CVE-2010-1158

{"id": "CVE-2010-1158", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2010-04-20T15:30:00.427", "references": [{"url": "http://bugs.gentoo.org/show_bug.cgi?id=313565", "tags": ["Exploit"], "source": "secalert@redhat.com"}, {"url": "http://perldoc.perl.org/perl5100delta.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/55314", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2010/04/08/9", "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2010/04/14/3", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=580605", "source": "secalert@redhat.com"}, {"url": "http://bugs.gentoo.org/show_bug.cgi?id=313565", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://perldoc.perl.org/perl5100delta.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/55314", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2010/04/08/9", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2010/04/14/3", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=580605", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-189"}]}], "descriptions": [{"lang": "en", "value": "Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string."}, {"lang": "es", "value": "Desbordamiento de entero en el motor de expresiones regulares de Perl v5.8.x permite a atacantes dependiendo del contexto provocar una denegaci\u00f3n de servicio (consumo de la pila y ca\u00edda de la aplicaci\u00f3n) cotejando una expresi\u00f3n regular modificada contra una cadena de texto extensa."}], "lastModified": "2024-11-21T01:13:46.190", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:perl:perl:5.8.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "70CBBC87-F6F7-45AF-9B54-95402D03C75F"}, {"criteria": "cpe:2.3:a:perl:perl:5.8.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5B34EA51-64A3-483A-AF99-01358F6BE8D3"}, {"criteria": "cpe:2.3:a:perl:perl:5.8.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8E0DBA5-360F-463E-A840-365168A1FCC4"}, {"criteria": "cpe:2.3:a:perl:perl:5.8.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EA80F25-A108-4B65-BE25-56DE17B930EB"}, {"criteria": "cpe:2.3:a:perl:perl:5.8.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ECB2B6E2-890E-4B6E-833F-DF40E6D77E22"}, {"criteria": "cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "53F0358E-0722-48A6-A2C6-470229602089"}, {"criteria": "cpe:2.3:a:perl:perl:5.8.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8DFDF97-EF44-448F-A5CA-021B2D64605F"}, {"criteria": "cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E98D2706-99B7-4153-925B-77A8CECD7CFB"}, {"criteria": "cpe:2.3:a:perl:perl:5.8.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B10AD15E-6275-48AB-8757-FB5A735C82D9"}], "operator": "OR"}]}], "vendorComments": [{"comment": "The Red Hat Security Response Team has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, or 5.", "lastModified": "2010-04-22T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "secalert@redhat.com"}