what you don't know can hurt you
Showing 1 - 7 of 7 RSS Feed

CVE-2012-5195

Status Candidate

Overview

Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.

Related Files

Gentoo Linux Security Advisory 201401-11
Posted Jan 20, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201401-11 - Multiple vulnerabilities have been found in Perl and Locale::Maketext Perl module, the worst of which could allow a context-dependent attacker to execute arbitrary code. Versions less than 5.16.3 are affected.

tags | advisory, arbitrary, perl, vulnerability
systems | linux, gentoo
advisories | CVE-2011-2728, CVE-2011-2939, CVE-2012-5195, CVE-2013-1667
MD5 | ecd43ce19385b37811ba89561b4b5b37
Mandriva Linux Security Advisory 2013-113
Posted Apr 11, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-113 - It was discovered that Perl's 'x' string repeat operator is vulnerable to a heap-based buffer overflow. An attacker could use this to execute arbitrary code. Various other issues were also addressed.

tags | advisory, overflow, arbitrary, perl
systems | linux, mandriva
advisories | CVE-2012-5195, CVE-2012-6329, CVE-2013-1667
MD5 | b717543c012f781f84553fb4bcbfbbd7
Red Hat Security Advisory 2013-0685-01
Posted Mar 26, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0685-01 - Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A denial of service flaw was found in the way Perl's rehashing code implementation, responsible for recalculation of hash keys and redistribution of hash content, handled certain input. If an attacker supplied specially-crafted input to be used as hash keys by a Perl application, it could cause excessive memory consumption.

tags | advisory, web, denial of service, overflow, arbitrary, perl
systems | linux, redhat
advisories | CVE-2012-5195, CVE-2012-5526, CVE-2012-6329, CVE-2013-1667
MD5 | e2f18b4f06400482b176f94cba83ecfa
Mandriva Linux Security Advisory 2013-005
Posted Jan 28, 2013
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2013-005 - Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via the x string repeat operator. The updated packages have been patched to correct this issue.

tags | advisory, denial of service, overflow, arbitrary, perl
systems | linux, mandriva
advisories | CVE-2012-5195
MD5 | 608c0933e9dabf6685aa61dedc1f5bd4
Debian Security Advisory 2586-1
Posted Dec 12, 2012
Authored by Debian | Site debian.org

Debian Linux Security Advisory 2586-1 - Two vulnerabilities were discovered in the implementation of the Perl programming language.

tags | advisory, perl, vulnerability
systems | linux, debian
advisories | CVE-2012-5195, CVE-2012-5526
MD5 | ba7d34e616213873d222fa098dc224ea
Ubuntu Security Notice USN-1643-1
Posted Nov 30, 2012
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1643-1 - It was discovered that the decode_xs function in the Encode module is vulnerable to a heap-based buffer overflow via a crafted Unicode string. An attacker could use this overflow to cause a denial of service. It was discovered that the 'new' constructor in the Digest module is vulnerable to an eval injection. An attacker could use this to execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary
systems | linux, ubuntu
advisories | CVE-2011-2939, CVE-2011-3597, CVE-2012-5195, CVE-2012-5526, CVE-2011-2939, CVE-2011-3597, CVE-2012-5195, CVE-2012-5526
MD5 | 715fe6e311970516fe1cd1842f38a8f5
Perl 5 Memory Corruption
Posted Oct 26, 2012
Authored by Tim Brown | Site nth-dimension.org.uk

The Perl 5 interpreter is vulnerable to a memory corruption vulnerability which results in memory disclosure and potentially arbitrary code execution when large values are supplied to the x operator.

tags | advisory, arbitrary, perl, code execution
advisories | CVE-2012-5195
MD5 | faabce97452d026be018183bfea09b1a
Page 1 of 1
Back1Next

File Archive:

January 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    2 Files
  • 2
    Jan 2nd
    0 Files
  • 3
    Jan 3rd
    20 Files
  • 4
    Jan 4th
    4 Files
  • 5
    Jan 5th
    37 Files
  • 6
    Jan 6th
    20 Files
  • 7
    Jan 7th
    4 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    0 Files
  • 10
    Jan 10th
    18 Files
  • 11
    Jan 11th
    8 Files
  • 12
    Jan 12th
    19 Files
  • 13
    Jan 13th
    31 Files
  • 14
    Jan 14th
    2 Files
  • 15
    Jan 15th
    2 Files
  • 16
    Jan 16th
    2 Files
  • 17
    Jan 17th
    18 Files
  • 18
    Jan 18th
    13 Files
  • 19
    Jan 19th
    0 Files
  • 20
    Jan 20th
    0 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    0 Files
  • 24
    Jan 24th
    0 Files
  • 25
    Jan 25th
    0 Files
  • 26
    Jan 26th
    0 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close