Published: 16/08/2015 Updated: 22/12/2016

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Integer underflow in regcomp.c in Perl prior to 5.20, as used in Apple OS X prior to 10.10.5 and other products, allows context-dependent malicious users to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple mac os x
perl perl 5.18.4

Debian Bug report logs - #776046 perl: Segfault in S_regmatch from bad backreference (CVE-2013-7422) Package: perl; Maintainer for perl is Niko Tyni <ntyni@debianorg>; Source for perl is src:perl (PTS, buildd, popcon) Reported by: Niko Tyni <ntyni@debianorg> Date: Fri, 23 Jan 2015 11:03:01 UTC Severity: important ...

Several security issues were fixed in Perl ...

Integer underflow in regcompc in Perl before 520, as used in Apple OS X before 10105 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression ...

CWE-189 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html https://support.apple.com/kb/HT205031 http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06 http://www.securityfocus.com/bid/75704 http://www.ubuntu.com/usn/USN-2916-1 https://security.gentoo.org/glsa/201507-11 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776046 https://usn.ubuntu.com/2916-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2013-7422

CVE-2013-7422

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect