ALT-PU-2015-2178-1
Closed vulnerabilities
Published: 2016-11-03
Modified: 2021-03-23
Modified: 2021-03-23
BDU:2016-02231
Уязвимость интерпретатора Perl, позволяющая нарушителю внедрить произвольный код
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
References:
Published: 2022-04-27
BDU:2022-02611
Уязвимость функции decode_xs интерпретатора языка программирования Perl, позволяющая нарушителю вызвать отказ в обслуживании
Severity: MEDIUM (5.6)
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity: MEDIUM (5.1)
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
References:
Published: 2022-04-27
BDU:2022-02612
Уязвимость функции bsd_glob интерпретатора языка программирования Perl, позволяющая нарушителю вызвать отказ в обслуживании
Severity: LOW (3.7)
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
Severity: MEDIUM (4.3)
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
References:
Published: 2022-04-27
BDU:2022-02626
Уязвимость функции _compile интерпретатора языка программирования Perl , позволяющая нарушителю выполнять произвольные команды
Severity: MEDIUM (5.6)
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2022-04-27
BDU:2022-02638
Уязвимость функции хеширования интерпретатора языка программирования Perl, позволяющая нарушителю вызывать отказ в обслуживании
Severity: MEDIUM (5.6)
Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
Published: 2011-04-11
Modified: 2025-04-11
Modified: 2025-04-11
CVE-2011-1487
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
Severity: MEDIUM (5.0)
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
References:
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html
- http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
- http://openwall.com/lists/oss-security/2011/04/01/3
- http://openwall.com/lists/oss-security/2011/04/04/35
- http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99
- http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336
- http://secunia.com/advisories/43921
- http://secunia.com/advisories/44168
- http://www.debian.org/security/2011/dsa-2265
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:091
- http://www.securityfocus.com/bid/47124
- https://bugzilla.redhat.com/show_bug.cgi?id=692844
- https://bugzilla.redhat.com/show_bug.cgi?id=692898
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66528
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html
- http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
- http://openwall.com/lists/oss-security/2011/04/01/3
- http://openwall.com/lists/oss-security/2011/04/04/35
- http://perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99
- http://rt.perl.org/rt3/Public/Bug/Display.html?id=87336
- http://secunia.com/advisories/43921
- http://secunia.com/advisories/44168
- http://www.debian.org/security/2011/dsa-2265
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:091
- http://www.securityfocus.com/bid/47124
- https://bugzilla.redhat.com/show_bug.cgi?id=692844
- https://bugzilla.redhat.com/show_bug.cgi?id=692898
- https://exchange.xforce.ibmcloud.com/vulnerabilities/66528
Published: 2012-12-21
Modified: 2025-04-11
Modified: 2025-04-11
CVE-2011-2728
The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.
Severity: MEDIUM (4.3)
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
References:
- http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod
- http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html
- http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77
- http://secunia.com/advisories/46172
- http://www.securityfocus.com/bid/49858
- https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1
- https://bugzilla.redhat.com/show_bug.cgi?id=742987
- http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod
- http://lists.fedoraproject.org/pipermail/package-announce/2011-November/069752.html
- http://perl5.git.perl.org/perl.git/commit/1af4051e077438976a4c12a0622feaf6715bec77
- http://secunia.com/advisories/46172
- http://www.securityfocus.com/bid/49858
- https://blogs.oracle.com/sunsecurity/entry/cve_2011_2728_denial_of1
- https://bugzilla.redhat.com/show_bug.cgi?id=742987
Published: 2012-01-13
Modified: 2025-04-11
Modified: 2025-04-11
CVE-2011-2939
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.
