Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.6
CVSSv2

CVE-2005-3962

Published: 01/12/2005 Updated: 19/10/2018
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Perl

Vulnerability Summary

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows malicious users to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

Vulnerable Product Search on Vulmon Subscribe to Product

perl perl 5.8.6

perl perl 5.9.2

Vendor Advisories

Debian CVElist Bug Report Logs: Integer overflow in perl's format string code
Debian Bug report logs - #341542 Integer overflow in perl's format string code Package: perl; Maintainer for perl is Niko Tyni <ntyni@debianorg>; Source for perl is src:perl (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@inutilorg> Date: Thu, 1 Dec 2005 09:48:08 UTC Severity: grave Tags: security Fou ...
Red Hat: perl security update
Synopsis perl security update Type/Severity Security Advisory: Moderate Topic Updated Perl packages that fix security issues and bugs are now availablefor Red Hat Enterprise Linux 4This update has been rated as having moderate security impact by the RedHat Security Response Team Description ...
Red Hat: perl security update
Synopsis perl security update Type/Severity Security Advisory: Moderate Topic Updated Perl packages that fix security issues and bugs are now availablefor Red Hat Enterprise Linux 3This update has been rated as having moderate security impact by the RedHat Security Response Team Description ...
Ubuntu Security Notice: perl vulnerability
USN-222-1 fixed a vulnerability in the Perl interpreter It was discovered that the version of USN-222-1 was not sufficient to handle all possible cases of malformed input that could lead to arbitrary code execution, so another update is necessary ...
Ubuntu Security Notice: perl vulnerability
Jack Louis of Dyad Security discovered that Perl did not sufficiently check the explicit length argument in format strings Specially crafted format strings with overly large length arguments led to a crash of the Perl interpreter or even to execution of arbitrary attacker-defined code with the privileges of the user running the Perl program ...
Debian Security Advisories: DSA-943-1 perl -- integer overflow
Jack Louis discovered an integer overflow in Perl, Larry Wall's Practical Extraction and Report Language, that allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via specially crafted content that is passed to vulnerable format strings of third party software The old stable distribution (woody) does not seem to be a ...

References

CWE-189http://www.dyadsecurity.com/perl-0002.htmlhttp://www.kb.cert.org/vuls/id/948385http://www.securityfocus.com/bid/15629http://secunia.com/advisories/17802http://secunia.com/advisories/17844http://secunia.com/advisories/17762http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.htmlhttp://www.gentoo.org/security/en/glsa/glsa-200512-01.xmlhttp://www.trustix.org/errata/2005/0070http://secunia.com/advisories/17941http://secunia.com/advisories/17952http://www.redhat.com/support/errata/RHSA-2005-880.htmlhttp://www.novell.com/linux/security/advisories/2005_71_perl.htmlhttp://secunia.com/advisories/18183http://secunia.com/advisories/18187http://www.redhat.com/support/errata/RHSA-2005-881.htmlhttp://secunia.com/advisories/18075http://www.openbsd.org/errata37.html#perlhttp://secunia.com/advisories/18295ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patchhttp://www.osvdb.org/21345http://www.osvdb.org/22255ftp://patches.sgi.com/support/free/security/advisories/20060101-01-Uhttp://secunia.com/advisories/18517http://secunia.com/advisories/17993https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.htmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1http://secunia.com/advisories/19041http://www.debian.org/security/2006/dsa-943http://secunia.com/advisories/18413http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056http://support.avaya.com/elmodocs2/security/ASA-2006-081.htmhttp://www.novell.com/linux/security/advisories/2005_29_sr.htmlhttp://secunia.com/advisories/20894http://docs.info.apple.com/article.html?artnum=304829http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.htmlhttp://www.us-cert.gov/cas/techalerts/TA06-333A.htmlhttp://secunia.com/advisories/23155http://www.mandriva.com/security/advisories?name=MDKSA-2005:225http://www.ipcop.org/index.php?name=News&file=article&sid=41http://secunia.com/advisories/31208http://www.vupen.com/english/advisories/2006/2613http://www.vupen.com/english/advisories/2006/0771http://www.vupen.com/english/advisories/2006/4750ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patchhttp://www.vupen.com/english/advisories/2005/2688http://marc.info/?l=full-disclosure&m=113342788118630&w=2https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598https://usn.ubuntu.com/222-1/http://www.securityfocus.com/archive/1/438726/100/0/threadedhttp://www.securityfocus.com/archive/1/418333/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=341542https://nvd.nist.govhttps://usn.ubuntu.com/222-2/https://www.kb.cert.org/vuls/id/948385
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook