Gentoo Linux Security Advisory 201401-11 - Multiple vulnerabilities have been found in Perl and Locale::Maketext Perl module, the worst of which could allow a context-dependent attacker to execute arbitrary code. Versions less than 5.16.3 are affected.
92d8d5759a27b001185c6521fec4e8b39a433512603eecfa0564f8a319809a00Mandriva Linux Security Advisory 2013-113 - It was discovered that Perl's 'x' string repeat operator is vulnerable to a heap-based buffer overflow. An attacker could use this to execute arbitrary code. Various other issues were also addressed.
d121a52e5d21e1a1d884bfa0b4351192f0257e3310ec24006cce477233f1c93aRed Hat Security Advisory 2013-0685-01 - Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A denial of service flaw was found in the way Perl's rehashing code implementation, responsible for recalculation of hash keys and redistribution of hash content, handled certain input. If an attacker supplied specially-crafted input to be used as hash keys by a Perl application, it could cause excessive memory consumption.
ac3fdd7299785f237b23d812f30be939d6a7f1979b5d7e5891f630a611337ac3Mandriva Linux Security Advisory 2013-005 - Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via the x string repeat operator. The updated packages have been patched to correct this issue.
a30259c8c48c9d4f240f41c98a0bacfa483a7a6f42946a30309aa57aa4c6b8ecDebian Linux Security Advisory 2586-1 - Two vulnerabilities were discovered in the implementation of the Perl programming language.
76a3e485793224f6aa5ba668af28ee8d4ace03df744e5c0ad94b470ffdf4e131Ubuntu Security Notice 1643-1 - It was discovered that the decode_xs function in the Encode module is vulnerable to a heap-based buffer overflow via a crafted Unicode string. An attacker could use this overflow to cause a denial of service. It was discovered that the 'new' constructor in the Digest module is vulnerable to an eval injection. An attacker could use this to execute arbitrary code. Various other issues were also addressed.
6c274eedfdb3da7dbb7671102ad6fe7a37edb74ba2b040227e902cbb757d04a1The Perl 5 interpreter is vulnerable to a memory corruption vulnerability which results in memory disclosure and potentially arbitrary code execution when large values are supplied to the x operator.
553cb435fb55599355ceae80210dcc60509e0f1a51cae7259ce1394e8ef9ac7b
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed