cve-2010-1158
Vulnerability from cvelistv5
Published
2010-04-20 15:00
Modified
2024-08-07 01:14
Severity ?
Summary
Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.
References
secalert@redhat.comhttp://bugs.gentoo.org/show_bug.cgi?id=313565Exploit
secalert@redhat.comhttp://perldoc.perl.org/perl5100delta.html
secalert@redhat.comhttp://secunia.com/advisories/55314
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2010/04/08/9
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2010/04/14/3
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=580605
af854a3a-2127-422b-91ae-364da2661108http://bugs.gentoo.org/show_bug.cgi?id=313565Exploit
af854a3a-2127-422b-91ae-364da2661108http://perldoc.perl.org/perl5100delta.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55314
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/04/08/9
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/04/14/3
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=580605
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:14:06.375Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugs.gentoo.org/show_bug.cgi?id=313565"
          },
          {
            "name": "[oss-security] 20100414 Re: CVE Request -- perl v5.8.* -- stack overflow by processing certain regex (Gentoo BTS#313565 / RH BZ#580605)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/04/14/3"
          },
          {
            "name": "[oss-security] 20100408 CVE Request -- perl v5.8.* -- stack overflow by processing certain regex (Gentoo BTS#313565 / RH BZ#580605)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2010/04/08/9"
          },
          {
            "name": "55314",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/55314"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=580605"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://perldoc.perl.org/perl5100delta.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-04-08T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-10-24T09:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugs.gentoo.org/show_bug.cgi?id=313565"
        },
        {
          "name": "[oss-security] 20100414 Re: CVE Request -- perl v5.8.* -- stack overflow by processing certain regex (Gentoo BTS#313565 / RH BZ#580605)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/04/14/3"
        },
        {
          "name": "[oss-security] 20100408 CVE Request -- perl v5.8.* -- stack overflow by processing certain regex (Gentoo BTS#313565 / RH BZ#580605)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2010/04/08/9"
        },
        {
          "name": "55314",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/55314"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=580605"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://perldoc.perl.org/perl5100delta.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2010-1158",
    "datePublished": "2010-04-20T15:00:00",
    "dateReserved": "2010-03-29T00:00:00",
    "dateUpdated": "2024-08-07T01:14:06.375Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:perl:perl:5.8.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70CBBC87-F6F7-45AF-9B54-95402D03C75F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:perl:perl:5.8.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B34EA51-64A3-483A-AF99-01358F6BE8D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:perl:perl:5.8.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8E0DBA5-360F-463E-A840-365168A1FCC4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:perl:perl:5.8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5EA80F25-A108-4B65-BE25-56DE17B930EB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:perl:perl:5.8.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ECB2B6E2-890E-4B6E-833F-DF40E6D77E22\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"53F0358E-0722-48A6-A2C6-470229602089\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:perl:perl:5.8.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A8DFDF97-EF44-448F-A5CA-021B2D64605F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E98D2706-99B7-4153-925B-77A8CECD7CFB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:perl:perl:5.8.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B10AD15E-6275-48AB-8757-FB5A735C82D9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de entero en el motor de expresiones regulares de Perl v5.8.x permite a atacantes dependiendo del contexto provocar una denegaci\\u00f3n de servicio (consumo de la pila y ca\\u00edda de la aplicaci\\u00f3n) cotejando una expresi\\u00f3n regular modificada contra una cadena de texto extensa.\"}]",
      "id": "CVE-2010-1158",
      "lastModified": "2024-11-21T01:13:46.190",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 5.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 10.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2010-04-20T15:30:00.427",
      "references": "[{\"url\": \"http://bugs.gentoo.org/show_bug.cgi?id=313565\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://perldoc.perl.org/perl5100delta.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://secunia.com/advisories/55314\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2010/04/08/9\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2010/04/14/3\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=580605\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://bugs.gentoo.org/show_bug.cgi?id=313565\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://perldoc.perl.org/perl5100delta.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/55314\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2010/04/08/9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2010/04/14/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=580605\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"The Red Hat Security Response Team has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, or 5.\", \"lastModified\": \"2010-04-22T00:00:00\"}]",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-189\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-1158\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2010-04-20T15:30:00.427\",\"lastModified\":\"2024-11-21T01:13:46.190\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de entero en el motor de expresiones regulares de Perl v5.8.x permite a atacantes dependiendo del contexto provocar una denegaci\u00f3n de servicio (consumo de la pila y ca\u00edda de la aplicaci\u00f3n) cotejando una expresi\u00f3n regular modificada contra una cadena de texto extensa.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:perl:perl:5.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70CBBC87-F6F7-45AF-9B54-95402D03C75F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:perl:perl:5.8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B34EA51-64A3-483A-AF99-01358F6BE8D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:perl:perl:5.8.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8E0DBA5-360F-463E-A840-365168A1FCC4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:perl:perl:5.8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5EA80F25-A108-4B65-BE25-56DE17B930EB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:perl:perl:5.8.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ECB2B6E2-890E-4B6E-833F-DF40E6D77E22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53F0358E-0722-48A6-A2C6-470229602089\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:perl:perl:5.8.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8DFDF97-EF44-448F-A5CA-021B2D64605F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E98D2706-99B7-4153-925B-77A8CECD7CFB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:perl:perl:5.8.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B10AD15E-6275-48AB-8757-FB5A735C82D9\"}]}]}],\"references\":[{\"url\":\"http://bugs.gentoo.org/show_bug.cgi?id=313565\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://perldoc.perl.org/perl5100delta.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://secunia.com/advisories/55314\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/04/08/9\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/04/14/3\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=580605\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://bugs.gentoo.org/show_bug.cgi?id=313565\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://perldoc.perl.org/perl5100delta.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/55314\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/04/08/9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2010/04/14/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=580605\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"The Red Hat Security Response Team has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, or 5.\",\"lastModified\":\"2010-04-22T00:00:00\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.