FKIE_CVE-2010-1158

Vulnerability from fkie_nvd - Published: 2010-04-20 15:30 - Updated: 2025-04-11 00:51
Severity ?
Summary
Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.
References
secalert@redhat.comhttp://bugs.gentoo.org/show_bug.cgi?id=313565Exploit
secalert@redhat.comhttp://perldoc.perl.org/perl5100delta.html
secalert@redhat.comhttp://secunia.com/advisories/55314
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2010/04/08/9
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2010/04/14/3
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=580605
af854a3a-2127-422b-91ae-364da2661108http://bugs.gentoo.org/show_bug.cgi?id=313565Exploit
af854a3a-2127-422b-91ae-364da2661108http://perldoc.perl.org/perl5100delta.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/55314
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/04/08/9
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2010/04/14/3
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=580605
Impacted products
Vendor Product Version
perl perl 5.8.1
perl perl 5.8.2
perl perl 5.8.3
perl perl 5.8.4
perl perl 5.8.5
perl perl 5.8.6
perl perl 5.8.7
perl perl 5.8.8
perl perl 5.8.9
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:perl:perl:5.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "70CBBC87-F6F7-45AF-9B54-95402D03C75F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:perl:perl:5.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B34EA51-64A3-483A-AF99-01358F6BE8D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:perl:perl:5.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8E0DBA5-360F-463E-A840-365168A1FCC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:perl:perl:5.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EA80F25-A108-4B65-BE25-56DE17B930EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:perl:perl:5.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECB2B6E2-890E-4B6E-833F-DF40E6D77E22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "53F0358E-0722-48A6-A2C6-470229602089",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:perl:perl:5.8.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8DFDF97-EF44-448F-A5CA-021B2D64605F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E98D2706-99B7-4153-925B-77A8CECD7CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:perl:perl:5.8.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "B10AD15E-6275-48AB-8757-FB5A735C82D9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string."
    },
    {
      "lang": "es",
      "value": "Desbordamiento de entero en el motor de expresiones regulares de Perl v5.8.x permite a atacantes dependiendo del contexto provocar una denegaci\u00f3n de servicio (consumo de la pila y ca\u00edda de la aplicaci\u00f3n) cotejando una expresi\u00f3n regular modificada contra una cadena de texto extensa."
    }
  ],
  "id": "CVE-2010-1158",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2010-04-20T15:30:00.427",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=313565"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://perldoc.perl.org/perl5100delta.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/55314"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2010/04/08/9"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2010/04/14/3"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=580605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://bugs.gentoo.org/show_bug.cgi?id=313565"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://perldoc.perl.org/perl5100delta.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/55314"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2010/04/08/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2010/04/14/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=580605"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vendorComments": [
    {
      "comment": "The Red Hat Security Response Team has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, or 5.",
      "lastModified": "2010-04-22T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-189"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.