CVE-2005-3962

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
References
Link Resource
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056
http://docs.info.apple.com/article.html?artnum=304829
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
http://marc.info/?l=full-disclosure&m=113342788118630&w=2
http://secunia.com/advisories/17762 Vendor Advisory
http://secunia.com/advisories/17802 Vendor Advisory
http://secunia.com/advisories/17844 Vendor Advisory
http://secunia.com/advisories/17941 Vendor Advisory
http://secunia.com/advisories/17952 Vendor Advisory
http://secunia.com/advisories/17993 Vendor Advisory
http://secunia.com/advisories/18075 Vendor Advisory
http://secunia.com/advisories/18183 Vendor Advisory
http://secunia.com/advisories/18187 Vendor Advisory
http://secunia.com/advisories/18295 Vendor Advisory
http://secunia.com/advisories/18413 Vendor Advisory
http://secunia.com/advisories/18517 Vendor Advisory
http://secunia.com/advisories/19041 Vendor Advisory
http://secunia.com/advisories/20894 Vendor Advisory
http://secunia.com/advisories/23155 Vendor Advisory
http://secunia.com/advisories/31208 Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://www.debian.org/security/2006/dsa-943
http://www.dyadsecurity.com/perl-0002.html Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml
http://www.ipcop.org/index.php?name=News&file=article&sid=41
http://www.kb.cert.org/vuls/id/948385 US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2005:225
http://www.novell.com/linux/security/advisories/2005_29_sr.html
http://www.novell.com/linux/security/advisories/2005_71_perl.html
http://www.openbsd.org/errata37.html#perl
http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html
http://www.osvdb.org/21345
http://www.osvdb.org/22255
http://www.redhat.com/support/errata/RHSA-2005-880.html Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-881.html Vendor Advisory
http://www.securityfocus.com/archive/1/418333/100/0/threaded
http://www.securityfocus.com/archive/1/438726/100/0/threaded
http://www.securityfocus.com/archive/1/438726/100/0/threaded
http://www.securityfocus.com/bid/15629
http://www.trustix.org/errata/2005/0070
http://www.us-cert.gov/cas/techalerts/TA06-333A.html US Government Resource
http://www.vupen.com/english/advisories/2005/2688
http://www.vupen.com/english/advisories/2006/0771
http://www.vupen.com/english/advisories/2006/2613 Vendor Advisory
http://www.vupen.com/english/advisories/2006/4750
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074
https://usn.ubuntu.com/222-1/
https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056
http://docs.info.apple.com/article.html?artnum=304829
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
http://marc.info/?l=full-disclosure&m=113342788118630&w=2
http://secunia.com/advisories/17762 Vendor Advisory
http://secunia.com/advisories/17802 Vendor Advisory
http://secunia.com/advisories/17844 Vendor Advisory
http://secunia.com/advisories/17941 Vendor Advisory
http://secunia.com/advisories/17952 Vendor Advisory
http://secunia.com/advisories/17993 Vendor Advisory
http://secunia.com/advisories/18075 Vendor Advisory
http://secunia.com/advisories/18183 Vendor Advisory
http://secunia.com/advisories/18187 Vendor Advisory
http://secunia.com/advisories/18295 Vendor Advisory
http://secunia.com/advisories/18413 Vendor Advisory
http://secunia.com/advisories/18517 Vendor Advisory
http://secunia.com/advisories/19041 Vendor Advisory
http://secunia.com/advisories/20894 Vendor Advisory
http://secunia.com/advisories/23155 Vendor Advisory
http://secunia.com/advisories/31208 Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://www.debian.org/security/2006/dsa-943
http://www.dyadsecurity.com/perl-0002.html Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml
http://www.ipcop.org/index.php?name=News&file=article&sid=41
http://www.kb.cert.org/vuls/id/948385 US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2005:225
http://www.novell.com/linux/security/advisories/2005_29_sr.html
http://www.novell.com/linux/security/advisories/2005_71_perl.html
http://www.openbsd.org/errata37.html#perl
http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html
http://www.osvdb.org/21345
http://www.osvdb.org/22255
http://www.redhat.com/support/errata/RHSA-2005-880.html Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-881.html Vendor Advisory
http://www.securityfocus.com/archive/1/418333/100/0/threaded
http://www.securityfocus.com/archive/1/438726/100/0/threaded
http://www.securityfocus.com/archive/1/438726/100/0/threaded
http://www.securityfocus.com/bid/15629
http://www.trustix.org/errata/2005/0070
http://www.us-cert.gov/cas/techalerts/TA06-333A.html US Government Resource
http://www.vupen.com/english/advisories/2005/2688
http://www.vupen.com/english/advisories/2006/0771
http://www.vupen.com/english/advisories/2006/2613 Vendor Advisory
http://www.vupen.com/english/advisories/2006/4750
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074
https://usn.ubuntu.com/222-1/
https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.9.2:*:*:*:*:*:*:*

History

21 Nov 2024, 00:03

Type Values Removed Values Added
References () ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch - () ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch -
References () ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch - () ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch -
References () ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U - () ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U -
References () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056 - () http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056 -
References () http://docs.info.apple.com/article.html?artnum=304829 - () http://docs.info.apple.com/article.html?artnum=304829 -
References () http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html - () http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html -
References () http://marc.info/?l=full-disclosure&m=113342788118630&w=2 - () http://marc.info/?l=full-disclosure&m=113342788118630&w=2 -
References () http://secunia.com/advisories/17762 - Vendor Advisory () http://secunia.com/advisories/17762 - Vendor Advisory
References () http://secunia.com/advisories/17802 - Vendor Advisory () http://secunia.com/advisories/17802 - Vendor Advisory
References () http://secunia.com/advisories/17844 - Vendor Advisory () http://secunia.com/advisories/17844 - Vendor Advisory
References () http://secunia.com/advisories/17941 - Vendor Advisory () http://secunia.com/advisories/17941 - Vendor Advisory
References () http://secunia.com/advisories/17952 - Vendor Advisory () http://secunia.com/advisories/17952 - Vendor Advisory
References () http://secunia.com/advisories/17993 - Vendor Advisory () http://secunia.com/advisories/17993 - Vendor Advisory
References () http://secunia.com/advisories/18075 - Vendor Advisory () http://secunia.com/advisories/18075 - Vendor Advisory
References () http://secunia.com/advisories/18183 - Vendor Advisory () http://secunia.com/advisories/18183 - Vendor Advisory
References () http://secunia.com/advisories/18187 - Vendor Advisory () http://secunia.com/advisories/18187 - Vendor Advisory
References () http://secunia.com/advisories/18295 - Vendor Advisory () http://secunia.com/advisories/18295 - Vendor Advisory
References () http://secunia.com/advisories/18413 - Vendor Advisory () http://secunia.com/advisories/18413 - Vendor Advisory
References () http://secunia.com/advisories/18517 - Vendor Advisory () http://secunia.com/advisories/18517 - Vendor Advisory
References () http://secunia.com/advisories/19041 - Vendor Advisory () http://secunia.com/advisories/19041 - Vendor Advisory
References () http://secunia.com/advisories/20894 - Vendor Advisory () http://secunia.com/advisories/20894 - Vendor Advisory
References () http://secunia.com/advisories/23155 - Vendor Advisory () http://secunia.com/advisories/23155 - Vendor Advisory
References () http://secunia.com/advisories/31208 - Vendor Advisory () http://secunia.com/advisories/31208 - Vendor Advisory
References () http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1 - () http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1 -
References () http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm - () http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm -
References () http://www.debian.org/security/2006/dsa-943 - () http://www.debian.org/security/2006/dsa-943 -
References () http://www.dyadsecurity.com/perl-0002.html - Patch, Vendor Advisory () http://www.dyadsecurity.com/perl-0002.html - Patch, Vendor Advisory
References () http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml - () http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml -
References () http://www.ipcop.org/index.php?name=News&file=article&sid=41 - () http://www.ipcop.org/index.php?name=News&file=article&sid=41 -
References () http://www.kb.cert.org/vuls/id/948385 - US Government Resource () http://www.kb.cert.org/vuls/id/948385 - US Government Resource
References () http://www.mandriva.com/security/advisories?name=MDKSA-2005:225 - () http://www.mandriva.com/security/advisories?name=MDKSA-2005:225 -
References () http://www.novell.com/linux/security/advisories/2005_29_sr.html - () http://www.novell.com/linux/security/advisories/2005_29_sr.html -
References () http://www.novell.com/linux/security/advisories/2005_71_perl.html - () http://www.novell.com/linux/security/advisories/2005_71_perl.html -
References () http://www.openbsd.org/errata37.html#perl - () http://www.openbsd.org/errata37.html#perl -
References () http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html - () http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html -
References () http://www.osvdb.org/21345 - () http://www.osvdb.org/21345 -
References () http://www.osvdb.org/22255 - () http://www.osvdb.org/22255 -
References () http://www.redhat.com/support/errata/RHSA-2005-880.html - Vendor Advisory () http://www.redhat.com/support/errata/RHSA-2005-880.html - Vendor Advisory
References () http://www.redhat.com/support/errata/RHSA-2005-881.html - Vendor Advisory () http://www.redhat.com/support/errata/RHSA-2005-881.html - Vendor Advisory
References () http://www.securityfocus.com/archive/1/418333/100/0/threaded - () http://www.securityfocus.com/archive/1/418333/100/0/threaded -
References () http://www.securityfocus.com/archive/1/438726/100/0/threaded - () http://www.securityfocus.com/archive/1/438726/100/0/threaded -
References () http://www.securityfocus.com/bid/15629 - () http://www.securityfocus.com/bid/15629 -
References () http://www.trustix.org/errata/2005/0070 - () http://www.trustix.org/errata/2005/0070 -
References () http://www.us-cert.gov/cas/techalerts/TA06-333A.html - US Government Resource () http://www.us-cert.gov/cas/techalerts/TA06-333A.html - US Government Resource
References () http://www.vupen.com/english/advisories/2005/2688 - () http://www.vupen.com/english/advisories/2005/2688 -
References () http://www.vupen.com/english/advisories/2006/0771 - () http://www.vupen.com/english/advisories/2006/0771 -
References () http://www.vupen.com/english/advisories/2006/2613 - Vendor Advisory () http://www.vupen.com/english/advisories/2006/2613 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2006/4750 - () http://www.vupen.com/english/advisories/2006/4750 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598 -
References () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074 - () https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074 -
References () https://usn.ubuntu.com/222-1/ - () https://usn.ubuntu.com/222-1/ -
References () https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html - () https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html -

Information

Published : 2005-12-01 17:03

Updated : 2024-11-21 00:03


NVD link : CVE-2005-3962

Mitre link : CVE-2005-3962

CVE.ORG link : CVE-2005-3962


JSON object : View

Products Affected

perl

  • perl
CWE
CWE-189

Numeric Errors