Vulnerability CVE-2010-4777
Published: 2014-02-10

Description:
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.

See advisories in our WLB2 database:
Topic
Author
Date
Low
PERL 5.10.0, 5.12.0, 5.14.0 Denial of Service
Nobody
10.02.2014

Type:

CWE-20

 (Improper Input Validation)

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:N/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
None
Partial
Affected software
PERL -> PERL 

 References:
https://rt.perl.org/Public/Bug/Display.html?id=76538
https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.html
https://bugzilla.redhat.com/show_bug.cgi?id=694166
http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.html
http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
http://forums.ocsinventory-ng.org/viewtopic.php?id=7215
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836
Copyright 2024, cxsecurity.com

 

Back to Top