CVE-2005-3962

Severity

46%

Complexity

39%

Confidentiality

106%

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

Perl

First reported 19 years ago

2005-12-01 17:03:00

Last updated 6 years ago

2018-10-19 15:39:00

Affected Software

Perl 5.8.6

5.8.6

Perl 5.9.2

5.9.2

References

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch

20060101-01-U

CLSA-2006:1056

http://docs.info.apple.com/article.html?artnum=304829

APPLE-SA-2006-11-28

20051201 Perl format string integer wrap vulnerability

17762

Vendor Advisory

17802

Vendor Advisory

17844

Vendor Advisory

17941

Vendor Advisory

17952

Vendor Advisory

17993

Vendor Advisory

18075

Vendor Advisory

18183

Vendor Advisory

18187

Vendor Advisory

18295

Vendor Advisory

18413

Vendor Advisory

18517

Vendor Advisory

19041

Vendor Advisory

20894

Vendor Advisory

23155

Vendor Advisory

31208

Vendor Advisory

102192

http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm

DSA-943

http://www.dyadsecurity.com/perl-0002.html

Patch, Vendor Advisory

GLSA-200512-01

http://www.ipcop.org/index.php?name=News&file=article&sid=41

VU#948385

US Government Resource

MDKSA-2005:225

SUSE-SR:2005:029

SUSE-SA:2005:071

[3.7] 20060105 007: SECURITY FIX: January 5, 2006

OpenPKG-SA-2005.025

21345

22255

RHSA-2005:880

Vendor Advisory

RHSA-2005:881

Vendor Advisory

20051201 Perl format string integer wrap vulnerability

HPSBTU02125

15629

TSLSA-2005-0070

TA06-333A

US Government Resource

ADV-2005-2688

ADV-2006-0771

ADV-2006-2613

Vendor Advisory

ADV-2006-4750

oval:org.mitre.oval:def:10598

oval:org.mitre.oval:def:1074

USN-222-1

FLSA-2006:176731

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.