CVE-2012-5526

Related Files

Red Hat Security Advisory 2013-0685-01

Posted Mar 26, 2013

Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-0685-01 - Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A denial of service flaw was found in the way Perl's rehashing code implementation, responsible for recalculation of hash keys and redistribution of hash content, handled certain input. If an attacker supplied specially-crafted input to be used as hash keys by a Perl application, it could cause excessive memory consumption.

tags | advisory, web, denial of service, overflow, arbitrary, perl

systems | linux, redhat

advisories | CVE-2012-5195, CVE-2012-5526, CVE-2012-6329, CVE-2013-1667

SHA-256 | ac3fdd7299785f237b23d812f30be939d6a7f1979b5d7e5891f630a611337ac3

Download | Favorite | View

Mandriva Linux Security Advisory 2012-180

Posted Dec 17, 2012

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2012-180 - CGI.pm module before 3.63 for Perl does not properly escape newlines in P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm. The updated packages have been patched to correct this issue.

tags | advisory, remote, arbitrary, cgi, perl

systems | linux, mandriva

advisories | CVE-2012-5526

SHA-256 | 19ab60ea5b5148e621788d3fb0be25b507bfbb91c924e4f9f8e25f7420419f2d

Download | Favorite | View

Debian Security Advisory 2587-1

Posted Dec 12, 2012

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2587-1 - It was discovered that the CGI module for Perl does not filter LF characters in the Set-Cookie and P3P headers, potentially allowing attackers to inject HTTP headers.

tags | advisory, web, cgi, perl

systems | linux, debian

advisories | CVE-2012-5526

SHA-256 | cfd5541265fe776ae15056217e4875ff0f3a904361d5c687f2c8ee23ca0a3716

Download | Favorite | View

Debian Security Advisory 2586-1

Posted Dec 12, 2012

Authored by Debian | Site debian.org

Debian Linux Security Advisory 2586-1 - Two vulnerabilities were discovered in the implementation of the Perl programming language.

tags | advisory, perl, vulnerability

systems | linux, debian

advisories | CVE-2012-5195, CVE-2012-5526

SHA-256 | 76a3e485793224f6aa5ba668af28ee8d4ace03df744e5c0ad94b470ffdf4e131

Download | Favorite | View

Ubuntu Security Notice USN-1643-1

Posted Nov 30, 2012

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1643-1 - It was discovered that the decode_xs function in the Encode module is vulnerable to a heap-based buffer overflow via a crafted Unicode string. An attacker could use this overflow to cause a denial of service. It was discovered that the 'new' constructor in the Digest module is vulnerable to an eval injection. An attacker could use this to execute arbitrary code. Various other issues were also addressed.

tags | advisory, denial of service, overflow, arbitrary

systems | linux, ubuntu

advisories | CVE-2011-2939, CVE-2011-3597, CVE-2012-5195, CVE-2012-5526, CVE-2011-2939, CVE-2011-3597, CVE-2012-5195, CVE-2012-5526

SHA-256 | 6c274eedfdb3da7dbb7671102ad6fe7a37edb74ba2b040227e902cbb757d04a1

Download | Favorite | View