FKIE_CVE-2010-4777

Vulnerability from fkie_nvd - Published: 2014-02-10 18:15 - Updated: 2025-04-11 00:51
Severity ?
Summary
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.
References
cve@mitre.orghttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836
cve@mitre.orghttp://forums.ocsinventory-ng.org/viewtopic.php?id=7215
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=694166
cve@mitre.orghttps://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html
cve@mitre.orghttps://rt.perl.org/Public/Bug/Display.html?id=76538
af854a3a-2127-422b-91ae-364da2661108http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836
af854a3a-2127-422b-91ae-364da2661108http://forums.ocsinventory-ng.org/viewtopic.php?id=7215
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=694166
af854a3a-2127-422b-91ae-364da2661108https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html
af854a3a-2127-422b-91ae-364da2661108https://rt.perl.org/Public/Bug/Display.html?id=76538
Impacted products
Vendor Product Version
perl perl 5.10
perl perl 5.12.0
perl perl 5.14.0
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "777EC860-FB16-4B15-A8BE-3EAE9FD8A99D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BC3F8EA-BE60-4EAB-A9B9-DB1368B5430C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A968B30-8456-49C2-A9B0-6CF55CB3C7B4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n Perl_reg_numbered_buff_fetch en Perl 5.10.0, 5.12.0, 5.14.0 y otras versiones, cuando funciona con debugging activado, permite a atacantes dependientes de contexto causar una denegaci\u00f3n de servicio (fallo de aserci\u00f3n y cierre de la aplicaci\u00f3n) a trav\u00e9s de una entrada manipulada que no es manejada adecuadamente cuando hace uso de ciertas expresiones regulares, como se ha demostrado causando la ca\u00edda de SpamAssassin y OCSInventory."
    }
  ],
  "id": "CVE-2010-4777",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-02-10T18:15:08.967",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://forums.ocsinventory-ng.org/viewtopic.php?id=7215"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694166"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://rt.perl.org/Public/Bug/Display.html?id=76538"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://forums.ocsinventory-ng.org/viewtopic.php?id=7215"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=694166"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://rt.perl.org/Public/Bug/Display.html?id=76538"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.