cve-2013-7422

Vulnerability from cvelistv5

Published

2015-08-16 23:00

Modified

2024-08-06 18:09

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html	Vendor Advisory
secalert@redhat.com	http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06
secalert@redhat.com	http://www.securityfocus.com/bid/75704
secalert@redhat.com	http://www.ubuntu.com/usn/USN-2916-1
secalert@redhat.com	https://security.gentoo.org/glsa/201507-11
secalert@redhat.com	https://support.apple.com/kb/HT205031	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/75704
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2916-1
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201507-11
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT205031	Vendor Advisory

Impacted products

Vendor

Product

Version

▼

n/a

Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T18:09:16.951Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "APPLE-SA-2015-08-13-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06"
          },
          {
            "name": "GLSA-201507-11",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201507-11"
          },
          {
            "name": "USN-2916-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2916-1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT205031"
          },
          {
            "name": "75704",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75704"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-10-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-20T16:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "APPLE-SA-2015-08-13-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06"
        },
        {
          "name": "GLSA-201507-11",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201507-11"
        },
        {
          "name": "USN-2916-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2916-1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT205031"
        },
        {
          "name": "75704",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/75704"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-7422",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2015-08-13-2",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
            },
            {
              "name": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06",
              "refsource": "CONFIRM",
              "url": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06"
            },
            {
              "name": "GLSA-201507-11",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201507-11"
            },
            {
              "name": "USN-2916-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2916-1"
            },
            {
              "name": "https://support.apple.com/kb/HT205031",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT205031"
            },
            {
              "name": "75704",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/75704"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2013-7422",
    "datePublished": "2015-08-16T23:00:00",
    "dateReserved": "2015-01-27T00:00:00",
    "dateUpdated": "2024-08-06T18:09:16.951Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"10.10.4\", \"matchCriteriaId\": \"7883E465-932D-4C11-AA54-97E44181F906\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:perl:perl:5.18.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2C5E931F-85AB-4D99-BDC4-80C666187C26\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento inferior de enteros en regcomp.c en Perl en versiones anteriores a 5.20, tal como se utiliza en Apple OS X en versiones anteriores a 10.10.5 y otros productos, permite a atacantes dependientes del contexto ejecutar c\\u00f3digo arbitrario o causar una denegaci\\u00f3n de servicio (ca\\u00edda de aplicaci\\u00f3n) a trav\\u00e9s de una cadena larga de d\\u00edgitos asociados con una referencia inversa no v\\u00e1lida dentro de una expresi\\u00f3n regular.\"}]",
      "id": "CVE-2013-7422",
      "lastModified": "2024-11-21T02:00:58.010",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2015-08-16T23:59:00.097",
      "references": "[{\"url\": \"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/75704\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2916-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://security.gentoo.org/glsa/201507-11\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://support.apple.com/kb/HT205031\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/75704\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2916-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/201507-11\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/kb/HT205031\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-189\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-7422\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2015-08-16T23:59:00.097\",\"lastModified\":\"2024-11-21T02:00:58.010\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento inferior de enteros en regcomp.c en Perl en versiones anteriores a 5.20, tal como se utiliza en Apple OS X en versiones anteriores a 10.10.5 y otros productos, permite a atacantes dependientes del contexto ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una cadena larga de d\u00edgitos asociados con una referencia inversa no v\u00e1lida dentro de una expresi\u00f3n regular.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-189\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.10.4\",\"matchCriteriaId\":\"7883E465-932D-4C11-AA54-97E44181F906\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:perl:perl:5.18.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2C5E931F-85AB-4D99-BDC4-80C666187C26\"}]}]}],\"references\":[{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/75704\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2916-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.gentoo.org/glsa/201507-11\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://support.apple.com/kb/HT205031\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/75704\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2916-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201507-11\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/kb/HT205031\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

ghsa-m7pj-qf68-j4wp

Vulnerability from github

Published

2022-05-17 03:21

Modified

2022-05-17 03:21

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-7422"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-08-16T23:59:00Z",
    "severity": "HIGH"
  },
  "details": "Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.",
  "id": "GHSA-m7pj-qf68-j4wp",
  "modified": "2022-05-17T03:21:00Z",
  "published": "2022-05-17T03:21:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7422"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201507-11"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT205031"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/75704"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2916-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression. Perl is prone to a denial-of-service vulnerability. Successful exploits will allow attackers to cause a denial-of-service condition. Apple OS X is a dedicated operating system developed by Apple for Mac computers. Perl is a free and powerful cross-platform programming language developed by American programmer Larry Wall. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006

OS X Yosemite v10.10.5 and Security Update 2015-006 is now available and addresses the following:

apache Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in Apache 2.4.16, the most serious of which may allow a remote attacker to cause a denial of service. Description: Multiple vulnerabilities existed in Apache versions prior to 2.4.16. These were addressed by updating Apache to version 2.4.16. CVE-ID CVE-2014-3581 CVE-2014-3583 CVE-2014-8109 CVE-2015-0228 CVE-2015-0253 CVE-2015-3183 CVE-2015-3185

apache_mod_php Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in PHP 5.5.20, the most serious of which may lead to arbitrary code execution. Description: Multiple vulnerabilities existed in PHP versions prior to 5.5.20. These were addressed by updating Apache to version 5.5.27. CVE-ID CVE-2015-2783 CVE-2015-2787 CVE-2015-3307 CVE-2015-3329 CVE-2015-3330 CVE-2015-4021 CVE-2015-4022 CVE-2015-4024 CVE-2015-4025 CVE-2015-4026 CVE-2015-4147 CVE-2015-4148

Apple ID OD Plug-in Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able change the password of a local user Description: In some circumstances, a state management issue existed in password authentication. The issue was addressed through improved state management. CVE-ID CVE-2015-3799 : an anonymous researcher working with HP's Zero Day Initiative

AppleGraphicsControl Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in AppleGraphicsControl which could have led to the disclosure of kernel memory layout. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5768 : JieTao Yang of KeenTeam

Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOBluetoothHCIController. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3779 : Teddy Reed of Facebook Security

Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: A memory management issue could have led to the disclosure of kernel memory layout. This issue was addressed with improved memory management. CVE-ID CVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze Networks

Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious app may be able to access notifications from other iCloud devices Description: An issue existed where a malicious app could access a Bluetooth-paired Mac or iOS device's Notification Center notifications via the Apple Notification Center Service. The issue affected devices using Handoff and logged into the same iCloud account. This issue was resolved by revoking access to the Apple Notification Center Service. CVE-ID CVE-2015-3786 : Xiaolong Bai (Tsinghua University), System Security Lab (Indiana University), Tongxin Li (Peking University), XiaoFeng Wang (Indiana University)

Bluetooth Available for: OS X Yosemite v10.10 to v10.10.4 Impact: An attacker with privileged network position may be able to perform denial of service attack using malformed Bluetooth packets Description: An input validation issue existed in parsing of Bluetooth ACL packets. This issue was addressed through improved input validation. These issues were addressed through improved bounds checking. CVE-ID CVE-2015-3777 : mitp0sh of [PDX]

bootp Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious Wi-Fi network may be able to determine networks a device has previously accessed Description: Upon connecting to a Wi-Fi network, iOS may have broadcast MAC addresses of previously accessed networks via the DNAv4 protocol. This issue was addressed through disabling DNAv4 on unencrypted Wi-Fi networks. CVE-ID CVE-2015-3778 : Piers O'Hanlon of Oxford Internet Institute, University of Oxford (on the EPSRC Being There project)

CloudKit Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to access the iCloud user record of a previously signed in user Description: A state inconsistency existed in CloudKit when signing out users. This issue was addressed through improved state handling. CVE-ID CVE-2015-3782 : Deepkanwal Plaha of University of Toronto

CoreMedia Playback Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Viewing a maliciously crafted movie file may lead to an unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in CoreMedia Playback. These were addressed through improved memory handling. CVE-ID CVE-2015-5777 : Apple CVE-2015-5778 : Apple

CoreText Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team

CoreText Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team

curl Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities in cURL and libcurl prior to 7.38.0, one of which may allow remote attackers to bypass the Same Origin Policy. Description: Multiple vulnerabilities existed in cURL and libcurl prior to 7.38.0. These issues were addressed by updating cURL to version 7.43.0. CVE-ID CVE-2014-3613 CVE-2014-3620 CVE-2014-3707 CVE-2014-8150 CVE-2014-8151 CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148 CVE-2015-3153

Data Detectors Engine Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a sequence of unicode characters can lead to an unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in processing of Unicode characters. These issues were addressed through improved memory handling. CVE-ID CVE-2015-5750 : M1x7e1 of Safeye Team (www.safeye.org)

Date & Time pref pane Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Applications that rely on system time may have unexpected behavior Description: An authorization issue existed when modifying the system date and time preferences. This issue was addressed with additional authorization checks. CVE-ID CVE-2015-3757 : Mark S C Smith

Dictionary Application Available for: OS X Yosemite v10.10 to v10.10.4 Impact: An attacker with a privileged network position may be able to intercept users' Dictionary app queries Description: An issue existed in the Dictionary app, which did not properly secure user communications. This issue was addressed by moving Dictionary queries to HTTPS. CVE-ID CVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security Team

DiskImages Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team

dyld Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A path validation issue existed in dyld. This was addressed through improved environment sanitization. CVE-ID CVE-2015-3760 : beist of grayhash, Stefan Esser

FontParser Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted font file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of font files. This issue was addressed through improved input validation. CVE-ID CVE-2015-3804 : Apple CVE-2015-5775 : Apple

groff Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple issues in pdfroff Description: Multiple issues existed in pdfroff, the most serious of which may allow arbitrary filesystem modification. These issues were addressed by removing pdfroff. CVE-ID CVE-2009-5044 CVE-2009-5078

ImageIO Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted TIFF image may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the processing of TIFF images. This issue was addressed through improved bounds checking. CVE-ID CVE-2015-5758 : Apple

ImageIO Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Visiting a maliciously crafted website may result in the disclosure of process memory Description: An uninitialized memory access issue existed in ImageIO's handling of PNG and TIFF images. Visiting a malicious website may result in sending data from process memory to the website. This issue is addressed through improved memory initialization and additional validation of PNG and TIFF images. CVE-ID CVE-2015-5781 : Michal Zalewski CVE-2015-5782 : Michal Zalewski

Install Framework Legacy Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with root privileges Description: An issue existed in how Install.framework's 'runner' binary dropped privileges. This issue was addressed through improved privilege management. CVE-ID CVE-2015-5784 : Ian Beer of Google Project Zero

Install Framework Legacy Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A race condition existed in Install.framework's 'runner' binary that resulted in privileges being incorrectly dropped. This issue was addressed through improved object locking. CVE-ID CVE-2015-5754 : Ian Beer of Google Project Zero

IOFireWireFamily Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: Memory corruption issues existed in IOFireWireFamily. These issues were addressed through additional type input validation. CVE-ID CVE-2015-3769 : Ilja van Sprundel CVE-2015-3771 : Ilja van Sprundel CVE-2015-3772 : Ilja van Sprundel

IOGraphics Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in IOGraphics. This issue was addressed through additional type input validation. CVE-ID CVE-2015-3770 : Ilja van Sprundel CVE-2015-5783 : Ilja van Sprundel

IOHIDFamily Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A buffer overflow issue existed in IOHIDFamily. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5774 : TaiG Jailbreak Team

Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to determine kernel memory layout Description: An issue existed in the mach_port_space_info interface, which could have led to the disclosure of kernel memory layout. This was addressed by disabling the mach_port_space_info interface. This issue was addressed through improved validation of IOKit API arguments. CVE-ID CVE-2015-3768 : Ilja van Sprundel

Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to cause a system denial of service Description: A resource exhaustion issue existed in the fasttrap driver. This was addressed through improved memory handling. CVE-ID CVE-2015-5747 : Maxime VILLARD of m00nbsd

Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to cause a system denial of service Description: A validation issue existed in the mounting of HFS volumes. This was addressed by adding additional checks. CVE-ID CVE-2015-5748 : Maxime VILLARD of m00nbsd

Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute unsigned code Description: An issue existed that allowed unsigned code to be appended to signed code in a specially crafted executable file. This issue was addressed through improved code signature validation. CVE-ID CVE-2015-3806 : TaiG Jailbreak Team

Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A specially crafted executable file could allow unsigned, malicious code to execute Description: An issue existed in the way multi-architecture executable files were evaluated that could have allowed unsigned code to be executed. This issue was addressed through improved validation of executable files. CVE-ID CVE-2015-3803 : TaiG Jailbreak Team

Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute unsigned code Description: A validation issue existed in the handling of Mach-O files. This was addressed by adding additional checks. CVE-ID CVE-2015-3802 : TaiG Jailbreak Team CVE-2015-3805 : TaiG Jailbreak Team

Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted plist may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption existed in processing of malformed plists. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein (@jollyjinx) of Jinx Germany

Kernel Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A path validation issue existed. This was addressed through improved environment sanitization. These were addressed through improved memory handling. CVE-ID CVE-2015-3796 : Ian Beer of Google Project Zero CVE-2015-3797 : Ian Beer of Google Project Zero CVE-2015-3798 : Ian Beer of Google Project Zero

Libinfo Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: Memory corruption issues existed in handling AF_INET6 sockets. These were addressed by improved memory handling. This issue was addressed through improved lock state checking. CVE-ID CVE-2015-5757 : Lufeng Li of Qihoo 360

libxml2 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2, the most serious of which may allow a remote attacker to cause a denial of service Description: Multiple vulnerabilities existed in libxml2 versions prior to 2.9.2. These were addressed by updating libxml2 to version 2.9.2. CVE-ID CVE-2012-6685 : Felix Groebert of Google CVE-2014-0191 : Felix Groebert of Google

libxml2 Available for: OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory access issue existed in libxml2. This was addressed by improved memory handling CVE-ID CVE-2014-3660 : Felix Groebert of Google

libxml2 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML document may lead to disclosure of user information Description: A memory corruption issue existed in parsing of XML files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3807 : Apple

libxpc Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in handling of malformed XPC messages. This issue was improved through improved bounds checking. CVE-ID CVE-2015-3795 : Mathew Rowley

mail_cmds Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary shell commands Description: A validation issue existed in the mailx parsing of email addresses. This was addressed by improved sanitization. CVE-ID CVE-2014-7844

Notification Center OSX Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A malicious application may be able to access all notifications previously displayed to users Description: An issue existed in Notification Center, which did not properly delete user notifications. This issue was addressed by correctly deleting notifications dismissed by users. CVE-ID CVE-2015-3764 : Jonathan Zdziarski

ntfs Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A local user may be able to execute arbitrary code with system privileges Description: A memory corruption issue existed in NTFS. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze Networks

OpenSSH Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Remote attackers may be able to circumvent a time delay for failed login attempts and conduct brute-force attacks Description: An issue existed when processing keyboard-interactive devices. This issue was addressed through improved authentication request validation. CVE-ID CVE-2015-5600

OpenSSL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg, the most serious of which may allow a remote attacker to cause a denial of service. Description: Multiple vulnerabilities existed in OpenSSL versions prior to 0.9.8zg. These were addressed by updating OpenSSL to version 0.9.8zg. This issue was addressed through improved memory handling. CVE-ID CVE-2013-7422

PostgreSQL Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: An attacker may be able to cause unexpected application termination or gain access to data without proper authentication Description: Multiple issues existed in PostgreSQL 9.2.4. These issues were addressed by updating PostgreSQL to 9.2.13. CVE-ID CVE-2014-0067 CVE-2014-8161 CVE-2015-0241 CVE-2015-0242 CVE-2015-0243 CVE-2015-0244

python Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in Python 2.7.6, the most serious of which may lead to arbitrary code execution Description: Multiple vulnerabilities existed in Python versions prior to 2.7.6. These were addressed by updating Python to version 2.7.10. CVE-ID CVE-2013-7040 CVE-2013-7338 CVE-2014-1912 CVE-2014-7185 CVE-2014-9365

QL Office Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted Office document may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing of Office documents. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5773 : Apple

QL Office Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted XML file may lead to disclosure of user information Description: An external entity reference issue existed in XML file parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-3784 : Bruno Morisson of INTEGRITY S.A.

Quartz Composer Framework Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted QuickTime file may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in parsing of QuickTime files. This issue was addressed through improved memory handling. CVE-ID CVE-2015-5771 : Apple

Quick Look Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Searching for a previously viewed website may launch the web browser and render that website Description: An issue existed where QuickLook had the capability to execute JavaScript. The issue was addressed by disallowing execution of JavaScript. CVE-ID CVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole

QuickTime 7 Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution Description: Multiple memory corruption issues existed in QuickTime. These issues were addressed through improved memory handling. CVE-ID CVE-2015-3765 : Joe Burnett of Audio Poison CVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos CVE-2015-5751 : WalkerFuz

SceneKit Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Viewing a maliciously crafted Collada file may lead to arbitrary code execution Description: A heap buffer overflow existed in SceneKit's handling of Collada files. This issue was addressed through improved input validation. CVE-ID CVE-2015-5772 : Apple

SceneKit Available for: OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5, OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in SceneKit. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3783 : Haris Andrianakis of Google Security Team

Security Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A standard user may be able to gain access to admin privileges without proper authentication Description: An issue existed in handling of user authentication. This issue was addressed through improved authentication checks. CVE-ID CVE-2015-3775 : [Eldon Ahrold]

SMBClient Available for: OS X Yosemite v10.10 to v10.10.4 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in the SMB client. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3773 : Ilja van Sprundel

Speech UI Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted unicode string with speech alerts enabled may lead to an unexpected application termination or arbitrary code execution Description: A memory corruption issue existed in handling of Unicode strings. This issue was addressed by improved memory handling. CVE-ID CVE-2015-3794 : Adam Greenbaum of Refinitive

sudo Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in sudo versions prior to 1.7.10p9, the most serious of which may allow an attacker access to arbitrary files Description: Multiple vulnerabilities existed in sudo versions prior to 1.7.10p9. These were addressed by updating sudo to version 1.7.10p9. CVE-ID CVE-2013-1775 CVE-2013-1776 CVE-2013-2776 CVE-2013-2777 CVE-2014-0106 CVE-2014-9680

tcpdump Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Multiple vulnerabilities existed in tcpdump 4.7.3, the most serious of which may allow a remote attacker to cause a denial of service. Description: Multiple vulnerabilities existed in tcpdump versions prior to 4.7.3. These were addressed by updating tcpdump to version 4.7.3. CVE-ID CVE-2014-8767 CVE-2014-8769 CVE-2014-9140

Text Formats Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Parsing a maliciously crafted text file may lead to disclosure of user information Description: An XML external entity reference issue existed with TextEdit parsing. This issue was addressed through improved parsing. CVE-ID CVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team

udf Available for: OS X Yosemite v10.10 to v10.10.4 Impact: Processing a maliciously crafted DMG file may lead to an unexpected application termination or arbitrary code execution with system privileges Description: A memory corruption issue existed in parsing of malformed DMG images. This issue was addressed through improved memory handling. CVE-ID CVE-2015-3767 : beist of grayhash

OS X Yosemite v10.10.5 includes the security content of Safari 8.0.8: https://support.apple.com/en-us/HT205033

OS X Yosemite 10.10.5 and Security Update 2015-006 may be obtained from the Mac App Store or Apple's Software Downloads web site: http://www.apple.com/support/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCAAGBQJVzM3+AAoJEBcWfLTuOo7tx/YP/RTsUUx0UTk7rXj6AEcHmiR4 Y2xTUOXqRmxhieSbsGK9laKL5++lIzkGh5RC7oYag0+OgWtZz+EU/EtdoEJmGNJ6 +PgoEnizYdKhO1kos1KCHOwG6UFCqoeEm6Icm33nVUqWp7uAmhVRMRxtMJEScLSR 2LpsK0grIhFXtJGqu053TSKSCa1UTab8XWteZTT84uFGMSKbAFONj5CPIrR6+uev QpVTwrnskPDBOXJwGhjypvIBTbt2aa1wjCukOAWFHwf7Pma/QUdhKRkUK4vAb9/k fu2t2fBOvSMguJHRO+340NsQR9LvmdruBeAyNUH64srF1jtbAg0QnvZsPyO5aIyR A8WrzHl3oIc0II0y7VpI+3o0J3Nn03EcBPtIKeoeyznnjNziDm72HPI2d2+5ZSRz xjAd4Nmw+dgGq+UMkusIXgtRK4HcEpwzfImf3zqnKHakSncnFPhGKyNEgn8bK9a7 AeAvSqMXXsJg8weHUF2NLnAn/42k2wIE8d5BOLaIy13xz6MJn7VUI21pK0zCaGBF sfkRFZP0eEVh8ZzU/nWp9E5KDpbsd72biJwvjWH4OrmkfzUWxStQiVwPTxtZD9LW c5ZWe+vqZJV9eYRH2hAOMPaYkOQ5Z4DySNVVOFAG0eq9til8+V0k3L7ipIVd2XUB msu6gVP8uZhFYNb8byVJ =+0e/ -----END PGP SIGNATURE----- . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201507-11

                                       https://security.gentoo.org/

Severity: Normal Title: Perl: Denial of Service Date: July 10, 2015 Bugs: #216671 ID: 201507-11

Synopsis

A vulnerability in Perl allows a remote attacker to cause Denial of Service.

Background

Perl is a highly capable, feature-rich programming language.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 dev-lang/perl < 5.20.1-r4 >= 5.20.1-r4

Description

S_regmatch() function lacks proper checks before passing arguments to atoi()

Impact

A remote attacker could send a specially crafted input, possibly resulting in a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Perl users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.20.1-r4"

References

[ 1 ] CVE-2013-7422 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7422

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/201507-11

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5 . ============================================================================ Ubuntu Security Notice USN-2916-1 March 02, 2016

perl vulnerabilities

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 15.10
Ubuntu 14.04 LTS
Ubuntu 12.04 LTS

Summary:

Several security issues were fixed in Perl.

