CVE-2012-5195

Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44	Patch Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0685.html
http://secunia.com/advisories/51457	Vendor Advisory
http://secunia.com/advisories/55314
http://www.debian.org/security/2012/dsa-2586
http://www.mandriva.com/security/advisories?name=MDVSA-2013:113
http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html
http://www.openwall.com/lists/oss-security/2012/10/26/2
http://www.openwall.com/lists/oss-security/2012/10/27/1
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/56287
http://www.ubuntu.com/usn/USN-1643-1
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44	Patch Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-0685.html
http://secunia.com/advisories/51457	Vendor Advisory
http://secunia.com/advisories/55314
http://www.debian.org/security/2012/dsa-2586
http://www.mandriva.com/security/advisories?name=MDVSA-2013:113
http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html
http://www.openwall.com/lists/oss-security/2012/10/26/2
http://www.openwall.com/lists/oss-security/2012/10/27/1
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.securityfocus.com/bid/56287
http://www.ubuntu.com/usn/USN-1643-1
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:perl:perl:5.12.0:::::::*
	cpe:2.3:a:perl:perl:5.12.0:rc0::::::
	cpe:2.3:a:perl:perl:5.12.0:rc1::::::
	cpe:2.3:a:perl:perl:5.12.0:rc2::::::
	cpe:2.3:a:perl:perl:5.12.0:rc3::::::
	cpe:2.3:a:perl:perl:5.12.0:rc4::::::
	cpe:2.3:a:perl:perl:5.12.0:rc5::::::
	cpe:2.3:a:perl:perl:5.12.1:::::::*
	cpe:2.3:a:perl:perl:5.12.1:rc1::::::
	cpe:2.3:a:perl:perl:5.12.1:rc2::::::
	cpe:2.3:a:perl:perl:5.12.2:::::::*
	cpe:2.3:a:perl:perl:5.12.2:rc1::::::
	cpe:2.3:a:perl:perl:5.12.3:::::::*
	cpe:2.3:a:perl:perl:5.12.3:rc1::::::
	cpe:2.3:a:perl:perl:5.12.3:rc2::::::
	cpe:2.3:a:perl:perl:5.12.3:rc3::::::
	cpe:2.3:a:perl:perl:5.12.4:::::::*
	cpe:2.3:a:perl:perl:5.14.0:::::::*
	cpe:2.3:a:perl:perl:5.14.0:rc1::::::
	cpe:2.3:a:perl:perl:5.14.0:rc2::::::
	cpe:2.3:a:perl:perl:5.14.0:rc3::::::
	cpe:2.3:a:perl:perl:5.14.1:::::::*
	cpe:2.3:a:perl:perl:5.14.2:::::::*

History

21 Nov 2024, 01:44

Information

Published : 2012-12-18 00:55

Updated : 2024-11-21 01:44

NVD link : CVE-2012-5195

Mitre link : CVE-2012-5195

CVE.ORG link : CVE-2012-5195

JSON object : View

Products Affected

perl

perl

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

7.5 /10