CVE-2011-0761 - Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereferenc

CVE-2011-0761

Summary

Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call. Per: http://cwe.mitre.org/data/definitions/476.html 'CWE-476: NULL Pointer Dereference'

References

Vulnerable Configurations

cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.10.0:rc2:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.10.0:rc2:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:*
cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 09-10-2018 - 19:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	47766
bugtraq	20110509 TSSA-2011-03 - Perl : multiple functions null pointer dereference uppon parameters injection
misc	http://www.toucan-system.com/advisories/tssa-2011-03.txt
sectrack	1025507
sreason	8248
xf	perl-functions-dos(67355)

Last major update

09-10-2018 - 19:29

Published

13-05-2011 - 17:05

Last modified

09-10-2018 - 19:29