cve-2010-4777
Vulnerability from cvelistv5
Published
2014-02-10 17:00
Modified
2024-08-07 03:55
Severity ?
Summary
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.
References
cve@mitre.orghttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836
cve@mitre.orghttp://forums.ocsinventory-ng.org/viewtopic.php?id=7215
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=694166
cve@mitre.orghttps://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html
cve@mitre.orghttps://rt.perl.org/Public/Bug/Display.html?id=76538
af854a3a-2127-422b-91ae-364da2661108http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836
af854a3a-2127-422b-91ae-364da2661108http://forums.ocsinventory-ng.org/viewtopic.php?id=7215
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=694166
af854a3a-2127-422b-91ae-364da2661108https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html
af854a3a-2127-422b-91ae-364da2661108https://rt.perl.org/Public/Bug/Display.html?id=76538
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T03:55:35.106Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "SUSE-SR:2011:009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
          },
          {
            "name": "[Postfixbuch-users] 20110222 proxy-reject: END-OF-MESSAGE: 451 4.3.0\tError: queue file write error",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694166"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://forums.ocsinventory-ng.org/viewtopic.php?id=7215"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://rt.perl.org/Public/Bug/Display.html?id=76538"
          },
          {
            "name": "openSUSE-SU-2011:0479",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2011-02-22T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-02-10T16:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "SUSE-SR:2011:009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
        },
        {
          "name": "[Postfixbuch-users] 20110222 proxy-reject: END-OF-MESSAGE: 451 4.3.0\tError: queue file write error",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694166"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://forums.ocsinventory-ng.org/viewtopic.php?id=7215"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://rt.perl.org/Public/Bug/Display.html?id=76538"
        },
        {
          "name": "openSUSE-SU-2011:0479",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2010-4777",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "SUSE-SR:2011:009",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
            },
            {
              "name": "[Postfixbuch-users] 20110222 proxy-reject: END-OF-MESSAGE: 451 4.3.0\tError: queue file write error",
              "refsource": "MLIST",
              "url": "https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=694166",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694166"
            },
            {
              "name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836",
              "refsource": "MISC",
              "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836"
            },
            {
              "name": "http://forums.ocsinventory-ng.org/viewtopic.php?id=7215",
              "refsource": "MISC",
              "url": "http://forums.ocsinventory-ng.org/viewtopic.php?id=7215"
            },
            {
              "name": "https://rt.perl.org/Public/Bug/Display.html?id=76538",
              "refsource": "CONFIRM",
              "url": "https://rt.perl.org/Public/Bug/Display.html?id=76538"
            },
            {
              "name": "openSUSE-SU-2011:0479",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2010-4777",
    "datePublished": "2014-02-10T17:00:00",
    "dateReserved": "2011-03-28T00:00:00",
    "dateUpdated": "2024-08-07T03:55:35.106Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"777EC860-FB16-4B15-A8BE-3EAE9FD8A99D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BC3F8EA-BE60-4EAB-A9B9-DB1368B5430C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8A968B30-8456-49C2-A9B0-6CF55CB3C7B4\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n Perl_reg_numbered_buff_fetch en Perl 5.10.0, 5.12.0, 5.14.0 y otras versiones, cuando funciona con debugging activado, permite a atacantes dependientes de contexto causar una denegaci\\u00f3n de servicio (fallo de aserci\\u00f3n y cierre de la aplicaci\\u00f3n) a trav\\u00e9s de una entrada manipulada que no es manejada adecuadamente cuando hace uso de ciertas expresiones regulares, como se ha demostrado causando la ca\\u00edda de SpamAssassin y OCSInventory.\"}]",
      "id": "CVE-2010-4777",
      "lastModified": "2024-11-21T01:21:45.177",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:N/A:P\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-02-10T18:15:08.967",
      "references": "[{\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://forums.ocsinventory-ng.org/viewtopic.php?id=7215\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=694166\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://rt.perl.org/Public/Bug/Display.html?id=76538\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://forums.ocsinventory-ng.org/viewtopic.php?id=7215\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=694166\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://rt.perl.org/Public/Bug/Display.html?id=76538\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-4777\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-02-10T18:15:08.967\",\"lastModified\":\"2024-11-21T01:21:45.177\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n Perl_reg_numbered_buff_fetch en Perl 5.10.0, 5.12.0, 5.14.0 y otras versiones, cuando funciona con debugging activado, permite a atacantes dependientes de contexto causar una denegaci\u00f3n de servicio (fallo de aserci\u00f3n y cierre de la aplicaci\u00f3n) a trav\u00e9s de una entrada manipulada que no es manejada adecuadamente cuando hace uso de ciertas expresiones regulares, como se ha demostrado causando la ca\u00edda de SpamAssassin y OCSInventory.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"777EC860-FB16-4B15-A8BE-3EAE9FD8A99D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BC3F8EA-BE60-4EAB-A9B9-DB1368B5430C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8A968B30-8456-49C2-A9B0-6CF55CB3C7B4\"}]}]}],\"references\":[{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://forums.ocsinventory-ng.org/viewtopic.php?id=7215\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=694166\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://rt.perl.org/Public/Bug/Display.html?id=76538\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://forums.ocsinventory-ng.org/viewtopic.php?id=7215\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=694166\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://rt.perl.org/Public/Bug/Display.html?id=76538\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.