Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2007-5116

Published: 07/11/2007 Updated: 15/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Debian Linux

Vulnerability Summary

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent malicious users to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

larry_wall perl 5.8.4.1

larry_wall perl 5.8.4.2

openpkg openpkg current

redhat enterprise_linux 1.0

larry_wall perl 5.8.4.2.3

larry_wall perl 5.8.4.3

larry_wall perl 5.8.3

larry_wall perl 5.8.4

larry_wall perl 5.8.6

mandrakesoft mandrake_multi_network_firewall 2.0

larry_wall perl 5.8.0

larry_wall perl 5.8.1

larry_wall perl 5.8.4.4

larry_wall perl 5.8.4.5

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2007-5116 buffer overflow in the polymorphic opcode regcomp.c
Debian Bug report logs - #450794 CVE-2007-5116 buffer overflow in the polymorphic opcode regcompc Package: perl; Maintainer for perl is Niko Tyni <ntyni@debianorg>; Source for perl is src:perl (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Sat, 10 Nov 2007 18:03:01 UTC Severity: grave Tags: ...
Ubuntu Security Notice: perl vulnerability
It was discovered that Perl’s regular expression library did not correctly handle certain UTF sequences If a user or automated system were tricked into running a specially crafted regular expression, a remote attacker could crash the application or possibly execute arbitrary code with user privileges ...
Debian Security Advisories: DSA-1400-1 perl -- heap overflow
Will Drewry and Tavis Ormandy of the Google Security Team have discovered a UTF-8 related heap overflow in Perl's regular expression compiler, probably allowing attackers to execute arbitrary code by compiling specially crafted regular expressions For the old stable distribution (sarge), this problem has been fixed in version 584-8sarge6 Fo ...

References

CWE-119https://bugzilla.redhat.com/show_bug.cgi?id=323571http://www.mandriva.com/security/advisories?name=MDKSA-2007:207http://www.redhat.com/support/errata/RHSA-2007-0966.htmlhttp://www.redhat.com/support/errata/RHSA-2007-1011.htmlhttp://www.securityfocus.com/bid/26350http://secunia.com/advisories/27531http://secunia.com/advisories/27546https://bugzilla.redhat.com/show_bug.cgi?id=378131https://issues.rpath.com/browse/RPL-1813http://www.debian.org/security/2007/dsa-1400http://www.gentoo.org/security/en/glsa/glsa-200711-28.xmlhttp://www.openpkg.com/security/advisories/OpenPKG-SA-2007.023.htmlhttp://www.novell.com/linux/security/advisories/2007_24_sr.htmlhttp://www.ubuntu.com/usn/usn-552-1http://securitytracker.com/id?1018899http://secunia.com/advisories/27479http://secunia.com/advisories/27515http://secunia.com/advisories/27548http://secunia.com/advisories/27613http://secunia.com/advisories/27570http://secunia.com/advisories/27936http://docs.info.apple.com/article.html?artnum=307179ftp://aix.software.ibm.com/aix/efixes/security/READMEhttp://www-1.ibm.com/support/docview.wss?uid=isg1IZ10220http://www-1.ibm.com/support/docview.wss?uid=isg1IZ10244http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.htmlhttp://www.us-cert.gov/cas/techalerts/TA07-352A.htmlhttp://secunia.com/advisories/28167http://lists.vmware.com/pipermail/security-announce/2008/000002.htmlhttp://support.avaya.com/elmodocs2/security/ASA-2008-014.htmhttp://secunia.com/advisories/28368http://secunia.com/advisories/28387http://secunia.com/advisories/27756http://www.vmware.com/security/advisories/VMSA-2008-0001.htmlhttp://sunsolve.sun.com/search/document.do?assetkey=1-26-31524-1http://secunia.com/advisories/28993http://secunia.com/advisories/29074http://sunsolve.sun.com/search/document.do?assetkey=1-66-231524-1http://secunia.com/advisories/31208http://www.ipcop.org/index.php?name=News&file=article&sid=41http://sunsolve.sun.com/search/document.do?assetkey=1-77-1018985.1-1http://www.vupen.com/english/advisories/2007/4238http://www.vupen.com/english/advisories/2008/0064http://www.vupen.com/english/advisories/2008/0641http://www.vupen.com/english/advisories/2007/3724http://www.vupen.com/english/advisories/2007/4255http://marc.info/?l=bugtraq&m=120352263023774&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/38270https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10669http://www.securityfocus.com/archive/1/486859/100/0/threadedhttp://www.securityfocus.com/archive/1/485936/100/0/threadedhttp://www.securityfocus.com/archive/1/483584/100/0/threadedhttp://www.securityfocus.com/archive/1/483563/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=450794https://usn.ubuntu.com/552-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook