CVE-2013-7422

Severity

75%

Complexity

99%

Confidentiality

106%

Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.

Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.

CVSS 2.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P).

Overview

First reported 9 years ago

2015-08-16 23:59:00

Last updated 8 years ago

2016-12-22 02:59:00

Affected Software

Apple Mac OS X

Perl 5.18.4

5.18.4

References

APPLE-SA-2015-08-13-2

Vendor Advisory

http://perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06

75704

USN-2916-1

GLSA-201507-11

https://support.apple.com/kb/HT205031

Vendor Advisory

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.