Software Description: - perl: Practical Extraction and Report Language

Details:

It was discovered that Perl incorrectly handled certain regular expressions with an invalid backreference. (CVE-2013-7422)

Markus Vervier discovered that Perl incorrectly handled nesting in the Data::Dumper module. (CVE-2014-4330)

Stephane Chazelas discovered that Perl incorrectly handled duplicate environment variables. An attacker could possibly use this issue to bypass the taint protection mechanism. (CVE-2016-2381)

Update instructions:

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.10: perl 5.20.2-6ubuntu0.2

Ubuntu 14.04 LTS: perl 5.18.2-2ubuntu1.1

Ubuntu 12.04 LTS: perl 5.14.2-6ubuntu2.5

In general, a standard system update will make all the necessary changes.

References: http://www.ubuntu.com/usn/usn-2916-1 CVE-2013-7422, CVE-2014-4330, CVE-2016-2381

Package Information: https://launchpad.net/ubuntu/+source/perl/5.20.2-6ubuntu0.2 https://launchpad.net/ubuntu/+source/perl/5.18.2-2ubuntu1.1 https://launchpad.net/ubuntu/+source/perl/5.14.2-6ubuntu2.5

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201508-0153",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "perl",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "perl",
        "version": "5.18.4"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.10.4"
      },
      {
        "model": "perl",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "the perl",
        "version": "5.20"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apple",
        "version": "10.10 to  10.10.4"
      },
      {
        "model": "perl",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "perl",
        "version": "5.19.4"
      },
      {
        "model": "linux",
        "scope": null,
        "trust": 0.3,
        "vendor": "gentoo",
        "version": null
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.4"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.3"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.2"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.1"
      },
      {
        "model": "mac os",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10"
      },
      {
        "model": "perl",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "perl",
        "version": "5.19.5"
      },
      {
        "model": "mac os",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apple",
        "version": "x10.10.5"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "75704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004258"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-7422"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-675"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.10.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:perl:perl:5.18.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-7422"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "andrewn [at] locus.net",
    "sources": [
      {
        "db": "BID",
        "id": "75704"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-675"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2013-7422",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2013-7422",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "VHN-67424",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-7422",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201507-675",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-67424",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-67424"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004258"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-7422"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-675"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression. Perl is prone to a denial-of-service vulnerability. \nSuccessful exploits will allow attackers to cause a denial-of-service condition. Apple OS X is a dedicated operating system developed by Apple for Mac computers. Perl is a free and powerful cross-platform programming language developed by American programmer Larry Wall. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update\n2015-006\n\nOS X Yosemite v10.10.5 and Security Update 2015-006 is now available\nand addresses the following:\n\napache\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  Multiple vulnerabilities existed in Apache 2.4.16, the most\nserious of which may allow a remote attacker to cause a denial of\nservice. \nDescription:  Multiple vulnerabilities existed in Apache versions\nprior to 2.4.16. These were addressed by updating Apache to version\n2.4.16. \nCVE-ID\nCVE-2014-3581\nCVE-2014-3583\nCVE-2014-8109\nCVE-2015-0228\nCVE-2015-0253\nCVE-2015-3183\nCVE-2015-3185\n\napache_mod_php\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  Multiple vulnerabilities existed in PHP 5.5.20, the most\nserious of which may lead to arbitrary code execution. \nDescription:  Multiple vulnerabilities existed in PHP versions prior\nto 5.5.20. These were addressed by updating Apache to version 5.5.27. \nCVE-ID\nCVE-2015-2783\nCVE-2015-2787\nCVE-2015-3307\nCVE-2015-3329\nCVE-2015-3330\nCVE-2015-4021\nCVE-2015-4022\nCVE-2015-4024\nCVE-2015-4025\nCVE-2015-4026\nCVE-2015-4147\nCVE-2015-4148\n\nApple ID OD Plug-in\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious application may be able change the password of a\nlocal user\nDescription:  In some circumstances, a state management issue existed\nin password authentication. The issue was addressed through improved\nstate management. \nCVE-ID\nCVE-2015-3799 : an anonymous researcher working with HP\u0027s Zero Day\nInitiative\n\nAppleGraphicsControl\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An issue existed in AppleGraphicsControl which could\nhave led to the disclosure of kernel memory layout. This issue was\naddressed through improved bounds checking. \nCVE-ID\nCVE-2015-5768 : JieTao Yang of KeenTeam\n\nBluetooth\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A memory corruption issue existed in\nIOBluetoothHCIController. This issue was addressed through improved\nmemory handling. \nCVE-ID\nCVE-2015-3779 : Teddy Reed of Facebook Security\n\nBluetooth\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  A memory management issue could have led to the\ndisclosure of kernel memory layout. This issue was addressed with\nimproved memory management. \nCVE-ID\nCVE-2015-3780 : Roberto Paleari and Aristide Fattori of Emaze\nNetworks\n\nBluetooth\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious app may be able to access notifications from\nother iCloud devices\nDescription:  An issue existed where a malicious app could access a\nBluetooth-paired Mac or iOS device\u0027s Notification Center\nnotifications via the Apple Notification Center Service. The issue\naffected devices using Handoff and logged into the same iCloud\naccount. This issue was resolved by revoking access to the Apple\nNotification Center Service. \nCVE-ID\nCVE-2015-3786 : Xiaolong Bai (Tsinghua University), System Security\nLab (Indiana University), Tongxin Li (Peking University), XiaoFeng\nWang (Indiana University)\n\nBluetooth\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  An attacker with privileged network position may be able to\nperform denial of service attack using malformed Bluetooth packets\nDescription:  An input validation issue existed in parsing of\nBluetooth ACL packets. This issue was addressed through improved\ninput validation. These issues were addressed through\nimproved bounds checking. \nCVE-ID\nCVE-2015-3777 : mitp0sh of [PDX]\n\nbootp\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious Wi-Fi network may be able to determine networks\na device has previously accessed\nDescription:  Upon connecting to a Wi-Fi network, iOS may have\nbroadcast MAC addresses of previously accessed networks via the DNAv4\nprotocol. This issue was addressed through disabling DNAv4 on\nunencrypted Wi-Fi networks. \nCVE-ID\nCVE-2015-3778 : Piers O\u0027Hanlon of Oxford Internet Institute,\nUniversity of Oxford (on the EPSRC Being There project)\n\nCloudKit\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious application may be able to access the iCloud\nuser record of a previously signed in user\nDescription:  A state inconsistency existed in CloudKit when signing\nout users. This issue was addressed through improved state handling. \nCVE-ID\nCVE-2015-3782 : Deepkanwal Plaha of University of Toronto\n\nCoreMedia Playback\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Viewing a maliciously crafted movie file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  Memory corruption issues existed in CoreMedia Playback. \nThese were addressed through improved memory handling. \nCVE-ID\nCVE-2015-5777 : Apple\nCVE-2015-5778 : Apple\n\nCoreText\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  Processing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5761 : John Villamil (@day6reak), Yahoo Pentest Team\n\nCoreText\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Processing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5755 : John Villamil (@day6reak), Yahoo Pentest Team\n\ncurl\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Multiple vulnerabilities in cURL and libcurl prior to\n7.38.0, one of which may allow remote attackers to bypass the Same\nOrigin Policy. \nDescription:  Multiple vulnerabilities existed in cURL and libcurl\nprior to 7.38.0. These issues were addressed by updating cURL to\nversion 7.43.0. \nCVE-ID\nCVE-2014-3613\nCVE-2014-3620\nCVE-2014-3707\nCVE-2014-8150\nCVE-2014-8151\nCVE-2015-3143\nCVE-2015-3144\nCVE-2015-3145\nCVE-2015-3148\nCVE-2015-3153\n\nData Detectors Engine\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Processing a sequence of unicode characters can lead to an\nunexpected application termination or arbitrary code execution\nDescription:  Memory corruption issues existed in processing of\nUnicode characters. These issues were addressed through improved\nmemory handling. \nCVE-ID\nCVE-2015-5750 : M1x7e1 of Safeye Team (www.safeye.org)\n\nDate \u0026 Time pref pane\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Applications that rely on system time may have unexpected\nbehavior\nDescription:  An authorization issue existed when modifying the\nsystem date and time preferences. This issue was addressed with\nadditional authorization checks. \nCVE-ID\nCVE-2015-3757 : Mark S C Smith\n\nDictionary Application\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  An attacker with a privileged network position may be able\nto intercept users\u0027 Dictionary app queries\nDescription:  An issue existed in the Dictionary app, which did not\nproperly secure user communications. This issue was addressed by\nmoving Dictionary queries to HTTPS. \nCVE-ID\nCVE-2015-3774 : Jeffrey Paul of EEQJ, Jan Bee of the Google Security\nTeam\n\nDiskImages\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Processing a maliciously crafted DMG file may lead to an\nunexpected application termination or arbitrary code execution with\nsystem privileges\nDescription:  A memory corruption issue existed in parsing of\nmalformed DMG images. This issue was addressed through improved\nmemory handling. \nCVE-ID\nCVE-2015-3800 : Frank Graziano of the Yahoo Pentest Team\n\ndyld\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A path validation issue existed in dyld. This was\naddressed through improved environment sanitization. \nCVE-ID\nCVE-2015-3760 : beist of grayhash, Stefan Esser\n\nFontParser\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  Processing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-3804 : Apple\nCVE-2015-5775 : Apple\n\nFontParser\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  Processing a maliciously crafted font file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nfont files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5756 : John Villamil (@day6reak), Yahoo Pentest Team\n\ngroff\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Multiple issues in pdfroff\nDescription:  Multiple issues existed in pdfroff, the most serious of\nwhich may allow arbitrary filesystem modification. These issues were\naddressed by removing pdfroff. \nCVE-ID\nCVE-2009-5044\nCVE-2009-5078\n\nImageIO\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Processing a maliciously crafted TIFF image may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the processing of\nTIFF images. This issue was addressed through improved bounds\nchecking. \nCVE-ID\nCVE-2015-5758 : Apple\n\nImageIO\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Visiting a maliciously crafted website may result in the\ndisclosure of process memory\nDescription:  An uninitialized memory access issue existed in\nImageIO\u0027s handling of PNG and TIFF images. Visiting a malicious\nwebsite may result in sending data from process memory to the\nwebsite. This issue is addressed through improved memory\ninitialization and additional validation of PNG and TIFF images. \nCVE-ID\nCVE-2015-5781 : Michal Zalewski\nCVE-2015-5782 : Michal Zalewski\n\nInstall Framework Legacy\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious application may be able to execute arbitrary\ncode with root privileges\nDescription:  An issue existed in how Install.framework\u0027s \u0027runner\u0027\nbinary dropped privileges. This issue was addressed through improved\nprivilege management. \nCVE-ID\nCVE-2015-5784 : Ian Beer of Google Project Zero\n\nInstall Framework Legacy\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A race condition existed in\nInstall.framework\u0027s \u0027runner\u0027 binary that resulted in\nprivileges being incorrectly dropped. This issue was addressed\nthrough improved object locking. \nCVE-ID\nCVE-2015-5754 : Ian Beer of Google Project Zero\n\nIOFireWireFamily\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  Memory corruption issues existed in IOFireWireFamily. \nThese issues were addressed through additional type input validation. \nCVE-ID\nCVE-2015-3769 : Ilja van Sprundel\nCVE-2015-3771 : Ilja van Sprundel\nCVE-2015-3772 : Ilja van Sprundel\n\nIOGraphics\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in IOGraphics. This\nissue was addressed through additional type input validation. \nCVE-ID\nCVE-2015-3770 : Ilja van Sprundel\nCVE-2015-5783 : Ilja van Sprundel\n\nIOHIDFamily\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A buffer overflow issue existed in IOHIDFamily. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5774 : TaiG Jailbreak Team\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious application may be able to determine kernel\nmemory layout\nDescription:  An issue existed in the mach_port_space_info interface,\nwhich could have led to the disclosure of kernel memory layout. This\nwas addressed by disabling the mach_port_space_info interface. This issue was addressed through improved validation of\nIOKit API arguments. \nCVE-ID\nCVE-2015-3768 : Ilja van Sprundel\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A resource exhaustion issue existed in the fasttrap\ndriver. This was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5747 : Maxime VILLARD of m00nbsd\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A local user may be able to cause a system denial of service\nDescription:  A validation issue existed in the mounting of HFS\nvolumes. This was addressed by adding additional checks. \nCVE-ID\nCVE-2015-5748 : Maxime VILLARD of m00nbsd\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious application may be able to execute unsigned code\nDescription:  An issue existed that allowed unsigned code to be\nappended to signed code in a specially crafted executable file. This\nissue was addressed through improved code signature validation. \nCVE-ID\nCVE-2015-3806 : TaiG Jailbreak Team\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A specially crafted executable file could allow unsigned,\nmalicious code to execute\nDescription:  An issue existed in the way multi-architecture\nexecutable files were evaluated that could have allowed unsigned code\nto be executed. This issue was addressed through improved validation\nof executable files. \nCVE-ID\nCVE-2015-3803 : TaiG Jailbreak Team\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A local user may be able to execute unsigned code\nDescription:  A validation issue existed in the handling of Mach-O\nfiles. This was addressed by adding additional checks. \nCVE-ID\nCVE-2015-3802 : TaiG Jailbreak Team\nCVE-2015-3805 : TaiG Jailbreak Team\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Parsing a maliciously crafted plist may lead to an\nunexpected application termination or arbitrary code execution with\nsystem privileges\nDescription:  A memory corruption existed in processing of malformed\nplists. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-3776 : Teddy Reed of Facebook Security, Patrick Stein\n(@jollyjinx) of Jinx Germany\n\nKernel\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A path validation issue existed. This was addressed\nthrough improved environment sanitization. \nThese were addressed through improved memory handling. \nCVE-ID\nCVE-2015-3796 : Ian Beer of Google Project Zero\nCVE-2015-3797 : Ian Beer of Google Project Zero\nCVE-2015-3798 : Ian Beer of Google Project Zero\n\nLibinfo\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  A remote attacker may be able to cause unexpected\napplication termination or arbitrary code execution\nDescription:  Memory corruption issues existed in handling AF_INET6\nsockets. These were addressed by improved memory handling. \nThis issue was addressed through improved lock state checking. \nCVE-ID\nCVE-2015-5757 : Lufeng Li of Qihoo 360\n\nlibxml2\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  Multiple vulnerabilities existed in libxml2 versions prior\nto 2.9.2, the most serious of which may allow a remote attacker to\ncause a denial of service\nDescription:  Multiple vulnerabilities existed in libxml2 versions\nprior to 2.9.2. These were addressed by updating libxml2 to version\n2.9.2. \nCVE-ID\nCVE-2012-6685 : Felix Groebert of Google\nCVE-2014-0191 : Felix Groebert of Google\n\nlibxml2\nAvailable for:  OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription:  A memory access issue existed in libxml2. This was\naddressed by improved memory handling\nCVE-ID\nCVE-2014-3660 : Felix Groebert of Google\n\nlibxml2\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  Parsing a maliciously crafted XML document may lead to\ndisclosure of user information\nDescription:  A memory corruption issue existed in parsing of XML\nfiles. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-3807 : Apple\n\nlibxpc\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious application may be able to execute arbitrary\ncode with system privileges\nDescription:  A memory corruption issue existed in handling of\nmalformed XPC messages. This issue was improved through improved\nbounds checking. \nCVE-ID\nCVE-2015-3795 : Mathew Rowley\n\nmail_cmds\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A local user may be able to execute arbitrary shell commands\nDescription:  A validation issue existed in the mailx parsing of\nemail addresses. This was addressed by improved sanitization. \nCVE-ID\nCVE-2014-7844\n\nNotification Center OSX\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A malicious application may be able to access all\nnotifications previously displayed to users\nDescription:  An issue existed in Notification Center, which did not\nproperly delete user notifications. This issue was addressed by\ncorrectly deleting notifications dismissed by users. \nCVE-ID\nCVE-2015-3764 : Jonathan Zdziarski\n\nntfs\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A local user may be able to execute arbitrary code with\nsystem privileges\nDescription:  A memory corruption issue existed in NTFS. This issue\nwas addressed through improved memory handling. \nCVE-ID\nCVE-2015-5763 : Roberto Paleari and Aristide Fattori of Emaze\nNetworks\n\nOpenSSH\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Remote attackers may be able to circumvent a time delay for\nfailed login attempts and conduct brute-force attacks\nDescription:  An issue existed when processing keyboard-interactive\ndevices. This issue was addressed through improved authentication\nrequest validation. \nCVE-ID\nCVE-2015-5600\n\nOpenSSL\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  Multiple vulnerabilities existed in OpenSSL versions prior\nto 0.9.8zg, the most serious of which may allow a remote attacker to\ncause a denial of service. \nDescription:  Multiple vulnerabilities existed in OpenSSL versions\nprior to 0.9.8zg. These were addressed by updating OpenSSL to version\n0.9.8zg. This issue was addressed through improved\nmemory handling. \nCVE-ID\nCVE-2013-7422\n\nPostgreSQL\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  An attacker may be able to cause unexpected application\ntermination or gain access to data without proper authentication\nDescription:  Multiple issues existed in PostgreSQL 9.2.4. These\nissues were addressed by updating PostgreSQL to 9.2.13. \nCVE-ID\nCVE-2014-0067\nCVE-2014-8161\nCVE-2015-0241\nCVE-2015-0242\nCVE-2015-0243\nCVE-2015-0244\n\npython\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Multiple vulnerabilities existed in Python 2.7.6, the most\nserious of which may lead to arbitrary code execution\nDescription:  Multiple vulnerabilities existed in Python versions\nprior to 2.7.6. These were addressed by updating Python to version\n2.7.10. \nCVE-ID\nCVE-2013-7040\nCVE-2013-7338\nCVE-2014-1912\nCVE-2014-7185\nCVE-2014-9365\n\nQL Office\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  Parsing a maliciously crafted Office document may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in parsing of Office\ndocuments. This issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-5773 : Apple\n\nQL Office\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Parsing a maliciously crafted XML file may lead to\ndisclosure of user information\nDescription:  An external entity reference issue existed in XML file\nparsing. This issue was addressed through improved parsing. \nCVE-ID\nCVE-2015-3784 : Bruno Morisson of INTEGRITY S.A. \n\nQuartz Composer Framework\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  Parsing a maliciously crafted QuickTime file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  A memory corruption issue existed in parsing of\nQuickTime files. This issue was addressed through improved memory\nhandling. \nCVE-ID\nCVE-2015-5771 : Apple\n\nQuick Look\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Searching for a previously viewed website may launch the web\nbrowser and render that website\nDescription:  An issue existed where QuickLook had the capability to\nexecute JavaScript. The issue was addressed by disallowing execution\nof JavaScript. \nCVE-ID\nCVE-2015-3781 : Andrew Pouliot of Facebook, Anto Loyola of Qubole\n\nQuickTime 7\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  Processing a maliciously crafted file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues existed in QuickTime. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-3772\nCVE-2015-3779\nCVE-2015-5753 : Apple\nCVE-2015-5779 : Apple\n\nQuickTime 7\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  Processing a maliciously crafted file may lead to an\nunexpected application termination or arbitrary code execution\nDescription:  Multiple memory corruption issues existed in QuickTime. \nThese issues were addressed through improved memory handling. \nCVE-ID\nCVE-2015-3765 : Joe Burnett of Audio Poison\nCVE-2015-3788 : Ryan Pentney and Richard Johnson of Cisco Talos\nCVE-2015-3789 : Ryan Pentney and Richard Johnson of Cisco Talos\nCVE-2015-3790 : Ryan Pentney and Richard Johnson of Cisco Talos\nCVE-2015-3791 : Ryan Pentney and Richard Johnson of Cisco Talos\nCVE-2015-3792 : Ryan Pentney and Richard Johnson of Cisco Talos\nCVE-2015-5751 : WalkerFuz\n\nSceneKit\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Viewing a maliciously crafted Collada file may lead to\narbitrary code execution\nDescription:  A heap buffer overflow existed in SceneKit\u0027s handling\nof Collada files. This issue was addressed through improved input\nvalidation. \nCVE-ID\nCVE-2015-5772 : Apple\n\nSceneKit\nAvailable for:  OS X Mountain Lion v10.8.5, OS X Mavericks v10.9.5,\nOS X Yosemite v10.10 to v10.10.4\nImpact:  A remote attacker may be able to cause unexpected\napplication termination or arbitrary code execution\nDescription:  A memory corruption issue existed in SceneKit. This\nissue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-3783 : Haris Andrianakis of Google Security Team\n\nSecurity\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A standard user may be able to gain access to admin\nprivileges without proper authentication\nDescription:  An issue existed in handling of user authentication. \nThis issue was addressed through improved authentication checks. \nCVE-ID\nCVE-2015-3775 : [Eldon Ahrold]\n\nSMBClient\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  A remote attacker may be able to cause unexpected\napplication termination or arbitrary code execution\nDescription:  A memory corruption issue existed in the SMB client. \nThis issue was addressed through improved memory handling. \nCVE-ID\nCVE-2015-3773 : Ilja van Sprundel\n\nSpeech UI\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Parsing a maliciously crafted unicode string with speech\nalerts enabled may lead to an unexpected application termination or\narbitrary code execution\nDescription:  A memory corruption issue existed in handling of\nUnicode strings. This issue was addressed by improved memory\nhandling. \nCVE-ID\nCVE-2015-3794 : Adam Greenbaum of Refinitive\n\nsudo\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Multiple vulnerabilities existed in sudo versions prior to\n1.7.10p9, the most serious of which may allow an attacker access to\narbitrary files\nDescription:  Multiple vulnerabilities existed in sudo versions prior\nto 1.7.10p9. These were addressed by updating sudo to version\n1.7.10p9. \nCVE-ID\nCVE-2013-1775\nCVE-2013-1776\nCVE-2013-2776\nCVE-2013-2777\nCVE-2014-0106\nCVE-2014-9680\n\ntcpdump\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Multiple vulnerabilities existed in tcpdump 4.7.3, the most\nserious of which may allow a remote attacker to cause a denial of\nservice. \nDescription:  Multiple vulnerabilities existed in tcpdump versions\nprior to 4.7.3. These were addressed by updating tcpdump to version\n4.7.3. \nCVE-ID\nCVE-2014-8767\nCVE-2014-8769\nCVE-2014-9140\n\nText Formats\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Parsing a maliciously crafted text file may lead to\ndisclosure of user information\nDescription:  An XML external entity reference issue existed with\nTextEdit parsing. This issue was addressed through improved parsing. \nCVE-ID\nCVE-2015-3762 : Xiaoyong Wu of the Evernote Security Team\n\nudf\nAvailable for:  OS X Yosemite v10.10 to v10.10.4\nImpact:  Processing a maliciously crafted DMG file may lead to an\nunexpected application termination or arbitrary code execution with\nsystem privileges\nDescription:  A memory corruption issue existed in parsing of\nmalformed DMG images. This issue was addressed through improved\nmemory handling. \nCVE-ID\nCVE-2015-3767 : beist of grayhash\n\nOS X Yosemite v10.10.5 includes the security content of Safari 8.0.8:\nhttps://support.apple.com/en-us/HT205033\n\nOS X Yosemite 10.10.5 and Security Update 2015-006 may be obtained\nfrom the Mac App Store or Apple\u0027s Software Downloads web site:\nhttp://www.apple.com/support/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n\n\n-----BEGIN PGP SIGNATURE-----\n\niQIcBAEBCAAGBQJVzM3+AAoJEBcWfLTuOo7tx/YP/RTsUUx0UTk7rXj6AEcHmiR4\nY2xTUOXqRmxhieSbsGK9laKL5++lIzkGh5RC7oYag0+OgWtZz+EU/EtdoEJmGNJ6\n+PgoEnizYdKhO1kos1KCHOwG6UFCqoeEm6Icm33nVUqWp7uAmhVRMRxtMJEScLSR\n2LpsK0grIhFXtJGqu053TSKSCa1UTab8XWteZTT84uFGMSKbAFONj5CPIrR6+uev\nQpVTwrnskPDBOXJwGhjypvIBTbt2aa1wjCukOAWFHwf7Pma/QUdhKRkUK4vAb9/k\nfu2t2fBOvSMguJHRO+340NsQR9LvmdruBeAyNUH64srF1jtbAg0QnvZsPyO5aIyR\nA8WrzHl3oIc0II0y7VpI+3o0J3Nn03EcBPtIKeoeyznnjNziDm72HPI2d2+5ZSRz\nxjAd4Nmw+dgGq+UMkusIXgtRK4HcEpwzfImf3zqnKHakSncnFPhGKyNEgn8bK9a7\nAeAvSqMXXsJg8weHUF2NLnAn/42k2wIE8d5BOLaIy13xz6MJn7VUI21pK0zCaGBF\nsfkRFZP0eEVh8ZzU/nWp9E5KDpbsd72biJwvjWH4OrmkfzUWxStQiVwPTxtZD9LW\nc5ZWe+vqZJV9eYRH2hAOMPaYkOQ5Z4DySNVVOFAG0eq9til8+V0k3L7ipIVd2XUB\nmsu6gVP8uZhFYNb8byVJ\n=+0e/\n-----END PGP SIGNATURE-----\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 201507-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: Perl: Denial of Service\n     Date: July 10, 2015\n     Bugs: #216671\n       ID: 201507-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nA vulnerability in Perl allows a remote attacker to cause Denial of\nService. \n\nBackground\n==========\n\nPerl is a highly capable, feature-rich programming language. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  dev-lang/perl              \u003c 5.20.1-r4              \u003e= 5.20.1-r4 \n\nDescription\n===========\n\nS_regmatch() function lacks proper checks before passing arguments to\natoi()\n\nImpact\n======\n\nA remote attacker could send a specially crafted input, possibly\nresulting in a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Perl users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=dev-lang/perl-5.20.1-r4\"\n\nReferences\n==========\n\n[ 1 ] CVE-2013-7422\n      http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-7422\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201507-11\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. ============================================================================\nUbuntu Security Notice USN-2916-1\nMarch 02, 2016\n\nperl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in Perl. \n\nSoftware Description:\n- perl: Practical Extraction and Report Language\n\nDetails:\n\nIt was discovered that Perl incorrectly handled certain regular expressions\nwith an invalid backreference. (CVE-2013-7422)\n\nMarkus Vervier discovered that Perl incorrectly handled nesting in the\nData::Dumper module. (CVE-2014-4330)\n\nStephane Chazelas discovered that Perl incorrectly handled duplicate\nenvironment variables. An attacker could possibly use this issue to bypass\nthe taint protection mechanism. (CVE-2016-2381)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.10:\n  perl                            5.20.2-6ubuntu0.2\n\nUbuntu 14.04 LTS:\n  perl                            5.18.2-2ubuntu1.1\n\nUbuntu 12.04 LTS:\n  perl                            5.14.2-6ubuntu2.5\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n  http://www.ubuntu.com/usn/usn-2916-1\n  CVE-2013-7422, CVE-2014-4330, CVE-2016-2381\n\nPackage Information:\n  https://launchpad.net/ubuntu/+source/perl/5.20.2-6ubuntu0.2\n  https://launchpad.net/ubuntu/+source/perl/5.18.2-2ubuntu1.1\n  https://launchpad.net/ubuntu/+source/perl/5.14.2-6ubuntu2.5\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-7422"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004258"
      },
      {
        "db": "BID",
        "id": "75704"
      },
      {
        "db": "VULHUB",
        "id": "VHN-67424"
      },
      {
        "db": "PACKETSTORM",
        "id": "133079"
      },
      {
        "db": "PACKETSTORM",
        "id": "132639"
      },
      {
        "db": "PACKETSTORM",
        "id": "136050"
      }
    ],
    "trust": 2.25
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.scap.org.cn/vuln/vhn-67424",
        "trust": 0.1,
        "type": "unknown"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-67424"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-7422",
        "trust": 3.1
      },
      {
        "db": "BID",
        "id": "75704",
        "trust": 2.0
      },
      {
        "db": "JVN",
        "id": "JVNVU94440136",
        "trust": 0.8
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004258",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-675",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "132639",
        "trust": 0.2
      },
      {
        "db": "PACKETSTORM",
        "id": "136050",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-67424",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "133079",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-67424"
      },
      {
        "db": "BID",
        "id": "75704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004258"
      },
      {
        "db": "PACKETSTORM",
        "id": "133079"
      },
      {
        "db": "PACKETSTORM",
        "id": "132639"
      },
      {
        "db": "PACKETSTORM",
        "id": "136050"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-7422"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-675"
      }
    ]
  },
  "id": "VAR-201508-0153",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-67424"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:41:02.829000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple security updates",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht201222"
      },
      {
        "title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
        "trust": 0.8,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "http://support.apple.com/en-us/ht205031"
      },
      {
        "title": "HT205031",
        "trust": 0.8,
        "url": "http://support.apple.com/ja-jp/ht205031"
      },
      {
        "title": "[perl #119505] Segfault from bad backreference",
        "trust": 0.8,
        "url": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004258"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-189",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-67424"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004258"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-7422"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/75704"
      },
      {
        "trust": 1.7,
        "url": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/kb/ht205031"
      },
      {
        "trust": 1.2,
        "url": "https://security.gentoo.org/glsa/201507-11"
      },
      {
        "trust": 1.2,
        "url": "http://www.ubuntu.com/usn/usn-2916-1"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7422"
      },
      {
        "trust": 0.8,
        "url": "http://jvn.jp/vu/jvnvu94440136/index.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7422"
      },
      {
        "trust": 0.3,
        "url": "www.perl.org"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7422"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8109"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1775"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3583"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3613"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-7185"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/en-us/ht205033"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8161"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2776"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8767"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-5044"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3620"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-2777"
      },
      {
        "trust": 0.1,
        "url": "http://www.apple.com/support/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3581"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-7844"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0106"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-1776"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8769"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7338"
      },
      {
        "trust": 0.1,
        "url": "https://www.safeye.org)"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3707"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0191"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0067"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2009-5078"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-7040"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2012-6685"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8150"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-8151"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-3660"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-1912"
      },
      {
        "trust": 0.1,
        "url": "http://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-7422"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/perl/5.20.2-6ubuntu0.2"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/perl/5.14.2-6ubuntu2.5"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2016-2381"
      },
      {
        "trust": 0.1,
        "url": "https://launchpad.net/ubuntu/+source/perl/5.18.2-2ubuntu1.1"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-4330"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-67424"
      },
      {
        "db": "BID",
        "id": "75704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004258"
      },
      {
        "db": "PACKETSTORM",
        "id": "133079"
      },
      {
        "db": "PACKETSTORM",
        "id": "132639"
      },
      {
        "db": "PACKETSTORM",
        "id": "136050"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-7422"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-675"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-67424"
      },
      {
        "db": "BID",
        "id": "75704"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004258"
      },
      {
        "db": "PACKETSTORM",
        "id": "133079"
      },
      {
        "db": "PACKETSTORM",
        "id": "132639"
      },
      {
        "db": "PACKETSTORM",
        "id": "136050"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-7422"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-675"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2015-08-16T00:00:00",
        "db": "VULHUB",
        "id": "VHN-67424"
      },
      {
        "date": "2015-01-29T00:00:00",
        "db": "BID",
        "id": "75704"
      },
      {
        "date": "2015-08-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-004258"
      },
      {
        "date": "2015-08-13T22:15:27",
        "db": "PACKETSTORM",
        "id": "133079"
      },
      {
        "date": "2015-07-10T15:43:30",
        "db": "PACKETSTORM",
        "id": "132639"
      },
      {
        "date": "2016-03-03T00:58:09",
        "db": "PACKETSTORM",
        "id": "136050"
      },
      {
        "date": "2015-08-16T23:59:00.097000",
        "db": "NVD",
        "id": "CVE-2013-7422"
      },
      {
        "date": "2015-01-29T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-675"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2016-12-22T00:00:00",
        "db": "VULHUB",
        "id": "VHN-67424"
      },
      {
        "date": "2015-11-03T19:02:00",
        "db": "BID",
        "id": "75704"
      },
      {
        "date": "2015-08-21T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2015-004258"
      },
      {
        "date": "2016-12-22T02:59:04.577000",
        "db": "NVD",
        "id": "CVE-2013-7422"
      },
      {
        "date": "2015-08-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201507-675"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "132639"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-675"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple OS X Used in products such as  Perl of  regcomp.c Integer underflow vulnerability",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2015-004258"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "digital error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201507-675"
      }
    ],
    "trust": 0.6
  }
}

cve-2013-7422

Vulnerability from fkie_nvd

Published

2015-08-16 23:59

Modified

2024-11-21 02:00

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html	Vendor Advisory
secalert@redhat.com	http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06
secalert@redhat.com	http://www.securityfocus.com/bid/75704
secalert@redhat.com	http://www.ubuntu.com/usn/USN-2916-1
secalert@redhat.com	https://security.gentoo.org/glsa/201507-11
secalert@redhat.com	https://support.apple.com/kb/HT205031	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/75704
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2916-1
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201507-11
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT205031	Vendor Advisory

Impacted products

	Vendor	Product	Version
	apple	mac_os_x	*
	perl	perl	5.18.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7883E465-932D-4C11-AA54-97E44181F906",
              "versionEndIncluding": "10.10.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:perl:perl:5.18.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C5E931F-85AB-4D99-BDC4-80C666187C26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression."
    },
    {
      "lang": "es",
      "value": "Desbordamiento inferior de enteros en regcomp.c en Perl en versiones anteriores a 5.20, tal como se utiliza en Apple OS X en versiones anteriores a 10.10.5 y otros productos, permite a atacantes dependientes del contexto ejecutar c\u00f3digo arbitrario o causar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de una cadena larga de d\u00edgitos asociados con una referencia inversa no v\u00e1lida dentro de una expresi\u00f3n regular."
    }
  ],
  "id": "CVE-2013-7422",
  "lastModified": "2024-11-21T02:00:58.010",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-08-16T23:59:00.097",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/75704"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2916-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://security.gentoo.org/glsa/201507-11"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT205031"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/75704"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2916-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201507-11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT205031"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2013-7422

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2013-7422

Aliases

CVE-2013-7422

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-7422",
    "description": "Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.",
    "id": "GSD-2013-7422",
    "references": [
      "https://www.suse.com/security/cve/CVE-2013-7422.html",
      "https://ubuntu.com/security/CVE-2013-7422"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-7422"
      ],
      "details": "Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.",
      "id": "GSD-2013-7422",
      "modified": "2023-12-13T01:22:18.574391Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2013-7422",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "APPLE-SA-2015-08-13-2",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
          },
          {
            "name": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06",
            "refsource": "CONFIRM",
            "url": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06"
          },
          {
            "name": "GLSA-201507-11",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201507-11"
          },
          {
            "name": "USN-2916-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2916-1"
          },
          {
            "name": "https://support.apple.com/kb/HT205031",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT205031"
          },
          {
            "name": "75704",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/75704"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.10.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:perl:perl:5.18.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2013-7422"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-189"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "APPLE-SA-2015-08-13-2",
              "refsource": "APPLE",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
            },
            {
              "name": "https://support.apple.com/kb/HT205031",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/kb/HT205031"
            },
            {
              "name": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06"
            },
            {
              "name": "75704",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/75704"
            },
            {
              "name": "USN-2916-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2916-1"
            },
            {
              "name": "GLSA-201507-11",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/201507-11"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2016-12-22T02:59Z",
      "publishedDate": "2015-08-16T23:59Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2013-7422

Vulnerability from cvelistv5

ghsa-m7pj-qf68-j4wp

Vulnerability from github

var-201508-0153

Vulnerability from variot

Synopsis

Background

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License

perl vulnerabilities

cve-2013-7422

Vulnerability from fkie_nvd

gsd-2013-7422

Vulnerability from gsd

Tags

Sightings

Nomenclature