ID CVE-2009-3626
Summary Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.
References
Vulnerable Configurations
  • cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 17-08-2017 - 01:31)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
bid 36812
confirm
misc http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/
mlist [oss-security] 20091023 CVE-2009-3626 assigment notification - Perl - perl-5.10.1
osvdb 59283
sectrack 1023077
secunia 37144
vupen ADV-2009-3023
xf perl-utf8-expressions-dos(53939)
statements via4
contributor Tomas Hoger
lastmodified 2009-10-30
organization Red Hat
statement Not vulnerable. This issue did not affect the versions of perl as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Last major update 17-08-2017 - 01:31
Published 29-10-2009 - 14:30
Back to Top