Severity: MEDIUM (5.1)
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P
References:
- http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod
- http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5
- http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_%28CVE-2011-2939%29
- http://secunia.com/advisories/46172
- http://secunia.com/advisories/46989
- http://secunia.com/advisories/51457
- http://secunia.com/advisories/55314
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:008
- http://www.openwall.com/lists/oss-security/2011/08/18/8
- http://www.openwall.com/lists/oss-security/2011/08/19/17
- http://www.redhat.com/support/errata/RHSA-2011-1424.html
- http://www.securityfocus.com/bid/49858
- http://www.ubuntu.com/usn/USN-1643-1
- https://bugzilla.redhat.com/show_bug.cgi?id=731246
- http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod
- http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5
- http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_%28CVE-2011-2939%29
- http://secunia.com/advisories/46172
- http://secunia.com/advisories/46989
- http://secunia.com/advisories/51457
- http://secunia.com/advisories/55314
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:008
- http://www.openwall.com/lists/oss-security/2011/08/18/8
- http://www.openwall.com/lists/oss-security/2011/08/19/17
- http://www.redhat.com/support/errata/RHSA-2011-1424.html
- http://www.securityfocus.com/bid/49858
- http://www.ubuntu.com/usn/USN-1643-1
- https://bugzilla.redhat.com/show_bug.cgi?id=731246
Published: 2012-12-18
Modified: 2025-04-11
Modified: 2025-04-11
CVE-2012-5195
Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44
- http://rhn.redhat.com/errata/RHSA-2013-0685.html
- http://secunia.com/advisories/51457
- http://secunia.com/advisories/55314
- http://www.debian.org/security/2012/dsa-2586
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:113
- http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html
- http://www.openwall.com/lists/oss-security/2012/10/26/2
- http://www.openwall.com/lists/oss-security/2012/10/27/1
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/56287
- http://www.ubuntu.com/usn/USN-1643-1
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44
- http://rhn.redhat.com/errata/RHSA-2013-0685.html
- http://secunia.com/advisories/51457
- http://secunia.com/advisories/55314
- http://www.debian.org/security/2012/dsa-2586
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:113
- http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html
- http://www.openwall.com/lists/oss-security/2012/10/26/2
- http://www.openwall.com/lists/oss-security/2012/10/27/1
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/56287
- http://www.ubuntu.com/usn/USN-1643-1
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352
Published: 2013-01-04
Modified: 2025-04-11
Modified: 2025-04-11
CVE-2012-6329
The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224
- http://code.activestate.com/lists/perl5-porters/187746/
- http://code.activestate.com/lists/perl5-porters/187763/
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://openwall.com/lists/oss-security/2012/12/11/4
- http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod
- http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8
- http://rhn.redhat.com/errata/RHSA-2013-0685.html
- http://sourceforge.net/mailarchive/message.php?msg_id=30219695
- http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:113
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/56950
- http://www.ubuntu.com/usn/USN-2099-1
- https://bugzilla.redhat.com/show_bug.cgi?id=884354
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695224
- http://code.activestate.com/lists/perl5-porters/187746/
- http://code.activestate.com/lists/perl5-porters/187763/
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://openwall.com/lists/oss-security/2012/12/11/4
- http://perl5.git.perl.org/perl.git/blob/HEAD:/pod/perl5177delta.pod
- http://perl5.git.perl.org/perl.git/commit/1735f6f53ca19f99c6e9e39496c486af323ba6a8
- http://rhn.redhat.com/errata/RHSA-2013-0685.html
- http://sourceforge.net/mailarchive/message.php?msg_id=30219695
- http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2012-6329
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:113
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/56950
- http://www.ubuntu.com/usn/USN-2099-1
- https://bugzilla.redhat.com/show_bug.cgi?id=884354
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0032
Published: 2013-03-14
Modified: 2025-04-11
Modified: 2025-04-11
CVE-2013-1667
The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
Severity: HIGH (7.5)
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
References:
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
- http://marc.info/?l=bugtraq&m=137891988921058&w=2
- http://osvdb.org/90892
- http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5
- http://perl5.git.perl.org/perl.git/commitdiff/9d83adc
- http://perl5.git.perl.org/perl.git/commitdiff/d59e31f
- http://rhn.redhat.com/errata/RHSA-2013-0685.html
- http://secunia.com/advisories/52472
- http://secunia.com/advisories/52499
- http://www.debian.org/security/2013/dsa-2641
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:113
- http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/58311
- http://www.ubuntu.com/usn/USN-1770-1
- https://bugzilla.redhat.com/show_bug.cgi?id=912276
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82598
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
- http://marc.info/?l=bugtraq&m=137891988921058&w=2
- http://osvdb.org/90892
- http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5
- http://perl5.git.perl.org/perl.git/commitdiff/9d83adc
- http://perl5.git.perl.org/perl.git/commitdiff/d59e31f
- http://rhn.redhat.com/errata/RHSA-2013-0685.html
- http://secunia.com/advisories/52472
- http://secunia.com/advisories/52499
- http://www.debian.org/security/2013/dsa-2641
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:113
- http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/58311
- http://www.ubuntu.com/usn/USN-1770-1
- https://bugzilla.redhat.com/show_bug.cgi?id=912276
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82598
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094