Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2010-4777

Published: 10/02/2014 Updated: 10/02/2014
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 435
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Perl

Vulnerability Summary

The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent malicious users to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.

Vulnerable Product Search on Vulmon Subscribe to Product

perl perl 5.14.0

perl perl 5.12.0

perl perl 5.10

Vendor Advisories

Debian CVElist Bug Report Logs: perl-debug: CVE-2010-4777 perl: assertion failure with certain regular expressions
Debian Bug report logs - #628836 perl-debug: CVE-2010-4777 perl: assertion failure with certain regular expressions Package: perl-debug; Maintainer for perl-debug is Niko Tyni <ntyni@debianorg>; Source for perl-debug is src:perl (PTS, buildd, popcon) Reported by: Dominic Hargreaves <dom@earthli> Date: Wed, 1 Jun 2 ...
Debian CVElist Bug Report Logs: perl: CVE-2011-1487: taint laundering in lc, uc
Debian Bug report logs - #622817 perl: CVE-2011-1487: taint laundering in lc, uc Package: perl; Maintainer for perl is Niko Tyni <ntyni@debianorg>; Source for perl is src:perl (PTS, buildd, popcon) Reported by: Dominic Hargreaves <dom@earthli> Date: Thu, 14 Apr 2011 21:12:02 UTC Severity: important Tags: fixed-ups ...

Exploits

Exploit DB: Perl 5.x - 'Perl_reg_numbered_buff_fetch()' Remote Denial of Service
source: wwwsecurityfocuscom/bid/47006/info Perl is prone to a remote denial-of-service vulnerability An attacker can exploit this issue to cause an application implemented with affected perl code to abort, denying service to legitimate users #!/usr/bin/perl my @x = ("A=B","AAAA=/"); utf8::upgrade $_ for @x; $x[1] =~ s{/\s*$}{}; for ...

References

CWE-20http://lists.opensuse.org/opensuse-updates/2011-05/msg00025.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=694166http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836https://rt.perl.org/Public/Bug/Display.html?id=76538https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.htmlhttp://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlhttp://forums.ocsinventory-ng.org/viewtopic.php?id=7215https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836https://www.exploit-db.com/exploits/35489/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook