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=162819cebf8a5021e191f0a64ae86db8"
},
{
"title": "Amazon Linux AMI: ALAS-2019-1287",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=alas-2019-1287"
},
{
"title": "Red Hat: CVE-2018-12015",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-12015"
},
{
"title": "Amazon Linux 2: ALAS2-2019-1330",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2019-1330"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=aea3fcafd82c179d3a5dfa015e920864"
},
{
"title": "traversal-archives",
"trust": 0.1,
"url": "https://github.com/jwilk/traversal-archives "
},
{
"title": "iot-cves",
"trust": 0.1,
"url": "https://github.com/inesmartins31/iot-cves "
},
{
"title": "Exp101tsArchiv30thers",
"trust": 0.1,
"url": "https://github.com/nu11secur1ty/exp101tsarchiv30thers "
},
{
"title": "awesome-cve-poc_qazbnm456",
"trust": 0.1,
"url": "https://github.com/xbl3/awesome-cve-poc_qazbnm456 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-12015"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006155"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-59",
"trust": 1.1
},
{
"problemtype": "CWE-22",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121932"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006155"
},
{
"db": "NVD",
"id": "CVE-2018-12015"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.6,
"url": "https://access.redhat.com/errata/rhsa-2019:2097"
},
{
"trust": 2.5,
"url": "http://www.securityfocus.com/bid/104423"
},
{
"trust": 2.1,
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834"
},
{
"trust": 1.9,
"url": "https://usn.ubuntu.com/3684-2/"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/mar/42"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20180927-0001/"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht209600"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2018/dsa-4226"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2019/mar/49"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1041048"
},
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/3684-1/"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12015"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-12015"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-au/ht209600"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2019.2986/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77806"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht209600"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152222/apple-security-advisory-2019-3-25-2.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/153939/red-hat-security-advisory-2019-2097-01.html"
},
{
"trust": 0.6,
"url": "http://www.ibm.com/support/docview.wss?uid=ibm10870798"
},
{
"trust": 0.4,
"url": "https://access.redhat.com/security/cve/cve-2018-12015"
},
{
"trust": 0.3,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588760"
},
{
"trust": 0.3,
"url": "www.perl.org"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/usn/usn-3684-1"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/59.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=58456"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/7.7_release_notes/index"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/perl/5.26.1-6ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/perl/5.22.1-9ubuntu0.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/perl/5.26.0-8ubuntu1.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/perl/5.18.2-2ubuntu1.6"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3684-2"
},
{
"trust": 0.1,
"url": "https://security-tracker.debian.org/tracker/perl"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/"
},
{
"trust": 0.1,
"url": "https://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8514"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8519"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8502"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8516"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6239"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18313"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6237"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8526"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8527"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8533"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8517"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8521"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8504"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8510"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8508"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8530"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8513"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8529"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8507"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18311"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-121932"
},
{
"db": "VULMON",
"id": "CVE-2018-12015"
},
{
"db": "BID",
"id": "104423"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006155"
},
{
"db": "PACKETSTORM",
"id": "153939"
},
{
"db": "PACKETSTORM",
"id": "148182"
},
{
"db": "PACKETSTORM",
"id": "148186"
},
{
"db": "PACKETSTORM",
"id": "148159"
},
{
"db": "PACKETSTORM",
"id": "152222"
},
{
"db": "NVD",
"id": "CVE-2018-12015"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-391"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-121932"
},
{
"db": "VULMON",
"id": "CVE-2018-12015"
},
{
"db": "BID",
"id": "104423"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-006155"
},
{
"db": "PACKETSTORM",
"id": "153939"
},
{
"db": "PACKETSTORM",
"id": "148182"
},
{
"db": "PACKETSTORM",
"id": "148186"
},
{
"db": "PACKETSTORM",
"id": "148159"
},
{
"db": "PACKETSTORM",
"id": "152222"
},
{
"db": "NVD",
"id": "CVE-2018-12015"
},
{
"db": "CNNVD",
"id": "CNNVD-201806-391"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-06-07T00:00:00",
"db": "VULHUB",
"id": "VHN-121932"
},
{
"date": "2018-06-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-12015"
},
{
"date": "2018-06-07T00:00:00",
"db": "BID",
"id": "104423"
},
{
"date": "2018-08-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006155"
},
{
"date": "2019-08-06T21:11:21",
"db": "PACKETSTORM",
"id": "153939"
},
{
"date": "2018-06-13T15:23:00",
"db": "PACKETSTORM",
"id": "148182"
},
{
"date": "2018-06-13T14:42:00",
"db": "PACKETSTORM",
"id": "148186"
},
{
"date": "2018-06-12T16:08:35",
"db": "PACKETSTORM",
"id": "148159"
},
{
"date": "2019-03-26T14:40:53",
"db": "PACKETSTORM",
"id": "152222"
},
{
"date": "2018-06-07T13:29:00.240000",
"db": "NVD",
"id": "CVE-2018-12015"
},
{
"date": "2018-06-08T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-391"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-121932"
},
{
"date": "2020-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2018-12015"
},
{
"date": "2018-06-07T00:00:00",
"db": "BID",
"id": "104423"
},
{
"date": "2018-08-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-006155"
},
{
"date": "2020-08-24T17:37:01.140000",
"db": "NVD",
"id": "CVE-2018-12015"
},
{
"date": "2021-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201806-391"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-391"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Perl Path traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-006155"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "post link",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201806-391"
}
],
"trust": 0.6
}
}
var-202006-1807
Vulnerability from variot
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. Perl Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An input validation error vulnerability exists in Perl versions prior to 5.30.3. The vulnerability is caused by the program's incorrect handling of the \"PL_regkind[OP(n)] == NOTHING\" case. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
===================================================================== Red Hat Security Advisory
Synopsis: Moderate: perl security update Advisory ID: RHSA-2021:1032-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:1032 Issue date: 2021-03-30 CVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 =====================================================================
- Summary:
An update for perl is now available for Red Hat Enterprise Linux 7.7 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7) - x86_64 Red Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64
- Description:
Perl is a high-level programming language that is commonly used for system administration utilities and web programming.
Security Fix(es):
-
perl: heap-based buffer overflow in regular expression compiler leads to DoS (CVE-2020-10543)
-
perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS (CVE-2020-10878)
-
perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS (CVE-2020-12723)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1837975 - CVE-2020-10543 perl: heap-based buffer overflow in regular expression compiler leads to DoS 1837988 - CVE-2020-10878 perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS 1838000 - CVE-2020-12723 perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS 1930185 - perl FTBFS: ../cpan/Time-Local/t/Local.t test fails in year 2020 [rhel-7.7.z]
- Package List:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.7):
Source: perl-5.16.3-294.el7_7.1.src.rpm
noarch: perl-CPAN-1.9800-294.el7_7.1.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_7.1.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_7.1.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_7.1.noarch.rpm perl-IO-Zlib-1.10-294.el7_7.1.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_7.1.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_7.1.noarch.rpm perl-Module-Loaded-0.08-294.el7_7.1.noarch.rpm perl-Object-Accessor-0.42-294.el7_7.1.noarch.rpm perl-Package-Constants-0.02-294.el7_7.1.noarch.rpm perl-Pod-Escapes-1.04-294.el7_7.1.noarch.rpm
x86_64: perl-5.16.3-294.el7_7.1.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_7.1.x86_64.rpm perl-core-5.16.3-294.el7_7.1.x86_64.rpm perl-debuginfo-5.16.3-294.el7_7.1.i686.rpm perl-debuginfo-5.16.3-294.el7_7.1.x86_64.rpm perl-devel-5.16.3-294.el7_7.1.i686.rpm perl-devel-5.16.3-294.el7_7.1.x86_64.rpm perl-libs-5.16.3-294.el7_7.1.i686.rpm perl-libs-5.16.3-294.el7_7.1.x86_64.rpm perl-macros-5.16.3-294.el7_7.1.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7):
x86_64: perl-debuginfo-5.16.3-294.el7_7.1.x86_64.rpm perl-tests-5.16.3-294.el7_7.1.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.7):
Source: perl-5.16.3-294.el7_7.1.src.rpm
noarch: perl-CPAN-1.9800-294.el7_7.1.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-294.el7_7.1.noarch.rpm perl-ExtUtils-Embed-1.30-294.el7_7.1.noarch.rpm perl-ExtUtils-Install-1.58-294.el7_7.1.noarch.rpm perl-IO-Zlib-1.10-294.el7_7.1.noarch.rpm perl-Locale-Maketext-Simple-0.21-294.el7_7.1.noarch.rpm perl-Module-CoreList-2.76.02-294.el7_7.1.noarch.rpm perl-Module-Loaded-0.08-294.el7_7.1.noarch.rpm perl-Object-Accessor-0.42-294.el7_7.1.noarch.rpm perl-Package-Constants-0.02-294.el7_7.1.noarch.rpm perl-Pod-Escapes-1.04-294.el7_7.1.noarch.rpm
ppc64: perl-5.16.3-294.el7_7.1.ppc64.rpm perl-Time-Piece-1.20.1-294.el7_7.1.ppc64.rpm perl-core-5.16.3-294.el7_7.1.ppc64.rpm perl-debuginfo-5.16.3-294.el7_7.1.ppc.rpm perl-debuginfo-5.16.3-294.el7_7.1.ppc64.rpm perl-devel-5.16.3-294.el7_7.1.ppc.rpm perl-devel-5.16.3-294.el7_7.1.ppc64.rpm perl-libs-5.16.3-294.el7_7.1.ppc.rpm perl-libs-5.16.3-294.el7_7.1.ppc64.rpm perl-macros-5.16.3-294.el7_7.1.ppc64.rpm
ppc64le: perl-5.16.3-294.el7_7.1.ppc64le.rpm perl-Time-Piece-1.20.1-294.el7_7.1.ppc64le.rpm perl-core-5.16.3-294.el7_7.1.ppc64le.rpm perl-debuginfo-5.16.3-294.el7_7.1.ppc64le.rpm perl-devel-5.16.3-294.el7_7.1.ppc64le.rpm perl-libs-5.16.3-294.el7_7.1.ppc64le.rpm perl-macros-5.16.3-294.el7_7.1.ppc64le.rpm
s390x: perl-5.16.3-294.el7_7.1.s390x.rpm perl-Time-Piece-1.20.1-294.el7_7.1.s390x.rpm perl-core-5.16.3-294.el7_7.1.s390x.rpm perl-debuginfo-5.16.3-294.el7_7.1.s390.rpm perl-debuginfo-5.16.3-294.el7_7.1.s390x.rpm perl-devel-5.16.3-294.el7_7.1.s390.rpm perl-devel-5.16.3-294.el7_7.1.s390x.rpm perl-libs-5.16.3-294.el7_7.1.s390.rpm perl-libs-5.16.3-294.el7_7.1.s390x.rpm perl-macros-5.16.3-294.el7_7.1.s390x.rpm
x86_64: perl-5.16.3-294.el7_7.1.x86_64.rpm perl-Time-Piece-1.20.1-294.el7_7.1.x86_64.rpm perl-core-5.16.3-294.el7_7.1.x86_64.rpm perl-debuginfo-5.16.3-294.el7_7.1.i686.rpm perl-debuginfo-5.16.3-294.el7_7.1.x86_64.rpm perl-devel-5.16.3-294.el7_7.1.i686.rpm perl-devel-5.16.3-294.el7_7.1.x86_64.rpm perl-libs-5.16.3-294.el7_7.1.i686.rpm perl-libs-5.16.3-294.el7_7.1.x86_64.rpm perl-macros-5.16.3-294.el7_7.1.x86_64.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 7.7):
ppc64: perl-debuginfo-5.16.3-294.el7_7.1.ppc64.rpm perl-tests-5.16.3-294.el7_7.1.ppc64.rpm
ppc64le: perl-debuginfo-5.16.3-294.el7_7.1.ppc64le.rpm perl-tests-5.16.3-294.el7_7.1.ppc64le.rpm
s390x: perl-debuginfo-5.16.3-294.el7_7.1.s390x.rpm perl-tests-5.16.3-294.el7_7.1.s390x.rpm
x86_64: perl-debuginfo-5.16.3-294.el7_7.1.x86_64.rpm perl-tests-5.16.3-294.el7_7.1.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-12723 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYGLwtdzjgjWX9erEAQh/SA/9GENjf1AD4oPsRe6GzOIPR5HIuRSixHcc RUyMNqGsQ+piL824iq37aGqtl96Dvp67BpbeHEzAWTg3bPmrsaM1eXOR5awF9wuc f99kmE2UCTzdhtp4MDBrzRFidpi1FEwqNhOa9pSZH1My6+3PDhV4XtXysgQ7SDlw HJqf3mvfPrZdGcqNoOHWWjRyoH0OodJkPFn1ZoKAXn70HCVuTa0wcng18cWd8zs1 v210iFTCFWaDZpWc69HSV56+crM3alWfW8myDBdaVq9g4iWmK51pbA9Yp4AS4Hjy 09DzL8MJ3QEJjUYoo+siaaNz8bQGyCckhbrSDOgjUjU/QXxRouN5YyjIOnO8DOBc g7Qp2fceXmt8q7dn1YOgIFXGHbjwbMYiDhs39Fn6MuT3r1+ofbj/KMWa2icL5Nje ZetQ5eI+3A+irpef4wS0xMgEgr3PkGKmuxxauoq+y7BgbqD1EDs/ItHVzQKfPdPF m7uQ2mmqdO4rasKRGB0d4pO4yFCqyf6lBqxAEjexY0hyp1JPyJolGmWpYJP6LtJ4 7eKIPjnQgxCWOySa//2xxMSDVLj088zvLGf8eq2xmwV1+cyUXWQ9dkxdyImTO9IZ W6xporFLVbxX+fajaoZQQdHj7UxGpJY3rKofgFQQleRz22JSbvKhqydR36QFBRsR WUNYnqDSxIM= =ci9w -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce .
Bug fix:
-
RHACM 2.0.8 images (BZ #1915461)
-
Bugs fixed (https://bugzilla.redhat.com/):
1915461 - RHACM 2.0.8 images 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation
- Description:
Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/
Security fixes:
-
redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)
-
console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092)
-
console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918)
Bug fixes:
-
RHACM 2.2.4 images (BZ# 1957254)
-
Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832)
-
ACM Operator should support using the default route TLS (BZ# 1955270)
-
The scrolling bar for search filter does not work properly (BZ# 1956852)
-
Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)
-
The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181)
-
Unable to make SSH connection to a Bitbucket server (BZ# 1966513)
-
Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message
-
8.2) - aarch64, noarch, ppc64le, s390x, x86_64
Bug Fix(es):
-
[perl-net-ping] wrong return value on failing DNS name lookup (BZ#1973177)
-
Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.13. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2021:2122
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
This update fixes the following bug among others:
- Previously, resources for the ClusterOperator were being created early in the update process, which led to update failures when the ClusterOperator had no status condition while Operators were updating. This bug fix changes the timing of when these resources are created. As a result, updates can take place without errors. (BZ#1959238)
Security Fix(es):
- gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64
The image digest is sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-s390x
The image digest is sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le
The image digest is sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36
All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
- Solution:
For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923268 - [Assisted-4.7] [Staging] Using two both spelling "canceled" "cancelled" 1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go 1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list 1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits 1959238 - CVO creating cloud-controller-manager too early causing upgrade failures 1960103 - SR-IOV obliviously reboot the node 1961941 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated 1962302 - packageserver clusteroperator does not set reason or message for Available condition 1962312 - Deployment considered unhealthy despite being available and at latest generation 1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone 1963115 - Test verify /run filesystem contents failing
- Description:
Security Fix(es):
- Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253
- Upgraded to a more recent version of autobahn to address CVE-2020-35678.
- Upgraded to a more recent version of nginx to address CVE-2019-20372.
Bug Fix(es):
- Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches.
-
Improved analytics collection to collect the playbook status for all hosts in a playbook run
-
Solution:
For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html
- Bugs fixed (https://bugzilla.redhat.com/):
1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page 1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape
- ========================================================================== Ubuntu Security Notice USN-4602-1 October 26, 2020
perl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in Perl.
Software Description: - perl: Practical Extraction and Report Language
Details:
ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10543)
Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10878)
Sergey Aleynikov discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-12723)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04 LTS: perl 5.30.0-9ubuntu0.2
Ubuntu 18.04 LTS: perl 5.26.1-6ubuntu0.5
Ubuntu 16.04 LTS: perl 5.22.1-9ubuntu0.9
In general, a standard system update will make all the necessary changes
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1807",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.2.0"
},
{
"model": "configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.2.0.8"
},
{
"model": "communications performance intelligence center",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.0.0.0"
},
{
"model": "communications eagle application processor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "perl",
"scope": "lt",
"trust": 1.0,
"vendor": "perl",
"version": "5.30.3"
},
{
"model": "communications performance intelligence center",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.0.2.1"
},
{
"model": "tekelec platform distribution",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.7.1"
},
{
"model": "communications performance intelligence center",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.0.1.0"
},
{
"model": "tekelec platform distribution",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "oncommand workflow automation",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "communications lsms",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "sd-wan aware",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "46.7"
},
{
"model": "communications eagle application processor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.4.0"
},
{
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1"
},
{
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "46.8"
},
{
"model": "sd-wan aware",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "communications performance intelligence center",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.0.3.1"
},
{
"model": "communications lsms",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "communications offline mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "46.9"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "snap creator framework",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "sd-wan aware",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "perl",
"scope": "eq",
"trust": 0.8,
"vendor": "the perl",
"version": "5.30.3"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006178"
},
{
"db": "NVD",
"id": "CVE-2020-10878"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.30.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.7.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.4",
"versionStartIncluding": "13.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.4.0",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:sd-wan_aware:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:sd-wan_aware:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.4.0.3.1",
"versionStartIncluding": "10.4.0.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.3.0.2.1",
"versionStartIncluding": "10.3.0.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10878"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162021"
},
{
"db": "PACKETSTORM",
"id": "161656"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163586"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "161726"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-148"
}
],
"trust": 1.2
},
"cve": "CVE-2020-10878",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "JVNDB-2020-006178",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-163400",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"exploitabilityScore": 3.9,
"impactScore": 4.7,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 8.6,
"baseSeverity": "High",
"confidentialityImpact": "Low",
"exploitabilityScore": null,
"id": "JVNDB-2020-006178",
"impactScore": null,
"integrityImpact": "Low",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-10878",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "JVNDB-2020-006178",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-148",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-163400",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163400"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006178"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-148"
},
{
"db": "NVD",
"id": "CVE-2020-10878"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. Perl Exists in an integer overflow vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be put into a state. An input validation error vulnerability exists in Perl versions prior to 5.30.3. The vulnerability is caused by the program\u0027s incorrect handling of the \\\"PL_regkind[OP(n)] == NOTHING\\\" case. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Moderate: perl security update\nAdvisory ID: RHSA-2021:1032-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:1032\nIssue date: 2021-03-30\nCVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 \n=====================================================================\n\n1. Summary:\n\nAn update for perl is now available for Red Hat Enterprise Linux 7.7\nExtended Update Support. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7) - x86_64\nRed Hat Enterprise Linux Server EUS (v. 7.7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional EUS (v. 7.7) - ppc64, ppc64le, s390x, x86_64\n\n3. Description:\n\nPerl is a high-level programming language that is commonly used for system\nadministration utilities and web programming. \n\nSecurity Fix(es):\n\n* perl: heap-based buffer overflow in regular expression compiler leads to\nDoS (CVE-2020-10543)\n\n* perl: corruption of intermediate language state of compiled regular\nexpression due to integer overflow leads to DoS (CVE-2020-10878)\n\n* perl: corruption of intermediate language state of compiled regular\nexpression due to recursive S_study_chunk() calls leads to DoS\n(CVE-2020-12723)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1837975 - CVE-2020-10543 perl: heap-based buffer overflow in regular expression compiler leads to DoS\n1837988 - CVE-2020-10878 perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS\n1838000 - CVE-2020-12723 perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS\n1930185 - perl FTBFS: ../cpan/Time-Local/t/Local.t test fails in year 2020 [rhel-7.7.z]\n\n6. Package List:\n\nRed Hat Enterprise Linux ComputeNode EUS (v. 7.7):\n\nSource:\nperl-5.16.3-294.el7_7.1.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-294.el7_7.1.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-294.el7_7.1.noarch.rpm\nperl-ExtUtils-Embed-1.30-294.el7_7.1.noarch.rpm\nperl-ExtUtils-Install-1.58-294.el7_7.1.noarch.rpm\nperl-IO-Zlib-1.10-294.el7_7.1.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-294.el7_7.1.noarch.rpm\nperl-Module-CoreList-2.76.02-294.el7_7.1.noarch.rpm\nperl-Module-Loaded-0.08-294.el7_7.1.noarch.rpm\nperl-Object-Accessor-0.42-294.el7_7.1.noarch.rpm\nperl-Package-Constants-0.02-294.el7_7.1.noarch.rpm\nperl-Pod-Escapes-1.04-294.el7_7.1.noarch.rpm\n\nx86_64:\nperl-5.16.3-294.el7_7.1.x86_64.rpm\nperl-Time-Piece-1.20.1-294.el7_7.1.x86_64.rpm\nperl-core-5.16.3-294.el7_7.1.x86_64.rpm\nperl-debuginfo-5.16.3-294.el7_7.1.i686.rpm\nperl-debuginfo-5.16.3-294.el7_7.1.x86_64.rpm\nperl-devel-5.16.3-294.el7_7.1.i686.rpm\nperl-devel-5.16.3-294.el7_7.1.x86_64.rpm\nperl-libs-5.16.3-294.el7_7.1.i686.rpm\nperl-libs-5.16.3-294.el7_7.1.x86_64.rpm\nperl-macros-5.16.3-294.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional EUS (v. 7.7):\n\nx86_64:\nperl-debuginfo-5.16.3-294.el7_7.1.x86_64.rpm\nperl-tests-5.16.3-294.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server EUS (v. 7.7):\n\nSource:\nperl-5.16.3-294.el7_7.1.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-294.el7_7.1.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-294.el7_7.1.noarch.rpm\nperl-ExtUtils-Embed-1.30-294.el7_7.1.noarch.rpm\nperl-ExtUtils-Install-1.58-294.el7_7.1.noarch.rpm\nperl-IO-Zlib-1.10-294.el7_7.1.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-294.el7_7.1.noarch.rpm\nperl-Module-CoreList-2.76.02-294.el7_7.1.noarch.rpm\nperl-Module-Loaded-0.08-294.el7_7.1.noarch.rpm\nperl-Object-Accessor-0.42-294.el7_7.1.noarch.rpm\nperl-Package-Constants-0.02-294.el7_7.1.noarch.rpm\nperl-Pod-Escapes-1.04-294.el7_7.1.noarch.rpm\n\nppc64:\nperl-5.16.3-294.el7_7.1.ppc64.rpm\nperl-Time-Piece-1.20.1-294.el7_7.1.ppc64.rpm\nperl-core-5.16.3-294.el7_7.1.ppc64.rpm\nperl-debuginfo-5.16.3-294.el7_7.1.ppc.rpm\nperl-debuginfo-5.16.3-294.el7_7.1.ppc64.rpm\nperl-devel-5.16.3-294.el7_7.1.ppc.rpm\nperl-devel-5.16.3-294.el7_7.1.ppc64.rpm\nperl-libs-5.16.3-294.el7_7.1.ppc.rpm\nperl-libs-5.16.3-294.el7_7.1.ppc64.rpm\nperl-macros-5.16.3-294.el7_7.1.ppc64.rpm\n\nppc64le:\nperl-5.16.3-294.el7_7.1.ppc64le.rpm\nperl-Time-Piece-1.20.1-294.el7_7.1.ppc64le.rpm\nperl-core-5.16.3-294.el7_7.1.ppc64le.rpm\nperl-debuginfo-5.16.3-294.el7_7.1.ppc64le.rpm\nperl-devel-5.16.3-294.el7_7.1.ppc64le.rpm\nperl-libs-5.16.3-294.el7_7.1.ppc64le.rpm\nperl-macros-5.16.3-294.el7_7.1.ppc64le.rpm\n\ns390x:\nperl-5.16.3-294.el7_7.1.s390x.rpm\nperl-Time-Piece-1.20.1-294.el7_7.1.s390x.rpm\nperl-core-5.16.3-294.el7_7.1.s390x.rpm\nperl-debuginfo-5.16.3-294.el7_7.1.s390.rpm\nperl-debuginfo-5.16.3-294.el7_7.1.s390x.rpm\nperl-devel-5.16.3-294.el7_7.1.s390.rpm\nperl-devel-5.16.3-294.el7_7.1.s390x.rpm\nperl-libs-5.16.3-294.el7_7.1.s390.rpm\nperl-libs-5.16.3-294.el7_7.1.s390x.rpm\nperl-macros-5.16.3-294.el7_7.1.s390x.rpm\n\nx86_64:\nperl-5.16.3-294.el7_7.1.x86_64.rpm\nperl-Time-Piece-1.20.1-294.el7_7.1.x86_64.rpm\nperl-core-5.16.3-294.el7_7.1.x86_64.rpm\nperl-debuginfo-5.16.3-294.el7_7.1.i686.rpm\nperl-debuginfo-5.16.3-294.el7_7.1.x86_64.rpm\nperl-devel-5.16.3-294.el7_7.1.i686.rpm\nperl-devel-5.16.3-294.el7_7.1.x86_64.rpm\nperl-libs-5.16.3-294.el7_7.1.i686.rpm\nperl-libs-5.16.3-294.el7_7.1.x86_64.rpm\nperl-macros-5.16.3-294.el7_7.1.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional EUS (v. 7.7):\n\nppc64:\nperl-debuginfo-5.16.3-294.el7_7.1.ppc64.rpm\nperl-tests-5.16.3-294.el7_7.1.ppc64.rpm\n\nppc64le:\nperl-debuginfo-5.16.3-294.el7_7.1.ppc64le.rpm\nperl-tests-5.16.3-294.el7_7.1.ppc64le.rpm\n\ns390x:\nperl-debuginfo-5.16.3-294.el7_7.1.s390x.rpm\nperl-tests-5.16.3-294.el7_7.1.s390x.rpm\n\nx86_64:\nperl-debuginfo-5.16.3-294.el7_7.1.x86_64.rpm\nperl-tests-5.16.3-294.el7_7.1.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-10543\nhttps://access.redhat.com/security/cve/CVE-2020-10878\nhttps://access.redhat.com/security/cve/CVE-2020-12723\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYGLwtdzjgjWX9erEAQh/SA/9GENjf1AD4oPsRe6GzOIPR5HIuRSixHcc\nRUyMNqGsQ+piL824iq37aGqtl96Dvp67BpbeHEzAWTg3bPmrsaM1eXOR5awF9wuc\nf99kmE2UCTzdhtp4MDBrzRFidpi1FEwqNhOa9pSZH1My6+3PDhV4XtXysgQ7SDlw\nHJqf3mvfPrZdGcqNoOHWWjRyoH0OodJkPFn1ZoKAXn70HCVuTa0wcng18cWd8zs1\nv210iFTCFWaDZpWc69HSV56+crM3alWfW8myDBdaVq9g4iWmK51pbA9Yp4AS4Hjy\n09DzL8MJ3QEJjUYoo+siaaNz8bQGyCckhbrSDOgjUjU/QXxRouN5YyjIOnO8DOBc\ng7Qp2fceXmt8q7dn1YOgIFXGHbjwbMYiDhs39Fn6MuT3r1+ofbj/KMWa2icL5Nje\nZetQ5eI+3A+irpef4wS0xMgEgr3PkGKmuxxauoq+y7BgbqD1EDs/ItHVzQKfPdPF\nm7uQ2mmqdO4rasKRGB0d4pO4yFCqyf6lBqxAEjexY0hyp1JPyJolGmWpYJP6LtJ4\n7eKIPjnQgxCWOySa//2xxMSDVLj088zvLGf8eq2xmwV1+cyUXWQ9dkxdyImTO9IZ\nW6xporFLVbxX+fajaoZQQdHj7UxGpJY3rKofgFQQleRz22JSbvKhqydR36QFBRsR\nWUNYnqDSxIM=\n=ci9w\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://listman.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nBug fix:\n\n* RHACM 2.0.8 images (BZ #1915461)\n\n3. Bugs fixed (https://bugzilla.redhat.com/):\n\n1915461 - RHACM 2.0.8 images\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n\n5. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.4 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability\nengineers face as they work across a range of public and private cloud\nenvironments. \nClusters and applications are all visible and managed from a single\nconsole\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor\nthis release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes:\n\n* redisgraph-tls: redis: integer overflow when configurable limit for\nmaximum supported bulk input size is too big on 32-bit platforms\n(CVE-2021-21309)\n\n* console-header-container: nodejs-netmask: improper input validation of\noctal input data (CVE-2021-28092)\n\n* console-container: nodejs-is-svg: ReDoS via malicious string\n(CVE-2021-28918)\n\nBug fixes: \n\n* RHACM 2.2.4 images (BZ# 1957254)\n\n* Enabling observability for OpenShift Container Storage with RHACM 2.2 on\nOCP 4.7 (BZ#1950832)\n\n* ACM Operator should support using the default route TLS (BZ# 1955270)\n\n* The scrolling bar for search filter does not work properly (BZ# 1956852)\n\n* Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)\n\n* The proxy setup in install-config.yaml is not worked when IPI installing\nwith RHACM (BZ# 1960181)\n\n* Unable to make SSH connection to a Bitbucket server (BZ# 1966513)\n\n* Observability Thanos store shard crashing - cannot unmarshall DNS message\n(BZ# 1967890)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7\n1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory\n1954506 - [DDF] Table does not contain data about 20 clusters. Now it\u0027s difficult to estimate CPU usage with larger clusters\n1954535 - Reinstall Submariner - No endpoints found on one cluster\n1955270 - ACM Operator should support using the default route TLS\n1956852 - The scrolling bar for search filter does not work properly\n1957254 - RHACM 2.2.4 images\n1959426 - Limits on Length of MultiClusterObservability Resource Name\n1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. \n1963128 - [DDF] Please rename this to \"Amazon Elastic Kubernetes Service\"\n1966513 - Unable to make SSH connection to a Bitbucket server\n1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. \n1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message\n\n5. 8.2) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nBug Fix(es):\n\n* [perl-net-ping] wrong return value on failing DNS name lookup\n(BZ#1973177)\n\n4. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.13. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2021:2122\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nThis update fixes the following bug among others:\n\n* Previously, resources for the ClusterOperator were being created early in\nthe update process, which led to update failures when the ClusterOperator\nhad no status condition while Operators were updating. This bug fix changes\nthe timing of when these resources are created. As a result, updates can\ntake place without errors. (BZ#1959238)\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-x86_64\n\nThe image digest is\nsha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-s390x\n\nThe image digest is\nsha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le\n\nThe image digest is\nsha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\n3. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923268 - [Assisted-4.7] [Staging] Using two both spelling \"canceled\" \"cancelled\"\n1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go\n1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list\n1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits\n1959238 - CVO creating cloud-controller-manager too early causing upgrade failures\n1960103 - SR-IOV obliviously reboot the node\n1961941 - Local Storage Operator using LocalVolume CR fails to create PV\u0027s when backend storage failure is simulated\n1962302 - packageserver clusteroperator does not set reason or message for Available condition\n1962312 - Deployment considered unhealthy despite being available and at latest generation\n1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone\n1963115 - Test verify /run filesystem contents failing\n\n5. Description:\n\nSecurity Fix(es):\n\n* Addressed a security issue which can allow a malicious playbook author to\nelevate to the awx user from outside the isolated environment:\nCVE-2021-20253\n* Upgraded to a more recent version of autobahn to address CVE-2020-35678. \n* Upgraded to a more recent version of nginx to address CVE-2019-20372. \n\nBug Fix(es):\n\n* Fixed a bug which can intermittently cause access to encrypted Tower\nsettings to fail, resulting in failed job launches. \n* Improved analytics collection to collect the playbook status for all\nhosts in a playbook run\n\n3. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1790277 - CVE-2019-20372 nginx: HTTP request smuggling in configurations with URL redirect used as error_page\n1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection\n1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape\n\n5. ==========================================================================\nUbuntu Security Notice USN-4602-1\nOctober 26, 2020\n\nperl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 20.04 LTS\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Perl. \n\nSoftware Description:\n- perl: Practical Extraction and Report Language\n\nDetails:\n\nManhND discovered that Perl incorrectly handled certain regular\nexpressions. In environments where untrusted regular expressions are\nevaluated, a remote attacker could possibly use this issue to cause Perl to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2020-10543)\n\nHugo van der Sanden and Slaven Rezic discovered that Perl incorrectly\nhandled certain regular expressions. In environments where untrusted\nregular expressions are evaluated, a remote attacker could possibly use\nthis issue to cause Perl to crash, resulting in a denial of service, or\npossibly execute arbitrary code. (CVE-2020-10878)\n\nSergey Aleynikov discovered that Perl incorrectly handled certain regular\nexpressions. In environments where untrusted regular expressions are\nevaluated, a remote attacker could possibly use this issue to cause Perl to\ncrash, resulting in a denial of service, or possibly execute arbitrary\ncode. (CVE-2020-12723)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 20.04 LTS:\n perl 5.30.0-9ubuntu0.2\n\nUbuntu 18.04 LTS:\n perl 5.26.1-6ubuntu0.5\n\nUbuntu 16.04 LTS:\n perl 5.22.1-9ubuntu0.9\n\nIn general, a standard system update will make all the necessary changes",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10878"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006178"
},
{
"db": "VULHUB",
"id": "VHN-163400"
},
{
"db": "PACKETSTORM",
"id": "162021"
},
{
"db": "PACKETSTORM",
"id": "161656"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163586"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "161726"
},
{
"db": "PACKETSTORM",
"id": "159707"
}
],
"trust": 2.34
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10878",
"trust": 3.2
},
{
"db": "PACKETSTORM",
"id": "162021",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162877",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159707",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "161656",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "163188",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006178",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "159726",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162650",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161728",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161255",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162837",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162245",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161843",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202006-148",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "163586",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021042131",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021042519",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072164",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052031",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092220",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2022012754",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072268",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "158058",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1338",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0791",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2604",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2781",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0925",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1725",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0371",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1096",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0499",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2180",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0845",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1820",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1866",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2469",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161726",
"trust": 0.2
},
{
"db": "PACKETSTORM",
"id": "161727",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-53545",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163400",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163400"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006178"
},
{
"db": "PACKETSTORM",
"id": "162021"
},
{
"db": "PACKETSTORM",
"id": "161656"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163586"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "161726"
},
{
"db": "PACKETSTORM",
"id": "159707"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-148"
},
{
"db": "NVD",
"id": "CVE-2020-10878"
}
]
},
"id": "VAR-202006-1807",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163400"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:23:24.085000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "FEDORA-2020-fd73c08076",
"trust": 0.8,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/"
},
{
"title": "study_chunk: extract rck_elide_nothing",
"trust": 0.8,
"url": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8"
},
{
"title": "regcomp: use long jumps if there is any possibility of overflow",
"trust": 0.8,
"url": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c"
},
{
"title": "perl5/pod/perl5303delta.pod",
"trust": 0.8,
"url": "https://github.com/perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"title": "Comparing changes",
"trust": 0.8,
"url": "https://github.com/perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"title": "Perl Enter the fix for the verification error vulnerability",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=122041"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006178"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-148"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163400"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006178"
},
{
"db": "NVD",
"id": "CVE-2020-10878"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 2.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
},
{
"trust": 1.7,
"url": "https://github.com/perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"trust": 1.7,
"url": "https://github.com/perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"trust": 1.7,
"url": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8"
},
{
"trust": 1.7,
"url": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-10878"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-10878"
},
{
"trust": 0.6,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-10543"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162650/red-hat-security-advisory-2021-1678-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161255/red-hat-security-advisory-2021-0343-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072164"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/perl-core-integer-overflow-via-regular-expression-malformed-bytecode-32366"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-contains-security-vulnerabilities/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1866"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht211289"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1820"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072268"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1725"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052031"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0371/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2781"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012754"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1096"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042131"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2180"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161656/red-hat-security-advisory-2021-0719-01.html"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-perl-affect-aix-cve-2020-10543-cve-2020-10878-and-cve-2020-12723/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163188/red-hat-security-advisory-2021-2461-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0499"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161728/red-hat-security-advisory-2021-0780-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0925"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158058/gentoo-linux-security-advisory-202006-03.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161843/red-hat-security-advisory-2021-0883-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159707/ubuntu-security-notice-usn-4602-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1338"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092220"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2469"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162021/red-hat-security-advisory-2021-1032-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162245/red-hat-security-advisory-2021-1266-01.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042519"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0845"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2604"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0791"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162837/red-hat-security-advisory-2021-2136-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162877/red-hat-security-advisory-2021-2121-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163586/red-hat-security-advisory-2021-2792-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159726/ubuntu-security-notice-usn-4602-2.html"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12723"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-12723"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25039"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28196"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25037"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25037"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-3842"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13776"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24977"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8231"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28935"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25034"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25035"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-26116"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25038"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-26137"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25040"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24330"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25042"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25042"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12362"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25038"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25032"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25041"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25036"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25032"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27619"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-25215"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3177"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24331"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25036"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25035"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2708"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23336"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24332"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25039"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25040"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25041"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25034"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1032"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20230"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-29661"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-14351"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25705"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0719"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-29661"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35513"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14351"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20230"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-25705"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15436"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35513"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21639"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28165"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28092"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28163"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21309"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3501"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27170"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25692"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2433"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3347"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2461"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2792"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14347"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36322"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12114"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9951"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25704"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36242"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19528"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9948"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13012"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0431"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18811"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14360"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19528"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12464"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14314"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25659"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14356"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21643"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27786"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25643"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9983"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24394"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0431"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0342"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18811"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14345"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14344"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21644"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25285"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35508"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25212"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28974"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15437"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25284"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14346"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11608"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2122"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11608"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21642"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12464"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0779"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35678"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20253"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20178"
},
{
"trust": 0.1,
"url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20191"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20253"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20191"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35678"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-20372"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20180"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20178"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/perl/5.30.0-9ubuntu0.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/perl/5.22.1-9ubuntu0.9"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4602-1"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/perl/5.26.1-6ubuntu0.5"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163400"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006178"
},
{
"db": "PACKETSTORM",
"id": "162021"
},
{
"db": "PACKETSTORM",
"id": "161656"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163586"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "161726"
},
{
"db": "PACKETSTORM",
"id": "159707"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-148"
},
{
"db": "NVD",
"id": "CVE-2020-10878"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-163400"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-006178"
},
{
"db": "PACKETSTORM",
"id": "162021"
},
{
"db": "PACKETSTORM",
"id": "161656"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "163586"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "161726"
},
{
"db": "PACKETSTORM",
"id": "159707"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-148"
},
{
"db": "NVD",
"id": "CVE-2020-10878"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-05T00:00:00",
"db": "VULHUB",
"id": "VHN-163400"
},
{
"date": "2020-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006178"
},
{
"date": "2021-03-30T14:26:55",
"db": "PACKETSTORM",
"id": "162021"
},
{
"date": "2021-03-04T15:33:19",
"db": "PACKETSTORM",
"id": "161656"
},
{
"date": "2021-06-17T17:53:22",
"db": "PACKETSTORM",
"id": "163188"
},
{
"date": "2021-07-21T16:03:08",
"db": "PACKETSTORM",
"id": "163586"
},
{
"date": "2021-06-01T14:45:29",
"db": "PACKETSTORM",
"id": "162877"
},
{
"date": "2021-03-09T16:23:27",
"db": "PACKETSTORM",
"id": "161726"
},
{
"date": "2020-10-26T16:43:39",
"db": "PACKETSTORM",
"id": "159707"
},
{
"date": "2020-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-148"
},
{
"date": "2020-06-05T14:15:10.527000",
"db": "NVD",
"id": "CVE-2020-10878"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-163400"
},
{
"date": "2020-07-02T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-006178"
},
{
"date": "2022-04-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-148"
},
{
"date": "2023-11-07T03:14:25.100000",
"db": "NVD",
"id": "CVE-2020-10878"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "159707"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-148"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Perl Integer overflow vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-006178"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-148"
}
],
"trust": 0.6
}
}
var-201812-0273
Vulnerability from variot
Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. Perl Contains an out-of-bounds vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Perl is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input. Attackers can exploit these issues to execute arbitrary code on the affected application. Failed attempts will likely cause a denial-of-service condition. Perl versions 5.22 through 5.26 are vulnerable. Perl is a free and powerful cross-platform programming language developed by American programmer Larry Wall. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Important: rh-perl524-perl security update Advisory ID: RHSA-2019:0010-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2019:0010 Issue date: 2019-01-02 CVE Names: CVE-2018-18311 CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 ==================================================================== 1. Summary:
An update for rh-perl524-perl is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64
- Description:
Perl is a high-level programming language that is commonly used for system administration utilities and web programming.
Security Fix(es):
-
perl: Integer overflow leading to buffer overflow in Perl_my_setenv() (CVE-2018-18311)
-
perl: Heap-based buffer overflow in S_handle_regex_sets() (CVE-2018-18312)
-
perl: Heap-based buffer overflow in S_regatom() (CVE-2018-18314)
-
perl: Heap-based buffer read overflow in S_grok_bslash_N() (CVE-2018-18313)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank the Perl project for reporting these issues. Upstream acknowledges Jayakrishna Menon as the original reporter of CVE-2018-18311; Eiichi Tsukata as the original reporter of CVE-2018-18312 and CVE-2018-18313; and Jakub Wilk as the original reporter of CVE-2018-18314.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Bugs fixed (https://bugzilla.redhat.com/):
1646730 - CVE-2018-18311 perl: Integer overflow leading to buffer overflow in Perl_my_setenv() 1646734 - CVE-2018-18312 perl: Heap-based buffer overflow in S_handle_regex_sets() 1646738 - CVE-2018-18313 perl: Heap-based buffer read overflow in S_grok_bslash_N() 1646751 - CVE-2018-18314 perl: Heap-based buffer overflow in S_regatom()
- Package List:
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):
Source: rh-perl524-perl-5.24.0-381.el6.src.rpm
noarch: rh-perl524-perl-Locale-Maketext-Simple-0.21-381.el6.noarch.rpm
x86_64: rh-perl524-perl-tests-5.24.0-381.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):
Source: rh-perl524-perl-5.24.0-381.el6.src.rpm
noarch: rh-perl524-perl-Locale-Maketext-Simple-0.21-381.el6.noarch.rpm
x86_64: rh-perl524-perl-tests-5.24.0-381.el6.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):
Source: rh-perl524-perl-5.24.0-381.el7.src.rpm
noarch: rh-perl524-perl-Locale-Maketext-Simple-0.21-381.el7.noarch.rpm
x86_64: rh-perl524-perl-tests-5.24.0-381.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):
Source: rh-perl524-perl-5.24.0-381.el7.src.rpm
noarch: rh-perl524-perl-Locale-Maketext-Simple-0.21-381.el7.noarch.rpm
x86_64: rh-perl524-perl-tests-5.24.0-381.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):
Source: rh-perl524-perl-5.24.0-381.el7.src.rpm
noarch: rh-perl524-perl-Locale-Maketext-Simple-0.21-381.el7.noarch.rpm
x86_64: rh-perl524-perl-tests-5.24.0-381.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):
Source: rh-perl524-perl-5.24.0-381.el7.src.rpm
noarch: rh-perl524-perl-Locale-Maketext-Simple-0.21-381.el7.noarch.rpm
x86_64: rh-perl524-perl-tests-5.24.0-381.el7.x86_64.rpm
Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):
Source: rh-perl524-perl-5.24.0-381.el7.src.rpm
noarch: rh-perl524-perl-Locale-Maketext-Simple-0.21-381.el7.noarch.rpm
x86_64: rh-perl524-perl-tests-5.24.0-381.el7.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2018-18311 https://access.redhat.com/security/cve/CVE-2018-18312 https://access.redhat.com/security/cve/CVE-2018-18313 https://access.redhat.com/security/cve/CVE-2018-18314 https://access.redhat.com/security/updates/classification/#important
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBXCzjWdzjgjWX9erEAQgGbxAAjUats4SSpuFti8OldbpStTe7erlyVhih Gh5YONFxhYXSTeCv064Qbm+3m6gxbHBuQtsydMtXYGuMhA6ire2vQkJGT4/IAE1y 55aL3GLosOiqdu/yrydYnnSfxVBitY5dxN4sUBSeh54HOHzPx247zVMzMD2AwPQy DpdQ639qseh+Aq79z0ZOqofH9PHX3XDm2kypR7mhohxkORJ0rkoHAKgIfn5y7Y79 w8vTRn+S6C4goJUCMOUYU4eSuFx2PV6abOTvodGfPO2PPwivkVDIqr2UxMEZV4nA wh13K9FteozKWQApxVIkR3ipg55SHC9xHd1vpsnZRnGrnG4bO0EOTcsQ/9N2FztR soBINhCU0ycU9/Fal1Ul4COp6F2vpDsMveeMXcnmNX+f8H8UOtd8VoR5sJ6fhApC Lb+20d2AWuClUtqBghcRMTlXxYOu7KWYGVbamfDeIOH6p/p4XA8iDUeUFB5B4v4s eAnD0bqK1RRFpuOPO2Fi5F/LZ18olTA7TuTWDmBwj27nYxaLunZtctaLg6p/QgYS T5mPOFl6CGnafhZgy0iihwCCEjIcz34vPUe9kmK7ywBoJ3GIfNnGJmOs+FC7ntzQ L9YCjVEk5e8hTDGq6HohPF73gxAwdQVNYxzLoh7XmAvcBefL/eAK+YhDhCtc0ZUb ul+etyPMblM=Fj2Q -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce .
The following packages have been upgraded to a later upstream version: rh-perl526-perl (5.26.3), rh-perl526-perl-Module-CoreList (5.20181130). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201909-01
https://security.gentoo.org/
Severity: Normal Title: Perl: Multiple vulnerabilities Date: September 06, 2019 Bugs: #653432, #670190 ID: 201909-01
Synopsis
Multiple vulnerabilities have been found in Perl, the worst of which could result in the arbitrary execution of code.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 dev-lang/perl < 5.28.2 >= 5.28.2
Description
Multiple vulnerabilities have been discovered in Perl. Please review the CVE identifiers referenced below for details.
Impact
Please review the referenced CVE identifiers for details.
Workaround
There is no known workaround at this time.
Resolution
All Perl users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.28.2"
References
[ 1 ] CVE-2018-18311 https://nvd.nist.gov/vuln/detail/CVE-2018-18311 [ 2 ] CVE-2018-18312 https://nvd.nist.gov/vuln/detail/CVE-2018-18312 [ 3 ] CVE-2018-18313 https://nvd.nist.gov/vuln/detail/CVE-2018-18313 [ 4 ] CVE-2018-18314 https://nvd.nist.gov/vuln/detail/CVE-2018-18314 [ 5 ] CVE-2018-6797 https://nvd.nist.gov/vuln/detail/CVE-2018-6797 [ 6 ] CVE-2018-6798 https://nvd.nist.gov/vuln/detail/CVE-2018-6798 [ 7 ] CVE-2018-6913 https://nvd.nist.gov/vuln/detail/CVE-2018-6913
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201909-01
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2019 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra
macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra are now available and addresses the following:
AppleGraphicsControl Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved size validation. CVE-2019-8555: Zhiyi Zhang of 360 ESG Codesafe Team, Zhuo Liang and shrek_wzw of Qihoo 360 Nirvan Team
Bom Available for: macOS Mojave 10.14.3 Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved handling of file metadata. CVE-2019-6239: Ian Moorhouse and Michael Trimm
CFString Available for: macOS Mojave 10.14.3 Impact: Processing a maliciously crafted string may lead to a denial of service Description: A validation issue was addressed with improved logic. CVE-2019-8516: SWIPS Team of Frifee Inc.
configd Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8552: Mohamed Ghannam (@_simo36)
Contacts Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2019-8511: an anonymous researcher
CoreCrypto Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher
DiskArbitration Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: An encrypted volume may be unmounted and remounted by a different user without prompting for the password Description: A logic issue was addressed with improved state management. CVE-2019-8522: Colin Meginnis (@falc420)
FaceTime Available for: macOS Mojave 10.14.3 Impact: A user's video may not be paused in a FaceTime call if they exit the FaceTime app while the call is ringing Description: An issue existed in the pausing of FaceTime video. The issue was resolved with improved logic. CVE-2019-8550: Lauren Guzniczak of Keystone Academy
Feedback Assistant Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to gain root privileges Description: A race condition was addressed with additional validation. CVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs
Feedback Assistant Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to overwrite arbitrary files Description: This issue was addressed with improved checks. CVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs
file Available for: macOS Mojave 10.14.3 Impact: Processing a maliciously crafted file might disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-6237: an anonymous researcher
Graphics Drivers Available for: macOS Mojave 10.14.3 Impact: An application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8519: Aleksandr Tarasikov (@astarasikov), Juwei Lin (@panicaII) and Junzhi Lu of Trend Micro Research working with Trend Micro's Zero Day Initiative
iAP Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8542: an anonymous researcher
IOGraphics Available for: macOS Mojave 10.14.3 Impact: A Mac may not lock when disconnecting from an external monitor Description: A lock handling issue was addressed with improved lock handling. CVE-2019-8533: an anonymous researcher, James Eagan of Télécom ParisTech, R. Scott Kemp of MIT, Romke van Dijk of Z-CERT
IOHIDFamily Available for: macOS Mojave 10.14.3 Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A memory corruption issue was addressed with improved state management. CVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team
IOKit Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A local user may be able to read kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8504: an anonymous researcher
IOKit SCSI Available for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro
Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A buffer overflow was addressed with improved size validation. CVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)
Kernel Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3 Impact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2019-8508: Dr. Silvio Cesare of InfoSect
Kernel Available for: macOS Mojave 10.14.3 Impact: An application may be able to gain elevated privileges Description: A logic issue was addressed with improved state management. CVE-2019-8514: Samuel Groß of Google Project Zero
Kernel Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to determine kernel memory layout Description: A memory initialization issue was addressed with improved memory handling. CVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team
Kernel Available for: macOS Mojave 10.14.3 Impact: A local user may be able to read kernel memory Description: A memory corruption issue was addressed with improved memory handling. CVE-2019-7293: Ned Williamson of Google
Kernel Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to determine kernel memory layout Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. CVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan) CVE-2019-8510: Stefan Esser of Antid0te UG
Messages Available for: macOS Mojave 10.14.3 Impact: A local user may be able to view sensitive user information Description: An access issue was addressed with additional sandbox restrictions. CVE-2019-8546: ChiYuan Chang
Notes Available for: macOS Mojave 10.14.3 Impact: A local user may be able to view a user's locked notes Description: An access issue was addressed with improved memory management. CVE-2019-8537: Greg Walker (gregwalker.us)
PackageKit Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved validation. CVE-2019-8561: Jaron Bradley of Crowdstrike
Perl Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: Multiple issues in Perl Description: Multiple issues in Perl were addressed in this update. CVE-2018-12015: Jakub Wilk CVE-2018-18311: Jayakrishna Menon CVE-2018-18313: Eiichi Tsukata
Power Management Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: Multiple input validation issues existed in MIG generated code. These issues were addressed with improved validation. CVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure (ssd-disclosure.com)
QuartzCore Available for: macOS Mojave 10.14.3 Impact: Processing malicious data may lead to unexpected application termination Description: Multiple memory corruption issues were addressed with improved input validation. CVE-2019-8507: Kai Lu or Fortinet's FortiGuard Labs
Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: An application may be able to gain elevated privileges Description: A use after free issue was addressed with improved memory management. CVE-2019-8526: Linus Henze (pinauten.de)
Security Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to read restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8520: Antonio Groza, The UK's National Cyber Security Centre (NCSC)
Siri Available for: macOS Mojave 10.14.3 Impact: A malicious application may be able to initiate a Dictation request without user authorization Description: An API issue existed in the handling of dictation requests. This issue was addressed with improved validation. CVE-2019-8502: Luke Deshotels of North Carolina State University, Jordan Beichler of North Carolina State University, William Enck of North Carolina State University, Costin Carabaș of University POLITEHNICA of Bucharest, and Răzvan Deaconescu of University POLITEHNICA of Bucharest
Time Machine Available for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS Mojave 10.14.3 Impact: A local user may be able to execute arbitrary shell commands Description: This issue was addressed with improved checks. CVE-2019-8513: CodeColorist of Ant-Financial LightYear Labs
TrueTypeScaler Available for: macOS Mojave 10.14.3 Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero Day Initiative
XPC Available for: macOS Sierra 10.12.6, macOS Mojave 10.14.3 Impact: A malicious application may be able to overwrite arbitrary files Description: This issue was addressed with improved checks. CVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs
Additional recognition
Accounts We would like to acknowledge Milan Stute of Secure Mobile Networking Lab at Technische Universität Darmstadt for their assistance.
Books We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) for their assistance.
Kernel We would like to acknowledge Brandon Azad of Google Project Zero for their assistance.
Mail We would like to acknowledge Craig Young of Tripwire VERT and Hanno Böck for their assistance.
Time Machine We would like to acknowledge CodeColorist of Ant-Financial LightYear Labs for their assistance.
Installation note:
macOS Mojave 10.14.4, Security Update 2019-002 High Sierra, Security Update 2019-002 Sierra may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZWQgpHHByb2R1Y3Qt c2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3E4zA/9 FvnChJHCmmH34DmCi+LGXO/fatCVVvvSHDWm1+bPjl8CeYcF+zZYACkQKxFoNpDT vyiBJnNveCQEHeBvqSyRF8dfsTf4fr0MrFS1uIQVRPf2St6fZ27vDnC6fg269r0D Eqnz0raFUa3bLUirteRMJwAqdGaVKwsNzM13qP4QEdrB14XkwZA0yQBunltFYU33 iAesKeejDLdhwkjfhmmjTlVPZmnABx2ZCfj2v7TiPxTOjfYbXcN8sY2LDHEOWNaM ucrGBMfGH/ehStXAsIArwcLGOl6SI+6JywWVcm9lG6jUHSeSk9BPF6R4JzGrEHZB sSo87+U8b63KA2GkYecwh6xvE5EchQku/fj0d2zbOlg+T2bMbyc6Al2nefsYnX5p 7BuhdZxqq3m3Gme2qRY0eye6wch1BTHhK+zctrVH2XeMaUpeanopVRI8AD+hZJ1J +9oQX8kSa7hzJYPmohA4Wi/Rp9FpKpgXYNBn1A9DgSAvf+eyfWJX0aZXmQZfn/k7 OLz3EmSKvXv0i67L9g2XYeX7GFBMqf4xWeztKLUYFafu73t1mTxZJICcYeTxebS0 zBJdkOHwP9GxsSonblDgPScQPdW85l0fangn7qqiexCVp4JsCGBc0Wuy1lc+MyzS 1YmrDRhRl4aYOf4UGgtKI6ncvM77Y30ECPV3A6vl+wk= =QV0f -----END PGP SIGNATURE----- . ========================================================================== Ubuntu Security Notice USN-3834-1 December 03, 2018
perl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in Perl.
Software Description: - perl: Practical Extraction and Report Language
Details:
Jayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. (CVE-2018-18311)
Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18312)
Eiichi Tsukata discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. (CVE-2018-18313)
Jakub Wilk discovered that Perl incorrectly handled certain regular expressions. An attacker could use this issue to cause Perl to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18314)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 18.10: perl 5.26.2-7ubuntu0.1
Ubuntu 18.04 LTS: perl 5.26.1-6ubuntu0.3
Ubuntu 16.04 LTS: perl 5.22.1-9ubuntu0.6
Ubuntu 14.04 LTS: perl 5.18.2-2ubuntu1.7
In general, a standard system update will make all the necessary changes. This update provides the corresponding update for Ubuntu 12.04 ESM
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201812-0273",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.6"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.04"
},
{
"model": "e-series santricity os controller",
"scope": "lte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.40"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.5"
},
{
"model": "snapcenter",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "snapdrive",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.0"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "7.4"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "9.0"
},
{
"model": "e-series santricity os controller",
"scope": "gte",
"trust": 1.0,
"vendor": "netapp",
"version": "11.0"
},
{
"model": "perl",
"scope": "lt",
"trust": 1.0,
"vendor": "perl",
"version": "5.26.3"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.4"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "16.04"
},
{
"model": "enterprise linux",
"scope": "eq",
"trust": 1.0,
"vendor": "redhat",
"version": "6.0"
},
{
"model": "snap creator framework",
"scope": "eq",
"trust": 1.0,
"vendor": "netapp",
"version": null
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "18.10"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": null,
"trust": 0.8,
"vendor": "debian",
"version": null
},
{
"model": "perl",
"scope": "lt",
"trust": 0.8,
"vendor": "the perl",
"version": "5.26.3"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.6,
"vendor": "perl",
"version": "5.12.1"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.6,
"vendor": "perl",
"version": "5.12.2"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.6,
"vendor": "perl",
"version": "5.12.0"
},
{
"model": "software collections for rhel",
"scope": "eq",
"trust": 0.3,
"vendor": "redhat",
"version": "0"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.26"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.24"
},
{
"model": "perl",
"scope": "eq",
"trust": 0.3,
"vendor": "perl",
"version": "5.22"
},
{
"model": "perl",
"scope": "ne",
"trust": 0.3,
"vendor": "perl",
"version": "5.28.1"
},
{
"model": "perl",
"scope": "ne",
"trust": 0.3,
"vendor": "perl",
"version": "5.26.3"
}
],
"sources": [
{
"db": "BID",
"id": "106072"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012766"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-926"
},
{
"db": "NVD",
"id": "CVE-2018-18313"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "5.26.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "11.40",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.14.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18313"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple,Gentoo",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-926"
}
],
"trust": 0.6
},
"cve": "CVE-2018-18313",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 6.4,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2018-18313",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.9,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-128860",
"impactScore": 4.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.2,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.1,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2018-18313",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2018-18313",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201811-926",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-128860",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2018-18313",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128860"
},
{
"db": "VULMON",
"id": "CVE-2018-18313"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012766"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-926"
},
{
"db": "NVD",
"id": "CVE-2018-18313"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory. Perl Contains an out-of-bounds vulnerability.Information is obtained and service operation is interrupted (DoS) There is a possibility of being put into a state. Perl is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input. \nAttackers can exploit these issues to execute arbitrary code on the affected application. Failed attempts will likely cause a denial-of-service condition. \nPerl versions 5.22 through 5.26 are vulnerable. Perl is a free and powerful cross-platform programming language developed by American programmer Larry Wall. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Important: rh-perl524-perl security update\nAdvisory ID: RHSA-2019:0010-01\nProduct: Red Hat Software Collections\nAdvisory URL: https://access.redhat.com/errata/RHSA-2019:0010\nIssue date: 2019-01-02\nCVE Names: CVE-2018-18311 CVE-2018-18312 CVE-2018-18313\n CVE-2018-18314\n====================================================================\n1. Summary:\n\nAn update for rh-perl524-perl is now available for Red Hat Software\nCollections. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6) - noarch, x86_64\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\n\n3. Description:\n\nPerl is a high-level programming language that is commonly used for system\nadministration utilities and web programming. \n\nSecurity Fix(es):\n\n* perl: Integer overflow leading to buffer overflow in Perl_my_setenv()\n(CVE-2018-18311)\n\n* perl: Heap-based buffer overflow in S_handle_regex_sets()\n(CVE-2018-18312)\n\n* perl: Heap-based buffer overflow in S_regatom() (CVE-2018-18314)\n\n* perl: Heap-based buffer read overflow in S_grok_bslash_N()\n(CVE-2018-18313)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. \n\nRed Hat would like to thank the Perl project for reporting these issues. \nUpstream acknowledges Jayakrishna Menon as the original reporter of\nCVE-2018-18311; Eiichi Tsukata as the original reporter of CVE-2018-18312\nand CVE-2018-18313; and Jakub Wilk as the original reporter of\nCVE-2018-18314. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1646730 - CVE-2018-18311 perl: Integer overflow leading to buffer overflow in Perl_my_setenv()\n1646734 - CVE-2018-18312 perl: Heap-based buffer overflow in S_handle_regex_sets()\n1646738 - CVE-2018-18313 perl: Heap-based buffer read overflow in S_grok_bslash_N()\n1646751 - CVE-2018-18314 perl: Heap-based buffer overflow in S_regatom()\n\n6. Package List:\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 6):\n\nSource:\nrh-perl524-perl-5.24.0-381.el6.src.rpm\n\nnoarch:\nrh-perl524-perl-Locale-Maketext-Simple-0.21-381.el6.noarch.rpm\n\nx86_64:\nrh-perl524-perl-tests-5.24.0-381.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6):\n\nSource:\nrh-perl524-perl-5.24.0-381.el6.src.rpm\n\nnoarch:\nrh-perl524-perl-Locale-Maketext-Simple-0.21-381.el6.noarch.rpm\n\nx86_64:\nrh-perl524-perl-tests-5.24.0-381.el6.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server (v. 7):\n\nSource:\nrh-perl524-perl-5.24.0-381.el7.src.rpm\n\nnoarch:\nrh-perl524-perl-Locale-Maketext-Simple-0.21-381.el7.noarch.rpm\n\nx86_64:\nrh-perl524-perl-tests-5.24.0-381.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4):\n\nSource:\nrh-perl524-perl-5.24.0-381.el7.src.rpm\n\nnoarch:\nrh-perl524-perl-Locale-Maketext-Simple-0.21-381.el7.noarch.rpm\n\nx86_64:\nrh-perl524-perl-tests-5.24.0-381.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5):\n\nSource:\nrh-perl524-perl-5.24.0-381.el7.src.rpm\n\nnoarch:\nrh-perl524-perl-Locale-Maketext-Simple-0.21-381.el7.noarch.rpm\n\nx86_64:\nrh-perl524-perl-tests-5.24.0-381.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.6):\n\nSource:\nrh-perl524-perl-5.24.0-381.el7.src.rpm\n\nnoarch:\nrh-perl524-perl-Locale-Maketext-Simple-0.21-381.el7.noarch.rpm\n\nx86_64:\nrh-perl524-perl-tests-5.24.0-381.el7.x86_64.rpm\n\nRed Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nrh-perl524-perl-5.24.0-381.el7.src.rpm\n\nnoarch:\nrh-perl524-perl-Locale-Maketext-Simple-0.21-381.el7.noarch.rpm\n\nx86_64:\nrh-perl524-perl-tests-5.24.0-381.el7.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2018-18311\nhttps://access.redhat.com/security/cve/CVE-2018-18312\nhttps://access.redhat.com/security/cve/CVE-2018-18313\nhttps://access.redhat.com/security/cve/CVE-2018-18314\nhttps://access.redhat.com/security/updates/classification/#important\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBXCzjWdzjgjWX9erEAQgGbxAAjUats4SSpuFti8OldbpStTe7erlyVhih\nGh5YONFxhYXSTeCv064Qbm+3m6gxbHBuQtsydMtXYGuMhA6ire2vQkJGT4/IAE1y\n55aL3GLosOiqdu/yrydYnnSfxVBitY5dxN4sUBSeh54HOHzPx247zVMzMD2AwPQy\nDpdQ639qseh+Aq79z0ZOqofH9PHX3XDm2kypR7mhohxkORJ0rkoHAKgIfn5y7Y79\nw8vTRn+S6C4goJUCMOUYU4eSuFx2PV6abOTvodGfPO2PPwivkVDIqr2UxMEZV4nA\nwh13K9FteozKWQApxVIkR3ipg55SHC9xHd1vpsnZRnGrnG4bO0EOTcsQ/9N2FztR\nsoBINhCU0ycU9/Fal1Ul4COp6F2vpDsMveeMXcnmNX+f8H8UOtd8VoR5sJ6fhApC\nLb+20d2AWuClUtqBghcRMTlXxYOu7KWYGVbamfDeIOH6p/p4XA8iDUeUFB5B4v4s\neAnD0bqK1RRFpuOPO2Fi5F/LZ18olTA7TuTWDmBwj27nYxaLunZtctaLg6p/QgYS\nT5mPOFl6CGnafhZgy0iihwCCEjIcz34vPUe9kmK7ywBoJ3GIfNnGJmOs+FC7ntzQ\nL9YCjVEk5e8hTDGq6HohPF73gxAwdQVNYxzLoh7XmAvcBefL/eAK+YhDhCtc0ZUb\nul+etyPMblM=Fj2Q\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. \n\nThe following packages have been upgraded to a later upstream version:\nrh-perl526-perl (5.26.3), rh-perl526-perl-Module-CoreList (5.20181130). - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201909-01\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Perl: Multiple vulnerabilities\n Date: September 06, 2019\n Bugs: #653432, #670190\n ID: 201909-01\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Perl, the worst of which\ncould result in the arbitrary execution of code. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 dev-lang/perl \u003c 5.28.2 \u003e= 5.28.2\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Perl. Please review\nthe CVE identifiers referenced below for details. \n\nImpact\n======\n\nPlease review the referenced CVE identifiers for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Perl users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=dev-lang/perl-5.28.2\"\n\nReferences\n==========\n\n[ 1 ] CVE-2018-18311\n https://nvd.nist.gov/vuln/detail/CVE-2018-18311\n[ 2 ] CVE-2018-18312\n https://nvd.nist.gov/vuln/detail/CVE-2018-18312\n[ 3 ] CVE-2018-18313\n https://nvd.nist.gov/vuln/detail/CVE-2018-18313\n[ 4 ] CVE-2018-18314\n https://nvd.nist.gov/vuln/detail/CVE-2018-18314\n[ 5 ] CVE-2018-6797\n https://nvd.nist.gov/vuln/detail/CVE-2018-6797\n[ 6 ] CVE-2018-6798\n https://nvd.nist.gov/vuln/detail/CVE-2018-6798\n[ 7 ] CVE-2018-6913\n https://nvd.nist.gov/vuln/detail/CVE-2018-6913\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201909-01\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2019 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2019-3-25-2 macOS Mojave 10.14.4, Security Update\n2019-002 High Sierra, Security Update 2019-002 Sierra\n\nmacOS Mojave 10.14.4, Security Update 2019-002 High Sierra,\nSecurity Update 2019-002 Sierra are now available and\naddresses the following:\n\nAppleGraphicsControl\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2019-8555: Zhiyi Zhang of 360 ESG Codesafe Team, Zhuo Liang and\nshrek_wzw of Qihoo 360 Nirvan Team\n\nBom\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: This issue was addressed with improved handling of file\nmetadata. \nCVE-2019-6239: Ian Moorhouse and Michael Trimm\n\nCFString\nAvailable for: macOS Mojave 10.14.3\nImpact: Processing a maliciously crafted string may lead to a denial\nof service\nDescription: A validation issue was addressed with improved logic. \nCVE-2019-8516: SWIPS Team of Frifee Inc. \n\nconfigd\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2019-8552: Mohamed Ghannam (@_simo36)\n\nContacts\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2019-8511: an anonymous researcher\n\nCoreCrypto\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-8542: an anonymous researcher\n\nDiskArbitration\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: An encrypted volume may be unmounted and remounted by a\ndifferent user without prompting for the password\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2019-8522: Colin Meginnis (@falc420)\n\nFaceTime\nAvailable for: macOS Mojave 10.14.3\nImpact: A user\u0027s video may not be paused in a FaceTime call if they\nexit the FaceTime app while the call is ringing\nDescription: An issue existed in the pausing of FaceTime video. The\nissue was resolved with improved logic. \nCVE-2019-8550: Lauren Guzniczak of Keystone Academy\n\nFeedback Assistant\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to gain root privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2019-8565: CodeColorist of Ant-Financial LightYear Labs\n\nFeedback Assistant\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to overwrite arbitrary\nfiles\nDescription: This issue was addressed with improved checks. \nCVE-2019-8521: CodeColorist of Ant-Financial LightYear Labs\n\nfile\nAvailable for: macOS Mojave 10.14.3\nImpact: Processing a maliciously crafted file might disclose user\ninformation\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-6237: an anonymous researcher\n\nGraphics Drivers\nAvailable for: macOS Mojave 10.14.3\nImpact: An application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8519: Aleksandr Tarasikov (@astarasikov), Juwei Lin\n(@panicaII) and Junzhi Lu of Trend Micro Research working with Trend\nMicro\u0027s Zero Day Initiative\n\niAP\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-8542: an anonymous researcher\n\nIOGraphics\nAvailable for: macOS Mojave 10.14.3\nImpact: A Mac may not lock when disconnecting from an external\nmonitor\nDescription: A lock handling issue was addressed with improved lock\nhandling. \nCVE-2019-8533: an anonymous researcher, James Eagan of T\u00e9l\u00e9com\nParisTech, R. Scott Kemp of MIT, Romke van Dijk of Z-CERT\n\nIOHIDFamily\nAvailable for: macOS Mojave 10.14.3\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2019-8545: Adam Donenfeld (@doadam) of the Zimperium zLabs Team\n\nIOKit\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3\nImpact: A local user may be able to read kernel memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2019-8504: an anonymous researcher\n\nIOKit SCSI\nAvailable for: macOS High Sierra 10.13.6, macOS Mojave 10.14.3\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\ninput validation. \nCVE-2019-8529: Juwei Lin (@panicaII) of Trend Micro\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A remote attacker may be able to cause unexpected system\ntermination or corrupt kernel memory\nDescription: A buffer overflow was addressed with improved size\nvalidation. \nCVE-2019-8527: Ned Williamson of Google and derrek (@derrekr6)\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.3\nImpact: Mounting a maliciously crafted NFS network share may lead to\narbitrary code execution with system privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2019-8508: Dr. Silvio Cesare of InfoSect\n\nKernel\nAvailable for: macOS Mojave 10.14.3\nImpact: An application may be able to gain elevated privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2019-8514: Samuel Gro\u00df of Google Project Zero\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.3\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2019-8540: Weibo Wang (@ma1fan) of Qihoo 360 Nirvan Team\n\nKernel\nAvailable for: macOS Mojave 10.14.3\nImpact: A local user may be able to read kernel memory\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2019-7293: Ned Williamson of Google\n\nKernel\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to determine kernel\nmemory layout\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. This was addressed with improved input\nvalidation. \nCVE-2019-6207: Weibo Wang of Qihoo 360 Nirvan Team (@ma1fan)\nCVE-2019-8510: Stefan Esser of Antid0te UG\n\nMessages\nAvailable for: macOS Mojave 10.14.3\nImpact: A local user may be able to view sensitive user information\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2019-8546: ChiYuan Chang\n\nNotes\nAvailable for: macOS Mojave 10.14.3\nImpact: A local user may be able to view a user\u0027s locked notes\nDescription: An access issue was addressed with improved memory\nmanagement. \nCVE-2019-8537: Greg Walker (gregwalker.us)\n\nPackageKit\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to elevate privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2019-8561: Jaron Bradley of Crowdstrike\n\nPerl\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: Multiple issues in Perl\nDescription: Multiple issues in Perl were addressed in this update. \nCVE-2018-12015: Jakub Wilk\nCVE-2018-18311: Jayakrishna Menon\nCVE-2018-18313: Eiichi Tsukata\n\nPower Management\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to execute arbitrary code\nwith system privileges\nDescription: Multiple input validation issues existed in MIG\ngenerated code. These issues were addressed with improved validation. \nCVE-2019-8549: Mohamed Ghannam (@_simo36) of SSD Secure Disclosure\n(ssd-disclosure.com)\n\nQuartzCore\nAvailable for: macOS Mojave 10.14.3\nImpact: Processing malicious data may lead to unexpected application\ntermination\nDescription: Multiple memory corruption issues were addressed with\nimproved input validation. \nCVE-2019-8507: Kai Lu or Fortinet\u0027s FortiGuard Labs\n\nSecurity\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: An application may be able to gain elevated privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2019-8526: Linus Henze (pinauten.de)\n\nSecurity\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A malicious application may be able to read restricted memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8520: Antonio Groza, The UK\u0027s National Cyber Security Centre\n(NCSC)\n\nSiri\nAvailable for: macOS Mojave 10.14.3\nImpact: A malicious application may be able to initiate a Dictation\nrequest without user authorization\nDescription: An API issue existed in the handling of dictation\nrequests. This issue was addressed with improved validation. \nCVE-2019-8502: Luke Deshotels of North Carolina State University,\nJordan Beichler of North Carolina State University, William Enck of\nNorth Carolina State University, Costin Caraba\u0219 of University\nPOLITEHNICA of Bucharest, and R\u0103zvan Deaconescu of University\nPOLITEHNICA of Bucharest\n\nTime Machine\nAvailable for: macOS Sierra 10.12.6, macOS High Sierra 10.13.6, macOS\nMojave 10.14.3\nImpact: A local user may be able to execute arbitrary shell commands\nDescription: This issue was addressed with improved checks. \nCVE-2019-8513: CodeColorist of Ant-Financial LightYear Labs\n\nTrueTypeScaler\nAvailable for: macOS Mojave 10.14.3\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2019-8517: riusksk of VulWar Corp working with Trend Micro Zero\nDay Initiative\n\nXPC\nAvailable for: macOS Sierra 10.12.6, macOS Mojave 10.14.3\nImpact: A malicious application may be able to overwrite arbitrary\nfiles\nDescription: This issue was addressed with improved checks. \nCVE-2019-8530: CodeColorist of Ant-Financial LightYear Labs\n\nAdditional recognition\n\nAccounts\nWe would like to acknowledge Milan Stute of Secure Mobile Networking\nLab at Technische Universit\u00e4t Darmstadt for their assistance. \n\nBooks\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) for\ntheir assistance. \n\nKernel\nWe would like to acknowledge Brandon Azad of Google Project Zero for\ntheir assistance. \n\nMail\nWe would like to acknowledge Craig Young of Tripwire VERT and Hanno\nB\u00f6ck for their assistance. \n\nTime Machine\nWe would like to acknowledge CodeColorist of Ant-Financial LightYear\nLabs for their assistance. \n\nInstallation note:\n\nmacOS Mojave 10.14.4, Security Update 2019-002 High Sierra,\nSecurity Update 2019-002 Sierra may be obtained from the\nMac App Store or Apple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQJdBAEBCABHFiEEDNXJVNCJJEAVmJdZeC9tht7TK3EFAlyZWQgpHHByb2R1Y3Qt\nc2VjdXJpdHktbm9yZXBseUBsaXN0cy5hcHBsZS5jb20ACgkQeC9tht7TK3E4zA/9\nFvnChJHCmmH34DmCi+LGXO/fatCVVvvSHDWm1+bPjl8CeYcF+zZYACkQKxFoNpDT\nvyiBJnNveCQEHeBvqSyRF8dfsTf4fr0MrFS1uIQVRPf2St6fZ27vDnC6fg269r0D\nEqnz0raFUa3bLUirteRMJwAqdGaVKwsNzM13qP4QEdrB14XkwZA0yQBunltFYU33\niAesKeejDLdhwkjfhmmjTlVPZmnABx2ZCfj2v7TiPxTOjfYbXcN8sY2LDHEOWNaM\nucrGBMfGH/ehStXAsIArwcLGOl6SI+6JywWVcm9lG6jUHSeSk9BPF6R4JzGrEHZB\nsSo87+U8b63KA2GkYecwh6xvE5EchQku/fj0d2zbOlg+T2bMbyc6Al2nefsYnX5p\n7BuhdZxqq3m3Gme2qRY0eye6wch1BTHhK+zctrVH2XeMaUpeanopVRI8AD+hZJ1J\n+9oQX8kSa7hzJYPmohA4Wi/Rp9FpKpgXYNBn1A9DgSAvf+eyfWJX0aZXmQZfn/k7\nOLz3EmSKvXv0i67L9g2XYeX7GFBMqf4xWeztKLUYFafu73t1mTxZJICcYeTxebS0\nzBJdkOHwP9GxsSonblDgPScQPdW85l0fangn7qqiexCVp4JsCGBc0Wuy1lc+MyzS\n1YmrDRhRl4aYOf4UGgtKI6ncvM77Y30ECPV3A6vl+wk=\n=QV0f\n-----END PGP SIGNATURE-----\n. ==========================================================================\nUbuntu Security Notice USN-3834-1\nDecember 03, 2018\n\nperl vulnerabilities\n==========================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 18.10\n- Ubuntu 18.04 LTS\n- Ubuntu 16.04 LTS\n- Ubuntu 14.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Perl. \n\nSoftware Description:\n- perl: Practical Extraction and Report Language\n\nDetails:\n\nJayakrishna Menon discovered that Perl incorrectly handled Perl_my_setenv. (CVE-2018-18311)\n\nEiichi Tsukata discovered that Perl incorrectly handled certain regular\nexpressions. This\nissue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. \n(CVE-2018-18312)\n\nEiichi Tsukata discovered that Perl incorrectly handled certain regular\nexpressions. An attacker could use this issue to cause Perl to crash,\nresulting in a denial of service. (CVE-2018-18313)\n\nJakub Wilk discovered that Perl incorrectly handled certain regular\nexpressions. An attacker could use this issue to cause Perl to crash,\nresulting in a denial of service. This issue only affected Ubuntu 16.04\nLTS, Ubuntu 18.04 LTS, and Ubuntu 18.10. (CVE-2018-18314)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 18.10:\n perl 5.26.2-7ubuntu0.1\n\nUbuntu 18.04 LTS:\n perl 5.26.1-6ubuntu0.3\n\nUbuntu 16.04 LTS:\n perl 5.22.1-9ubuntu0.6\n\nUbuntu 14.04 LTS:\n perl 5.18.2-2ubuntu1.7\n\nIn general, a standard system update will make all the necessary changes. This update provides\nthe corresponding update for Ubuntu 12.04 ESM",
"sources": [
{
"db": "NVD",
"id": "CVE-2018-18313"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012766"
},
{
"db": "BID",
"id": "106072"
},
{
"db": "VULHUB",
"id": "VHN-128860"
},
{
"db": "VULMON",
"id": "CVE-2018-18313"
},
{
"db": "PACKETSTORM",
"id": "151001"
},
{
"db": "PACKETSTORM",
"id": "151000"
},
{
"db": "PACKETSTORM",
"id": "154385"
},
{
"db": "PACKETSTORM",
"id": "152222"
},
{
"db": "PACKETSTORM",
"id": "150564"
},
{
"db": "PACKETSTORM",
"id": "150565"
}
],
"trust": 2.61
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2018-18313",
"trust": 3.5
},
{
"db": "SECTRACK",
"id": "1042181",
"trust": 1.8
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012766",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201811-926",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "154385",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "152222",
"trust": 0.7
},
{
"db": "AUSCERT",
"id": "ESB-2019.0990",
"trust": 0.6
},
{
"db": "BID",
"id": "106072",
"trust": 0.3
},
{
"db": "VULHUB",
"id": "VHN-128860",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2018-18313",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "151001",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "151000",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150564",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "150565",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128860"
},
{
"db": "VULMON",
"id": "CVE-2018-18313"
},
{
"db": "BID",
"id": "106072"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012766"
},
{
"db": "PACKETSTORM",
"id": "151001"
},
{
"db": "PACKETSTORM",
"id": "151000"
},
{
"db": "PACKETSTORM",
"id": "154385"
},
{
"db": "PACKETSTORM",
"id": "152222"
},
{
"db": "PACKETSTORM",
"id": "150564"
},
{
"db": "PACKETSTORM",
"id": "150565"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-926"
},
{
"db": "NVD",
"id": "CVE-2018-18313"
}
]
},
"id": "VAR-201812-0273",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-128860"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:09:48.925000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "DSA-4347",
"trust": 0.8,
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"title": "regcomp.c: Convert some strchr to memchr",
"trust": 0.8,
"url": "https://github.com/perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62"
},
{
"title": "USN-3834-1",
"trust": 0.8,
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"title": "USN-3834-2",
"trust": 0.8,
"url": "https://usn.ubuntu.com/3834-2/"
},
{
"title": "Perl Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=87327"
},
{
"title": "Red Hat: Important: rh-perl526-perl security and enhancement update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20190001 - security advisory"
},
{
"title": "Red Hat: Important: rh-perl524-perl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20190010 - security advisory"
},
{
"title": "Ubuntu Security Notice: perl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3834-2"
},
{
"title": "Red Hat: CVE-2018-18313",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=cve-2018-18313"
},
{
"title": "Ubuntu Security Notice: perl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=usn-3834-1"
},
{
"title": "Debian Security Advisories: DSA-4347-1 perl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=9d703224274c60e23b97462e56895757"
},
{
"title": "IBM: IBM Security Bulletin: IBM MQ Cloud Paks are vulnerable to multiple vulnerabilities in Perl (CVE-2018-18312 CVE-2018-18313 CVE-2018-18314 CVE-2018-18311)",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=48c2d25ee84d3c5c67f054df5e25d685"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - April 2019",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=4ee609eeae78bbbd0d0c827f33a7f87f"
},
{
"title": "IBM: IBM Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal\u2019s dependencies \u2013 Cumulative list from June 28, 2018 to December 13, 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=43da2cd72c1e378d8d94ecec029fcc61"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/d5n9smatrix/perltoc "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2018-18313"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012766"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-926"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128860"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012766"
},
{
"db": "NVD",
"id": "CVE-2018-18313"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.9,
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1646738"
},
{
"trust": 2.1,
"url": "https://github.com/perl/perl5/commit/43b2f4ef399e2fd7240b4eeb0658686ad95f8e62"
},
{
"trust": 2.0,
"url": "https://access.redhat.com/errata/rhsa-2019:0001"
},
{
"trust": 1.9,
"url": "https://security.gentoo.org/glsa/201909-01"
},
{
"trust": 1.9,
"url": "https://access.redhat.com/errata/rhsa-2019:0010"
},
{
"trust": 1.9,
"url": "https://usn.ubuntu.com/3834-2/"
},
{
"trust": 1.8,
"url": "https://seclists.org/bugtraq/2019/mar/42"
},
{
"trust": 1.8,
"url": "https://metacpan.org/changes/release/shay/perl-5.26.3"
},
{
"trust": 1.8,
"url": "https://rt.perl.org/ticket/display.html?id=133192"
},
{
"trust": 1.8,
"url": "https://security.netapp.com/advisory/ntap-20190221-0003/"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht209600"
},
{
"trust": 1.8,
"url": "https://www.debian.org/security/2018/dsa-4347"
},
{
"trust": 1.8,
"url": "http://seclists.org/fulldisclosure/2019/mar/49"
},
{
"trust": 1.8,
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"trust": 1.8,
"url": "http://www.securitytracker.com/id/1042181"
},
{
"trust": 1.8,
"url": "https://usn.ubuntu.com/3834-1/"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18313"
},
{
"trust": 1.1,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/rwqgeb543qn7ssbrkyjm6psoc3rlygsm/"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-18313"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/rwqgeb543qn7ssbrkyjm6psoc3rlygsm/"
},
{
"trust": 0.6,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18311"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-au/ht209600"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/77806"
},
{
"trust": 0.6,
"url": "https://support.apple.com/en-us/ht209600"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/152222/apple-security-advisory-2019-3-25-2.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/154385/gentoo-linux-security-advisory-201909-01.html"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/cve/cve-2018-18313"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18312"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-18314"
},
{
"trust": 0.3,
"url": "www.perl.org"
},
{
"trust": 0.2,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-18311"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-18312"
},
{
"trust": 0.2,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2018-18314"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.2,
"url": "https://usn.ubuntu.com/usn/usn-3834-1"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/125.html"
},
{
"trust": 0.1,
"url": "https://tools.cisco.com/security/center/viewalert.x?alertid=59234"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6913"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6797"
},
{
"trust": 0.1,
"url": "https://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-6798"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8514"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8511"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8519"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8502"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8516"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6239"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8522"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6237"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8540"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8526"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8527"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2018-12015"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8533"
},
{
"trust": 0.1,
"url": "https://support.apple.com/downloads/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8520"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8517"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8521"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-6207"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8504"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-7293"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8510"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8508"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8530"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8513"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8529"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8537"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-8507"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/perl/5.26.1-6ubuntu0.3"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/perl/5.22.1-9ubuntu0.6"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/perl/5.18.2-2ubuntu1.7"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/perl/5.26.2-7ubuntu0.1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/usn/usn-3834-2"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-128860"
},
{
"db": "VULMON",
"id": "CVE-2018-18313"
},
{
"db": "BID",
"id": "106072"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012766"
},
{
"db": "PACKETSTORM",
"id": "151001"
},
{
"db": "PACKETSTORM",
"id": "151000"
},
{
"db": "PACKETSTORM",
"id": "154385"
},
{
"db": "PACKETSTORM",
"id": "152222"
},
{
"db": "PACKETSTORM",
"id": "150564"
},
{
"db": "PACKETSTORM",
"id": "150565"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-926"
},
{
"db": "NVD",
"id": "CVE-2018-18313"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-128860"
},
{
"db": "VULMON",
"id": "CVE-2018-18313"
},
{
"db": "BID",
"id": "106072"
},
{
"db": "JVNDB",
"id": "JVNDB-2018-012766"
},
{
"db": "PACKETSTORM",
"id": "151001"
},
{
"db": "PACKETSTORM",
"id": "151000"
},
{
"db": "PACKETSTORM",
"id": "154385"
},
{
"db": "PACKETSTORM",
"id": "152222"
},
{
"db": "PACKETSTORM",
"id": "150564"
},
{
"db": "PACKETSTORM",
"id": "150565"
},
{
"db": "CNNVD",
"id": "CNNVD-201811-926"
},
{
"db": "NVD",
"id": "CVE-2018-18313"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-12-07T00:00:00",
"db": "VULHUB",
"id": "VHN-128860"
},
{
"date": "2018-12-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-18313"
},
{
"date": "2018-11-05T00:00:00",
"db": "BID",
"id": "106072"
},
{
"date": "2019-02-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012766"
},
{
"date": "2019-01-03T02:57:52",
"db": "PACKETSTORM",
"id": "151001"
},
{
"date": "2019-01-03T02:57:21",
"db": "PACKETSTORM",
"id": "151000"
},
{
"date": "2019-09-06T22:21:33",
"db": "PACKETSTORM",
"id": "154385"
},
{
"date": "2019-03-26T14:40:53",
"db": "PACKETSTORM",
"id": "152222"
},
{
"date": "2018-12-03T21:10:16",
"db": "PACKETSTORM",
"id": "150564"
},
{
"date": "2018-12-03T21:10:24",
"db": "PACKETSTORM",
"id": "150565"
},
{
"date": "2018-11-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-926"
},
{
"date": "2018-12-07T21:29:00.717000",
"db": "NVD",
"id": "CVE-2018-18313"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-07-15T00:00:00",
"db": "VULHUB",
"id": "VHN-128860"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2018-18313"
},
{
"date": "2018-11-05T00:00:00",
"db": "BID",
"id": "106072"
},
{
"date": "2019-02-07T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2018-012766"
},
{
"date": "2021-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201811-926"
},
{
"date": "2023-11-07T02:55:02.317000",
"db": "NVD",
"id": "CVE-2018-18313"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-926"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Perl Vulnerable to out-of-bounds reading",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2018-012766"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201811-926"
}
],
"trust": 0.6
}
}
var-202006-1838
Vulnerability from variot
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. An attacker could exploit this vulnerability to cause a denial of service. 8) - aarch64, noarch, ppc64le, s390x, x86_64
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section. Description:
Red Hat Advanced Cluster Management for Kubernetes 2.2.4 images
Red Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console—with security policy built in. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:
https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana gement_for_kubernetes/2.2/html/release_notes/
Security fixes:
-
redisgraph-tls: redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms (CVE-2021-21309)
-
console-header-container: nodejs-netmask: improper input validation of octal input data (CVE-2021-28092)
-
console-container: nodejs-is-svg: ReDoS via malicious string (CVE-2021-28918)
Bug fixes:
-
RHACM 2.2.4 images (BZ# 1957254)
-
Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 (BZ#1950832)
-
ACM Operator should support using the default route TLS (BZ# 1955270)
-
The scrolling bar for search filter does not work properly (BZ# 1956852)
-
Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)
-
The proxy setup in install-config.yaml is not worked when IPI installing with RHACM (BZ# 1960181)
-
Unable to make SSH connection to a Bitbucket server (BZ# 1966513)
-
Observability Thanos store shard crashing - cannot unmarshall DNS message (BZ# 1967890)
-
Solution:
Before applying this update, make sure all previously released errata relevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):
1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms 1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string 1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data 1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7 1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory 1954506 - [DDF] Table does not contain data about 20 clusters. Now it's difficult to estimate CPU usage with larger clusters 1954535 - Reinstall Submariner - No endpoints found on one cluster 1955270 - ACM Operator should support using the default route TLS 1956852 - The scrolling bar for search filter does not work properly 1957254 - RHACM 2.2.4 images 1959426 - Limits on Length of MultiClusterObservability Resource Name 1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. 1963128 - [DDF] Please rename this to "Amazon Elastic Kubernetes Service" 1966513 - Unable to make SSH connection to a Bitbucket server 1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. 1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message
- Description:
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
This advisory contains the container images for Red Hat OpenShift Container Platform 4.7.13. See the following advisory for the RPM packages for this release:
https://access.redhat.com/errata/RHSA-2021:2122
Space precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
This update fixes the following bug among others:
- Previously, resources for the ClusterOperator were being created early in the update process, which led to update failures when the ClusterOperator had no status condition while Operators were updating. This bug fix changes the timing of when these resources are created. As a result, updates can take place without errors. (BZ#1959238)
Security Fix(es):
- gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
You may download the oc tool and use it to inspect release image metadata as follows:
(For x86_64 architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-x86_64
The image digest is sha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4
(For s390x architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-s390x
The image digest is sha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd
(For ppc64le architecture)
$ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le
The image digest is sha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36
All OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -between-minor.html#understanding-upgrade-channels_updating-cluster-between - -minor
- Solution:
For OpenShift Container Platform 4.7 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this asynchronous errata update:
https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel ease-notes.html
Details on how to access this content are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster - -cli.html
- Bugs fixed (https://bugzilla.redhat.com/):
1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923268 - [Assisted-4.7] [Staging] Using two both spelling "canceled" "cancelled" 1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go 1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list 1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits 1959238 - CVO creating cloud-controller-manager too early causing upgrade failures 1960103 - SR-IOV obliviously reboot the node 1961941 - Local Storage Operator using LocalVolume CR fails to create PV's when backend storage failure is simulated 1962302 - packageserver clusteroperator does not set reason or message for Available condition 1962312 - Deployment considered unhealthy despite being available and at latest generation 1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone 1963115 - Test verify /run filesystem contents failing
- ========================================================================= Ubuntu Security Notice USN-4602-2 October 27, 2020
perl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
Several security issues were fixed in Perl.
Software Description: - perl: Practical Extraction and Report Language
Details:
USN-4602-1 fixed several vulnerabilities in Perl. This update provides the corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM.
Original advisory details:
ManhND discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10543)
Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-10878)
Sergey Aleynikov discovered that Perl incorrectly handled certain regular expressions. In environments where untrusted regular expressions are evaluated, a remote attacker could possibly use this issue to cause Perl to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2020-12723)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 14.04 ESM: perl 5.18.2-2ubuntu1.7+esm3
Ubuntu 12.04 ESM: perl 5.14.2-6ubuntu2.11
In general, a standard system update will make all the necessary changes. Description:
Security Fix(es):
- Addressed a security issue which can allow a malicious playbook author to elevate to the awx user from outside the isolated environment: CVE-2021-20253
- Upgraded to a more recent version of Django to address CVE-2021-3281.
- Upgraded to a more recent version of autobahn to address CVE-2020-35678.
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- Upgraded to the latest oVirt inventory plugin to resolve a number of inventory syncing issues that can occur on RHEL7.
- Upgraded to the latest theforeman.foreman inventory plugin to resolve a few bugs and performance regressions.
- Fixed several issues related to how Tower rotates its log files.
- Fixed a bug which can prevent Tower from installing on RHEL8 with certain non-en_US.UTF-8 locales.
- Fixed a bug which can cause unanticipated delays in certain playbook output.
- Fixed a bug which can cause job runs to fail for playbooks that print certain types of raw binary data.
- Fixed a bug which can cause unnecessary records in the Activity Stream when Automation Analytics data is collected.
- Fixed a bug which can cause Tower PostgreSQL backups to fail when a non-default PostgreSQL username is specified.
- Fixed a bug which can intermittently cause access to encrypted Tower settings to fail, resulting in failed job launches.
- Fixed a bug which can cause certain long-running jobs running on isolated nodes to unexpectedly fail. Solution:
For information on upgrading Ansible Tower, reference the Ansible Tower Upgrade and Migration Guide: https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/ index.html
- Bugs fixed (https://bugzilla.redhat.com/):
1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection 1919969 - CVE-2021-3281 django: Potential directory-traversal via archive.extract() 1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape
-
7.4) - noarch, x86_64
-
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: perl security update Advisory ID: RHSA-2021:0343-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:0343 Issue date: 2021-02-02 CVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723 ==================================================================== 1. Summary:
An update for perl is now available for Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
- Relevant releases/architectures:
Red Hat Enterprise Linux Client (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64
- Description:
Perl is a high-level programming language that is commonly used for system administration utilities and web programming.
Security Fix(es):
-
perl: heap-based buffer overflow in regular expression compiler leads to DoS (CVE-2020-10543)
-
perl: corruption of intermediate language state of compiled regular expression due to integer overflow leads to DoS (CVE-2020-10878)
-
perl: corruption of intermediate language state of compiled regular expression due to recursive S_study_chunk() calls leads to DoS (CVE-2020-12723)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
- Solution:
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
- Package List:
Red Hat Enterprise Linux Client (v. 7):
Source: perl-5.16.3-299.el7_9.src.rpm
noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm
x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux Client Optional (v. 7):
x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode (v. 7):
Source: perl-5.16.3-299.el7_9.src.rpm
noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm
x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional (v. 7):
x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server (v. 7):
Source: perl-5.16.3-299.el7_9.src.rpm
noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm
ppc64: perl-5.16.3-299.el7_9.ppc64.rpm perl-Time-Piece-1.20.1-299.el7_9.ppc64.rpm perl-core-5.16.3-299.el7_9.ppc64.rpm perl-debuginfo-5.16.3-299.el7_9.ppc.rpm perl-debuginfo-5.16.3-299.el7_9.ppc64.rpm perl-devel-5.16.3-299.el7_9.ppc.rpm perl-devel-5.16.3-299.el7_9.ppc64.rpm perl-libs-5.16.3-299.el7_9.ppc.rpm perl-libs-5.16.3-299.el7_9.ppc64.rpm perl-macros-5.16.3-299.el7_9.ppc64.rpm
ppc64le: perl-5.16.3-299.el7_9.ppc64le.rpm perl-Time-Piece-1.20.1-299.el7_9.ppc64le.rpm perl-core-5.16.3-299.el7_9.ppc64le.rpm perl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm perl-devel-5.16.3-299.el7_9.ppc64le.rpm perl-libs-5.16.3-299.el7_9.ppc64le.rpm perl-macros-5.16.3-299.el7_9.ppc64le.rpm
s390x: perl-5.16.3-299.el7_9.s390x.rpm perl-Time-Piece-1.20.1-299.el7_9.s390x.rpm perl-core-5.16.3-299.el7_9.s390x.rpm perl-debuginfo-5.16.3-299.el7_9.s390.rpm perl-debuginfo-5.16.3-299.el7_9.s390x.rpm perl-devel-5.16.3-299.el7_9.s390.rpm perl-devel-5.16.3-299.el7_9.s390x.rpm perl-libs-5.16.3-299.el7_9.s390.rpm perl-libs-5.16.3-299.el7_9.s390x.rpm perl-macros-5.16.3-299.el7_9.s390x.rpm
x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux Server Optional (v. 7):
ppc64: perl-debuginfo-5.16.3-299.el7_9.ppc64.rpm perl-tests-5.16.3-299.el7_9.ppc64.rpm
ppc64le: perl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm perl-tests-5.16.3-299.el7_9.ppc64le.rpm
s390x: perl-debuginfo-5.16.3-299.el7_9.s390x.rpm perl-tests-5.16.3-299.el7_9.s390x.rpm
x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation (v. 7):
Source: perl-5.16.3-299.el7_9.src.rpm
noarch: perl-CPAN-1.9800-299.el7_9.noarch.rpm perl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm perl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm perl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm perl-IO-Zlib-1.10-299.el7_9.noarch.rpm perl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm perl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm perl-Module-Loaded-0.08-299.el7_9.noarch.rpm perl-Object-Accessor-0.42-299.el7_9.noarch.rpm perl-Package-Constants-0.02-299.el7_9.noarch.rpm perl-Pod-Escapes-1.04-299.el7_9.noarch.rpm
x86_64: perl-5.16.3-299.el7_9.x86_64.rpm perl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm perl-core-5.16.3-299.el7_9.x86_64.rpm perl-debuginfo-5.16.3-299.el7_9.i686.rpm perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-devel-5.16.3-299.el7_9.i686.rpm perl-devel-5.16.3-299.el7_9.x86_64.rpm perl-libs-5.16.3-299.el7_9.i686.rpm perl-libs-5.16.3-299.el7_9.x86_64.rpm perl-macros-5.16.3-299.el7_9.x86_64.rpm
Red Hat Enterprise Linux Workstation Optional (v. 7):
x86_64: perl-debuginfo-5.16.3-299.el7_9.x86_64.rpm perl-tests-5.16.3-299.el7_9.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/
- References:
https://access.redhat.com/security/cve/CVE-2020-10543 https://access.redhat.com/security/cve/CVE-2020-10878 https://access.redhat.com/security/cve/CVE-2020-12723 https://access.redhat.com/security/updates/classification/#moderate
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIVAwUBYBlBRdzjgjWX9erEAQgfWQ/+Pzq//upZZVPBq5+myRLRJCef7277Y+9k 54oh8wOTwtwEMs9ye5Y1FDmAxVd4fWX3JgAss1KE86Hhm5OoCX/FJ0/RGguMR1l2 qwmWtfGuZjrn1SmjdHlf8B/bC0f20IadUUbY/8clpFiMxe5V1g8s9ZgbHv/MBWnm Awac/6LPc7Eb24OnIuTKLYEcQRxuBG1KdikM1NN1uJU5WHkbhZfKWFMnjKihsPGp 42vnomd0P7RdXNc4FbuNlkm2iw04woJyz1AYPdScswWJqawQSbre6+3wpnHlWs4K RerhKZiJLJsC0XmSpma62I4kYbVlniYPcbrF4Zfo1j1vIIvjmOL26B/3JsUVtwfm AKVuAu8DbNIkdSo2CS2gauLWsykukprPx16X8n8Xlb9Kr9iL/r2/sI/jUGce+50S aoe2Hb40VIX6sHPLiEmWP0ufuoDxJZ2mY9mhqAMGt/xCPrZ/Pst0y4hewJVo2AIf /LG758/KJWYBx2ILfBwA07O829irVDnbw5blT47fS3qiqAzXRTp56xkCCnLQ0BGQ Ip3DFIwNVxznKYOgubXJBGl3xYHI+P/bu8tcCAYMaN4hAHdFrqJbPMNLLGf37L73 N83csDc07k/WsKua5atl3suUuYRWxSq6CnV9KNU4aUaKEmu+de+D2k34vn2+le0S HB63T1smQXA=Oj1P -----END PGP SIGNATURE-----
-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202006-1838",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.2.0"
},
{
"model": "configuration manager",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.1.2.0.8"
},
{
"model": "communications performance intelligence center",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.0.0.0"
},
{
"model": "communications eagle application processor",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.1.0"
},
{
"model": "leap",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "15.1"
},
{
"model": "communications diameter signaling router",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.0.0"
},
{
"model": "perl",
"scope": "lt",
"trust": 1.0,
"vendor": "perl",
"version": "5.30.3"
},
{
"model": "communications performance intelligence center",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.3.0.2.1"
},
{
"model": "tekelec platform distribution",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.7.1"
},
{
"model": "communications performance intelligence center",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.0.1.0"
},
{
"model": "tekelec platform distribution",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "7.4.0"
},
{
"model": "communications lsms",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4"
},
{
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "46.7"
},
{
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.1"
},
{
"model": "communications eagle application processor",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "16.4.0"
},
{
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.1"
},
{
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "46.8"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.0,
"vendor": "fedoraproject",
"version": "31"
},
{
"model": "communications performance intelligence center",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "10.4.0.3.1"
},
{
"model": "communications lsms",
"scope": "gte",
"trust": 1.0,
"vendor": "oracle",
"version": "13.1"
},
{
"model": "communications billing and revenue management",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "10.2"
},
{
"model": "communications pricing design center",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "communications offline mediation controller",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "12.0.0.3.0"
},
{
"model": "communications diameter signaling router",
"scope": "lte",
"trust": 1.0,
"vendor": "oracle",
"version": "8.5.0"
},
{
"model": "communications eagle lnp application processor",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "46.9"
},
{
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "9.0"
},
{
"model": "enterprise manager base platform",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "13.4.0.0"
},
{
"model": "sd-wan edge",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "8.2"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10543"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:x86:*",
"cpe_name": [],
"versionEndExcluding": "5.30.3",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "8.5.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.7.1",
"versionStartIncluding": "7.4.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.4",
"versionStartIncluding": "13.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "16.4.0",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.4.0.3.1",
"versionStartIncluding": "10.4.0.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "10.3.0.2.1",
"versionStartIncluding": "10.3.0.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10543"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Red Hat",
"sources": [
{
"db": "PACKETSTORM",
"id": "162650"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "161728"
},
{
"db": "PACKETSTORM",
"id": "162245"
},
{
"db": "PACKETSTORM",
"id": "161255"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-145"
}
],
"trust": 1.2
},
"cve": "CVE-2020-10543",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "VHN-163032",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:N/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULMON",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"exploitabilityScore": 10.0,
"id": "CVE-2020-10543",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "MEDIUM",
"trust": 0.1,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2020-10543",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202006-145",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-163032",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2020-10543",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163032"
},
{
"db": "VULMON",
"id": "CVE-2020-10543"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-145"
},
{
"db": "NVD",
"id": "CVE-2020-10543"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. An attacker could exploit this vulnerability to cause a denial of service. 8) - aarch64, noarch, ppc64le, s390x, x86_64\n\n3. \n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat\nEnterprise Linux 8.4 Release Notes linked from the References section. Description:\n\nRed Hat Advanced Cluster Management for Kubernetes 2.2.4 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability\nengineers face as they work across a range of public and private cloud\nenvironments. \nClusters and applications are all visible and managed from a single\nconsole\u2014with security policy built in. See\nthe following Release Notes documentation, which will be updated shortly\nfor\nthis release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana\ngement_for_kubernetes/2.2/html/release_notes/\n\nSecurity fixes:\n\n* redisgraph-tls: redis: integer overflow when configurable limit for\nmaximum supported bulk input size is too big on 32-bit platforms\n(CVE-2021-21309)\n\n* console-header-container: nodejs-netmask: improper input validation of\noctal input data (CVE-2021-28092)\n\n* console-container: nodejs-is-svg: ReDoS via malicious string\n(CVE-2021-28918)\n\nBug fixes: \n\n* RHACM 2.2.4 images (BZ# 1957254)\n\n* Enabling observability for OpenShift Container Storage with RHACM 2.2 on\nOCP 4.7 (BZ#1950832)\n\n* ACM Operator should support using the default route TLS (BZ# 1955270)\n\n* The scrolling bar for search filter does not work properly (BZ# 1956852)\n\n* Limits on Length of MultiClusterObservability Resource Name (BZ# 1959426)\n\n* The proxy setup in install-config.yaml is not worked when IPI installing\nwith RHACM (BZ# 1960181)\n\n* Unable to make SSH connection to a Bitbucket server (BZ# 1966513)\n\n* Observability Thanos store shard crashing - cannot unmarshall DNS message\n(BZ# 1967890)\n\n3. Solution:\n\nBefore applying this update, make sure all previously released errata\nrelevant to your system have been applied. Bugs fixed (https://bugzilla.redhat.com/):\n\n1932634 - CVE-2021-21309 redis: integer overflow when configurable limit for maximum supported bulk input size is too big on 32-bit platforms\n1939103 - CVE-2021-28092 nodejs-is-svg: ReDoS via malicious string\n1944827 - CVE-2021-28918 nodejs-netmask: improper input validation of octal input data\n1950832 - Enabling observability for OpenShift Container Storage with RHACM 2.2 on OCP 4.7\n1952150 - [DDF] It would be great to see all the options available for the bucket configuration and which attributes are mandatory\n1954506 - [DDF] Table does not contain data about 20 clusters. Now it\u0027s difficult to estimate CPU usage with larger clusters\n1954535 - Reinstall Submariner - No endpoints found on one cluster\n1955270 - ACM Operator should support using the default route TLS\n1956852 - The scrolling bar for search filter does not work properly\n1957254 - RHACM 2.2.4 images\n1959426 - Limits on Length of MultiClusterObservability Resource Name\n1960181 - The proxy setup in install-config.yaml is not worked when IPI installing with RHACM. \n1963128 - [DDF] Please rename this to \"Amazon Elastic Kubernetes Service\"\n1966513 - Unable to make SSH connection to a Bitbucket server\n1967357 - [DDF] When I clicked on this yaml, I get a HTTP 404 error. \n1967890 - Observability Thanos store shard crashing - cannot unmarshal DNS message\n\n5. Description:\n\nRed Hat OpenShift Container Platform is Red Hat\u0027s cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments. \n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.7.13. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2021:2122\n\nSpace precludes documenting all of the container images in this advisory. \nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nThis update fixes the following bug among others:\n\n* Previously, resources for the ClusterOperator were being created early in\nthe update process, which led to update failures when the ClusterOperator\nhad no status condition while Operators were updating. This bug fix changes\nthe timing of when these resources are created. As a result, updates can\ntake place without errors. (BZ#1959238)\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-x86_64\n\nThe image digest is\nsha256:783a2c963f35ccab38e82e6a8c7fa954c3a4551e07d2f43c06098828dd986ed4\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-s390x\n\nThe image digest is\nsha256:4cf44e68413acad063203e1ee8982fd01d8b9c1f8643a5b31cd7ff341b3199cd\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.7.13-ppc64le\n\nThe image digest is\nsha256:d47ce972f87f14f1f3c5d50428d2255d1256dae3f45c938ace88547478643e36\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -between-minor.html#understanding-upgrade-channels_updating-cluster-between\n- -minor\n\n3. Solution:\n\nFor OpenShift Container Platform 4.7 see the following documentation, which\nwill be updated shortly for this release, for important instructions on how\nto upgrade your cluster and fully apply this asynchronous errata update:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel\nease-notes.html\n\nDetails on how to access this content are available at\nhttps://docs.openshift.com/container-platform/4.7/updating/updating-cluster\n- -cli.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923268 - [Assisted-4.7] [Staging] Using two both spelling \"canceled\" \"cancelled\"\n1947216 - [AWS] Missing iam:ListAttachedRolePolicies permission in permissions.go\n1953963 - Enable/Disable host operations returns cluster resource with incomplete hosts list\n1957749 - ovn-kubernetes pod should have CPU and memory requests set but not limits\n1959238 - CVO creating cloud-controller-manager too early causing upgrade failures\n1960103 - SR-IOV obliviously reboot the node\n1961941 - Local Storage Operator using LocalVolume CR fails to create PV\u0027s when backend storage failure is simulated\n1962302 - packageserver clusteroperator does not set reason or message for Available condition\n1962312 - Deployment considered unhealthy despite being available and at latest generation\n1962435 - Public DNS records were not deleted when destroying a cluster which is using byo private hosted zone\n1963115 - Test verify /run filesystem contents failing\n\n5. =========================================================================\nUbuntu Security Notice USN-4602-2\nOctober 27, 2020\n\nperl vulnerabilities\n=========================================================================\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 14.04 ESM\n- Ubuntu 12.04 ESM\n\nSummary:\n\nSeveral security issues were fixed in Perl. \n\nSoftware Description:\n- perl: Practical Extraction and Report Language\n\nDetails:\n\nUSN-4602-1 fixed several vulnerabilities in Perl. This update provides\nthe corresponding update for Ubuntu 12.04 ESM and Ubuntu 14.04 ESM. \n\n\nOriginal advisory details:\n\n ManhND discovered that Perl incorrectly handled certain regular\n expressions. In environments where untrusted regular expressions are\n evaluated, a remote attacker could possibly use this issue to cause Perl to\n crash, resulting in a denial of service, or possibly execute arbitrary\n code. (CVE-2020-10543)\n\n Hugo van der Sanden and Slaven Rezic discovered that Perl incorrectly\n handled certain regular expressions. In environments where untrusted\n regular expressions are evaluated, a remote attacker could possibly use\n this issue to cause Perl to crash, resulting in a denial of service, or\n possibly execute arbitrary code. (CVE-2020-10878)\n\n Sergey Aleynikov discovered that Perl incorrectly handled certain regular\n expressions. In environments where untrusted regular expressions are\n evaluated, a remote attacker could possibly use this issue to cause Perl to\n crash, resulting in a denial of service, or possibly execute arbitrary\n code. (CVE-2020-12723)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 14.04 ESM:\n perl 5.18.2-2ubuntu1.7+esm3\n\nUbuntu 12.04 ESM:\n perl 5.14.2-6ubuntu2.11\n\nIn general, a standard system update will make all the necessary changes. Description:\n\nSecurity Fix(es):\n\n* Addressed a security issue which can allow a malicious playbook author to\nelevate to the awx user from outside the isolated environment:\nCVE-2021-20253\n* Upgraded to a more recent version of Django to address CVE-2021-3281. \n* Upgraded to a more recent version of autobahn to address CVE-2020-35678. \n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Upgraded to the latest oVirt inventory plugin to resolve a number of\ninventory syncing issues that can occur on RHEL7. \n* Upgraded to the latest theforeman.foreman inventory plugin to resolve a\nfew bugs and performance regressions. \n* Fixed several issues related to how Tower rotates its log files. \n* Fixed a bug which can prevent Tower from installing on RHEL8 with certain\nnon-en_US.UTF-8 locales. \n* Fixed a bug which can cause unanticipated delays in certain playbook\noutput. \n* Fixed a bug which can cause job runs to fail for playbooks that print\ncertain types of raw binary data. \n* Fixed a bug which can cause unnecessary records in the Activity Stream\nwhen Automation Analytics data is collected. \n* Fixed a bug which can cause Tower PostgreSQL backups to fail when a\nnon-default PostgreSQL username is specified. \n* Fixed a bug which can intermittently cause access to encrypted Tower\nsettings to fail, resulting in failed job launches. \n* Fixed a bug which can cause certain long-running jobs running on isolated\nnodes to unexpectedly fail. Solution:\n\nFor information on upgrading Ansible Tower, reference the Ansible Tower\nUpgrade and Migration Guide:\nhttps://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/\nindex.html\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1911314 - CVE-2020-35678 python-autobahn: allows redirect header injection\n1919969 - CVE-2021-3281 django: Potential directory-traversal via archive.extract()\n1928847 - CVE-2021-20253 ansible-tower: Privilege escalation via job isolation escape\n\n5. 7.4) - noarch, x86_64\n\n3. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n==================================================================== \nRed Hat Security Advisory\n\nSynopsis: Moderate: perl security update\nAdvisory ID: RHSA-2021:0343-01\nProduct: Red Hat Enterprise Linux\nAdvisory URL: https://access.redhat.com/errata/RHSA-2021:0343\nIssue date: 2021-02-02\nCVE Names: CVE-2020-10543 CVE-2020-10878 CVE-2020-12723\n====================================================================\n1. Summary:\n\nAn update for perl is now available for Red Hat Enterprise Linux 7. \n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score, which\ngives a detailed severity rating, is available for each vulnerability from\nthe CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Client (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Client Optional (v. 7) - x86_64\nRed Hat Enterprise Linux ComputeNode (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64\nRed Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64\nRed Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64\nRed Hat Enterprise Linux Workstation Optional (v. 7) - x86_64\n\n3. Description:\n\nPerl is a high-level programming language that is commonly used for system\nadministration utilities and web programming. \n\nSecurity Fix(es):\n\n* perl: heap-based buffer overflow in regular expression compiler leads to\nDoS (CVE-2020-10543)\n\n* perl: corruption of intermediate language state of compiled regular\nexpression due to integer overflow leads to DoS (CVE-2020-10878)\n\n* perl: corruption of intermediate language state of compiled regular\nexpression due to recursive S_study_chunk() calls leads to DoS\n(CVE-2020-12723)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258\n\n5. Package List:\n\nRed Hat Enterprise Linux Client (v. 7):\n\nSource:\nperl-5.16.3-299.el7_9.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-299.el7_9.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm\nperl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm\nperl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm\nperl-IO-Zlib-1.10-299.el7_9.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm\nperl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm\nperl-Module-Loaded-0.08-299.el7_9.noarch.rpm\nperl-Object-Accessor-0.42-299.el7_9.noarch.rpm\nperl-Package-Constants-0.02-299.el7_9.noarch.rpm\nperl-Pod-Escapes-1.04-299.el7_9.noarch.rpm\n\nx86_64:\nperl-5.16.3-299.el7_9.x86_64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm\nperl-core-5.16.3-299.el7_9.x86_64.rpm\nperl-debuginfo-5.16.3-299.el7_9.i686.rpm\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-devel-5.16.3-299.el7_9.i686.rpm\nperl-devel-5.16.3-299.el7_9.x86_64.rpm\nperl-libs-5.16.3-299.el7_9.i686.rpm\nperl-libs-5.16.3-299.el7_9.x86_64.rpm\nperl-macros-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Client Optional (v. 7):\n\nx86_64:\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-tests-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode (v. 7):\n\nSource:\nperl-5.16.3-299.el7_9.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-299.el7_9.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm\nperl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm\nperl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm\nperl-IO-Zlib-1.10-299.el7_9.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm\nperl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm\nperl-Module-Loaded-0.08-299.el7_9.noarch.rpm\nperl-Object-Accessor-0.42-299.el7_9.noarch.rpm\nperl-Package-Constants-0.02-299.el7_9.noarch.rpm\nperl-Pod-Escapes-1.04-299.el7_9.noarch.rpm\n\nx86_64:\nperl-5.16.3-299.el7_9.x86_64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm\nperl-core-5.16.3-299.el7_9.x86_64.rpm\nperl-debuginfo-5.16.3-299.el7_9.i686.rpm\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-devel-5.16.3-299.el7_9.i686.rpm\nperl-devel-5.16.3-299.el7_9.x86_64.rpm\nperl-libs-5.16.3-299.el7_9.i686.rpm\nperl-libs-5.16.3-299.el7_9.x86_64.rpm\nperl-macros-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux ComputeNode Optional (v. 7):\n\nx86_64:\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-tests-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server (v. 7):\n\nSource:\nperl-5.16.3-299.el7_9.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-299.el7_9.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm\nperl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm\nperl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm\nperl-IO-Zlib-1.10-299.el7_9.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm\nperl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm\nperl-Module-Loaded-0.08-299.el7_9.noarch.rpm\nperl-Object-Accessor-0.42-299.el7_9.noarch.rpm\nperl-Package-Constants-0.02-299.el7_9.noarch.rpm\nperl-Pod-Escapes-1.04-299.el7_9.noarch.rpm\n\nppc64:\nperl-5.16.3-299.el7_9.ppc64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.ppc64.rpm\nperl-core-5.16.3-299.el7_9.ppc64.rpm\nperl-debuginfo-5.16.3-299.el7_9.ppc.rpm\nperl-debuginfo-5.16.3-299.el7_9.ppc64.rpm\nperl-devel-5.16.3-299.el7_9.ppc.rpm\nperl-devel-5.16.3-299.el7_9.ppc64.rpm\nperl-libs-5.16.3-299.el7_9.ppc.rpm\nperl-libs-5.16.3-299.el7_9.ppc64.rpm\nperl-macros-5.16.3-299.el7_9.ppc64.rpm\n\nppc64le:\nperl-5.16.3-299.el7_9.ppc64le.rpm\nperl-Time-Piece-1.20.1-299.el7_9.ppc64le.rpm\nperl-core-5.16.3-299.el7_9.ppc64le.rpm\nperl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm\nperl-devel-5.16.3-299.el7_9.ppc64le.rpm\nperl-libs-5.16.3-299.el7_9.ppc64le.rpm\nperl-macros-5.16.3-299.el7_9.ppc64le.rpm\n\ns390x:\nperl-5.16.3-299.el7_9.s390x.rpm\nperl-Time-Piece-1.20.1-299.el7_9.s390x.rpm\nperl-core-5.16.3-299.el7_9.s390x.rpm\nperl-debuginfo-5.16.3-299.el7_9.s390.rpm\nperl-debuginfo-5.16.3-299.el7_9.s390x.rpm\nperl-devel-5.16.3-299.el7_9.s390.rpm\nperl-devel-5.16.3-299.el7_9.s390x.rpm\nperl-libs-5.16.3-299.el7_9.s390.rpm\nperl-libs-5.16.3-299.el7_9.s390x.rpm\nperl-macros-5.16.3-299.el7_9.s390x.rpm\n\nx86_64:\nperl-5.16.3-299.el7_9.x86_64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm\nperl-core-5.16.3-299.el7_9.x86_64.rpm\nperl-debuginfo-5.16.3-299.el7_9.i686.rpm\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-devel-5.16.3-299.el7_9.i686.rpm\nperl-devel-5.16.3-299.el7_9.x86_64.rpm\nperl-libs-5.16.3-299.el7_9.i686.rpm\nperl-libs-5.16.3-299.el7_9.x86_64.rpm\nperl-macros-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Server Optional (v. 7):\n\nppc64:\nperl-debuginfo-5.16.3-299.el7_9.ppc64.rpm\nperl-tests-5.16.3-299.el7_9.ppc64.rpm\n\nppc64le:\nperl-debuginfo-5.16.3-299.el7_9.ppc64le.rpm\nperl-tests-5.16.3-299.el7_9.ppc64le.rpm\n\ns390x:\nperl-debuginfo-5.16.3-299.el7_9.s390x.rpm\nperl-tests-5.16.3-299.el7_9.s390x.rpm\n\nx86_64:\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-tests-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation (v. 7):\n\nSource:\nperl-5.16.3-299.el7_9.src.rpm\n\nnoarch:\nperl-CPAN-1.9800-299.el7_9.noarch.rpm\nperl-ExtUtils-CBuilder-0.28.2.6-299.el7_9.noarch.rpm\nperl-ExtUtils-Embed-1.30-299.el7_9.noarch.rpm\nperl-ExtUtils-Install-1.58-299.el7_9.noarch.rpm\nperl-IO-Zlib-1.10-299.el7_9.noarch.rpm\nperl-Locale-Maketext-Simple-0.21-299.el7_9.noarch.rpm\nperl-Module-CoreList-2.76.02-299.el7_9.noarch.rpm\nperl-Module-Loaded-0.08-299.el7_9.noarch.rpm\nperl-Object-Accessor-0.42-299.el7_9.noarch.rpm\nperl-Package-Constants-0.02-299.el7_9.noarch.rpm\nperl-Pod-Escapes-1.04-299.el7_9.noarch.rpm\n\nx86_64:\nperl-5.16.3-299.el7_9.x86_64.rpm\nperl-Time-Piece-1.20.1-299.el7_9.x86_64.rpm\nperl-core-5.16.3-299.el7_9.x86_64.rpm\nperl-debuginfo-5.16.3-299.el7_9.i686.rpm\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-devel-5.16.3-299.el7_9.i686.rpm\nperl-devel-5.16.3-299.el7_9.x86_64.rpm\nperl-libs-5.16.3-299.el7_9.i686.rpm\nperl-libs-5.16.3-299.el7_9.x86_64.rpm\nperl-macros-5.16.3-299.el7_9.x86_64.rpm\n\nRed Hat Enterprise Linux Workstation Optional (v. 7):\n\nx86_64:\nperl-debuginfo-5.16.3-299.el7_9.x86_64.rpm\nperl-tests-5.16.3-299.el7_9.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-10543\nhttps://access.redhat.com/security/cve/CVE-2020-10878\nhttps://access.redhat.com/security/cve/CVE-2020-12723\nhttps://access.redhat.com/security/updates/classification/#moderate\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYBlBRdzjgjWX9erEAQgfWQ/+Pzq//upZZVPBq5+myRLRJCef7277Y+9k\n54oh8wOTwtwEMs9ye5Y1FDmAxVd4fWX3JgAss1KE86Hhm5OoCX/FJ0/RGguMR1l2\nqwmWtfGuZjrn1SmjdHlf8B/bC0f20IadUUbY/8clpFiMxe5V1g8s9ZgbHv/MBWnm\nAwac/6LPc7Eb24OnIuTKLYEcQRxuBG1KdikM1NN1uJU5WHkbhZfKWFMnjKihsPGp\n42vnomd0P7RdXNc4FbuNlkm2iw04woJyz1AYPdScswWJqawQSbre6+3wpnHlWs4K\nRerhKZiJLJsC0XmSpma62I4kYbVlniYPcbrF4Zfo1j1vIIvjmOL26B/3JsUVtwfm\nAKVuAu8DbNIkdSo2CS2gauLWsykukprPx16X8n8Xlb9Kr9iL/r2/sI/jUGce+50S\naoe2Hb40VIX6sHPLiEmWP0ufuoDxJZ2mY9mhqAMGt/xCPrZ/Pst0y4hewJVo2AIf\n/LG758/KJWYBx2ILfBwA07O829irVDnbw5blT47fS3qiqAzXRTp56xkCCnLQ0BGQ\nIp3DFIwNVxznKYOgubXJBGl3xYHI+P/bu8tcCAYMaN4hAHdFrqJbPMNLLGf37L73\nN83csDc07k/WsKua5atl3suUuYRWxSq6CnV9KNU4aUaKEmu+de+D2k34vn2+le0S\nHB63T1smQXA=Oj1P\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-10543"
},
{
"db": "VULHUB",
"id": "VHN-163032"
},
{
"db": "VULMON",
"id": "CVE-2020-10543"
},
{
"db": "PACKETSTORM",
"id": "162650"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "159726"
},
{
"db": "PACKETSTORM",
"id": "161728"
},
{
"db": "PACKETSTORM",
"id": "162245"
},
{
"db": "PACKETSTORM",
"id": "161255"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-10543",
"trust": 2.5
},
{
"db": "PACKETSTORM",
"id": "159726",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162650",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162877",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "161728",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "161255",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162245",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "163188",
"trust": 0.8
},
{
"db": "PACKETSTORM",
"id": "162021",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "158058",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "159707",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "162837",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161656",
"trust": 0.7
},
{
"db": "PACKETSTORM",
"id": "161843",
"trust": 0.7
},
{
"db": "CNNVD",
"id": "CNNVD-202006-145",
"trust": 0.7
},
{
"db": "CS-HELP",
"id": "SB2021042131",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021052031",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072136",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021092220",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021072268",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "163586",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1338",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0791",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2604",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2781",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0925",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1725",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0371",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1096",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2180",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.0845",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1820",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.1866",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.2469",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161727",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "161726",
"trust": 0.1
},
{
"db": "CNVD",
"id": "CNVD-2020-37944",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-163032",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2020-10543",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163032"
},
{
"db": "VULMON",
"id": "CVE-2020-10543"
},
{
"db": "PACKETSTORM",
"id": "162650"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "159726"
},
{
"db": "PACKETSTORM",
"id": "161728"
},
{
"db": "PACKETSTORM",
"id": "162245"
},
{
"db": "PACKETSTORM",
"id": "161255"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-145"
},
{
"db": "NVD",
"id": "CVE-2020-10543"
}
]
},
"id": "VAR-202006-1838",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-163032"
}
],
"trust": 0.01
},
"last_update_date": "2024-07-23T20:25:57.515000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Perl Buffer error vulnerability fix",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=122040"
},
{
"title": "editorGambasDelta",
"trust": 0.2,
"url": "https://github.com/d5n9smatrix/editorgambasdelta "
},
{
"title": "Red Hat: Moderate: perl security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210343 - security advisory"
},
{
"title": "Debian CVElist Bug Report Logs: perl: regexp security issues: CVE-2020-10543, CVE-2020-10878, CVE-2020-12723",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=babe2a0596ddd17a5ad75cd3c30c45ff"
},
{
"title": "Amazon Linux 2: ALAS2-2021-1610",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=alas2-2021-1610"
},
{
"title": "Red Hat: Moderate: Red Hat Advanced Cluster Management 2.1.3 security and bug fix update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=rhsa-20210607 - security advisory"
},
{
"title": "IBM: Security Bulletin: Cloud Pak for Security contains security vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog\u0026qid=08f19f0be4d5dcf7486e5abcdb671477"
},
{
"title": "Siemens Security Advisories: Siemens Security Advisory",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories\u0026qid=ec6577109e640dac19a6ddb978afe82d"
},
{
"title": "visualGambasDelta",
"trust": 0.1,
"url": "https://github.com/d5n9smatrix/visualgambasdelta "
},
{
"title": "perl5283delta",
"trust": 0.1,
"url": "https://github.com/d5n9smatrix/perl5283delta "
},
{
"title": "CICD_CloudBuild_01",
"trust": 0.1,
"url": "https://github.com/pbavinck/cicd_cloudbuild_01 "
},
{
"title": "gcr-kritis-signer",
"trust": 0.1,
"url": "https://github.com/binxio/gcr-kritis-signer "
},
{
"title": "gcp-kritis-signer",
"trust": 0.1,
"url": "https://github.com/binxio/gcp-kritis-signer "
},
{
"title": "litecoin-automation",
"trust": 0.1,
"url": "https://github.com/gzukel/litecoin-automation "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/d5n9smatrix/perltoc "
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/imhunterand/hackerone-publicy-disclosed "
},
{
"title": "snykout",
"trust": 0.1,
"url": "https://github.com/garethr/snykout "
},
{
"title": "myapp-container-jaxrs",
"trust": 0.1,
"url": "https://github.com/akiraabe/myapp-container-jaxrs "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-10543"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-145"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-190",
"trust": 1.1
},
{
"problemtype": "CWE-787",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163032"
},
{
"db": "NVD",
"id": "CVE-2020-10543"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"trust": 1.7,
"url": "https://github.com/perl/perl5/blob/blead/pod/perl5303delta.pod"
},
{
"trust": 1.7,
"url": "https://github.com/perl/perl5/compare/v5.30.2...v5.30.3"
},
{
"trust": 1.7,
"url": "https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed"
},
{
"trust": 1.7,
"url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
},
{
"trust": 1.7,
"url": "https://security.gentoo.org/glsa/202006-03"
},
{
"trust": 1.7,
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"trust": 1.7,
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"trust": 1.7,
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
},
{
"trust": 1.3,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10543"
},
{
"trust": 1.0,
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/"
},
{
"trust": 0.7,
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/in3ttbo5ksgwe5irikdj5jsqrh7annxe/"
},
{
"trust": 0.7,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-10878"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-10543"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/cve/cve-2020-10878"
},
{
"trust": 0.6,
"url": "https://bugzilla.redhat.com/):"
},
{
"trust": 0.6,
"url": "https://access.redhat.com/security/team/contact/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162650/red-hat-security-advisory-2021-1678-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161255/red-hat-security-advisory-2021-0343-01.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-cloud-pak-for-security-contains-security-vulnerabilities/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1866"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1820"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072268"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1725"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021052031"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0371/"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2781"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1096"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021042131"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2180"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161656/red-hat-security-advisory-2021-0719-01.html"
},
{
"trust": 0.6,
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"trust": 0.6,
"url": "https://www.ibm.com/blogs/psirt/security-bulletin-vulnerabilities-in-perl-affect-aix-cve-2020-10543-cve-2020-10878-and-cve-2020-12723/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163188/red-hat-security-advisory-2021-2461-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161728/red-hat-security-advisory-2021-0780-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0925"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/158058/gentoo-linux-security-advisory-202006-03.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161843/red-hat-security-advisory-2021-0883-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159707/ubuntu-security-notice-usn-4602-1.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.1338"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021092220"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021072136"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2469"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162021/red-hat-security-advisory-2021-1032-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162245/red-hat-security-advisory-2021-1266-01.html"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0845"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.2604"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0791"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162837/red-hat-security-advisory-2021-2136-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/162877/red-hat-security-advisory-2021-2121-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/163586/red-hat-security-advisory-2021-2792-01.html"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/159726/ubuntu-security-notice-usn-4602-2.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/perl-core-buffer-overflow-via-nested-regular-expression-quantifiers-32365"
},
{
"trust": 0.5,
"url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.5,
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12723"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/articles/11258"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/team/key/"
},
{
"trust": 0.3,
"url": "https://access.redhat.com/security/cve/cve-2020-12723"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25039"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8286"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28196"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-15358"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13434"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25037"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25037"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-3842"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-13776"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24977"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8231"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-29362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-28935"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25034"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8285"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25035"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2016-10228"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-9169"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-14866"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-26116"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25038"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-14866"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-26137"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25013"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25040"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-29361"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24330"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25042"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25042"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-12362"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25038"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25032"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25041"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25036"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25032"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27619"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-25215"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3177"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-9169"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24331"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-3326"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25036"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25013"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25035"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-2708"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2021-23336"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8927"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12362"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-29363"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-24332"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-3842"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25039"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2019-25040"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-2708"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2016-10228"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25041"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-8284"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-25034"
},
{
"trust": 0.2,
"url": "https://access.redhat.com/security/cve/cve-2020-27618"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.4_release_notes/"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1678"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-15358"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21639"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28165"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-14502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28092"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13776"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-27219"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-24330"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28163"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-13434"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2017-14502"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_mana"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21309"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21640"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-28918"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3501"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-8648"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27170"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25692"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-2433"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3347"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12364"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2461"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14347"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36322"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12114"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25712"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15586"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12114"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/updating/updating-cluster"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13543"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27835"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9951"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25704"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-36242"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3121"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19528"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9948"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-13012"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-0431"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-16845"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14363"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-13584"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-18811"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14360"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21645"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27783"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19528"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-12464"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14314"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25659"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14356"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21643"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-27786"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25643"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-9983"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-24394"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-0431"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-0342"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-18811"
},
{
"trust": 0.1,
"url": "https://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-rel"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-30465"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14345"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14344"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2019-19523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14362"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21644"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14361"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25285"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35508"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25212"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-19523"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-28974"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2121"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-15437"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-13012"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-25284"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-14346"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-11608"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:2122"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-11608"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-21642"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-12464"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4602-1"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/4602-2"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-35678"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20228"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-3281"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20253"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20178"
},
{
"trust": 0.1,
"url": "https://docs.ansible.com/ansible-tower/latest/html/upgrade-migration-guide/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20191"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-3281"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20253"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20191"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20180"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20228"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0780"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2020-35678"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-20180"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2021-20178"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:1266"
},
{
"trust": 0.1,
"url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/errata/rhsa-2021:0343"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-163032"
},
{
"db": "PACKETSTORM",
"id": "162650"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "159726"
},
{
"db": "PACKETSTORM",
"id": "161728"
},
{
"db": "PACKETSTORM",
"id": "162245"
},
{
"db": "PACKETSTORM",
"id": "161255"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-145"
},
{
"db": "NVD",
"id": "CVE-2020-10543"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-163032"
},
{
"db": "VULMON",
"id": "CVE-2020-10543"
},
{
"db": "PACKETSTORM",
"id": "162650"
},
{
"db": "PACKETSTORM",
"id": "163188"
},
{
"db": "PACKETSTORM",
"id": "162877"
},
{
"db": "PACKETSTORM",
"id": "159726"
},
{
"db": "PACKETSTORM",
"id": "161728"
},
{
"db": "PACKETSTORM",
"id": "162245"
},
{
"db": "PACKETSTORM",
"id": "161255"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-145"
},
{
"db": "NVD",
"id": "CVE-2020-10543"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2020-06-05T00:00:00",
"db": "VULHUB",
"id": "VHN-163032"
},
{
"date": "2020-06-05T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10543"
},
{
"date": "2021-05-19T14:04:40",
"db": "PACKETSTORM",
"id": "162650"
},
{
"date": "2021-06-17T17:53:22",
"db": "PACKETSTORM",
"id": "163188"
},
{
"date": "2021-06-01T14:45:29",
"db": "PACKETSTORM",
"id": "162877"
},
{
"date": "2020-10-27T16:58:55",
"db": "PACKETSTORM",
"id": "159726"
},
{
"date": "2021-03-09T16:26:05",
"db": "PACKETSTORM",
"id": "161728"
},
{
"date": "2021-04-20T16:17:10",
"db": "PACKETSTORM",
"id": "162245"
},
{
"date": "2021-02-02T16:12:23",
"db": "PACKETSTORM",
"id": "161255"
},
{
"date": "2020-06-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-145"
},
{
"date": "2020-06-05T14:15:10.467000",
"db": "NVD",
"id": "CVE-2020-10543"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-05-12T00:00:00",
"db": "VULHUB",
"id": "VHN-163032"
},
{
"date": "2023-11-07T00:00:00",
"db": "VULMON",
"id": "CVE-2020-10543"
},
{
"date": "2022-04-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202006-145"
},
{
"date": "2023-11-07T03:14:10.297000",
"db": "NVD",
"id": "CVE-2020-10543"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "159726"
},
{
"db": "CNNVD",
"id": "CNNVD-202006-145"
}
],
"trust": 0.7
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Perl Input validation error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-145"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "input validation error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202006-145"
}
],
"trust": 0.6
}
}