CVE-2010-1158 - Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers t

CVE-2010-1158

Summary

Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.

References

Vulnerable Configurations

cpe:2.3:a:perl:perl:5.8.1:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.8.1:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.8.2:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.8.2:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.8.3:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.8.3:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.8.4:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.8.4:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.8.5:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.8.5:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.8.6:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.8.7:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.8.7:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.8.8:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.8.9:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.8.9:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 24-10-2013 - 03:22)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

confirm	http://perldoc.perl.org/perl5100delta.html
misc	http://bugs.gentoo.org/show_bug.cgi?id=313565 https://bugzilla.redhat.com/show_bug.cgi?id=580605
mlist	[oss-security] 20100408 CVE Request -- perl v5.8.* -- stack overflow by processing certain regex (Gentoo BTS#313565 / RH BZ#580605) [oss-security] 20100414 Re: CVE Request -- perl v5.8.* -- stack overflow by processing certain regex (Gentoo BTS#313565 / RH BZ#580605)
secunia	55314

statements via4

contributor	Tomas Hoger
lastmodified	2010-04-22
organization	Red Hat
statement	The Red Hat Security Response Team has rated this issue as having low security impact. The risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, or 5.

Last major update

24-10-2013 - 03:22

Published

20-04-2010 - 15:30

Last modified

24-10-2013 - 03:22