Executive Summary

Informations
NameCVE-2014-4330First vendor Publication2014-09-30
VendorCveLast vendor Modification2018-10-09

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:N/I:N/A:P)
Cvss Base Score2.1Attack RangeLocal
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score3.9AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4330

CWE : Common Weakness Enumeration

%idName
100 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:28258
 
Oval ID: oval:org.mitre.oval:def:28258
Title: SUSE-SU-2014:1321-1 -- Security update for perl (low)
Description: This update fixes a memory leak and an infinite recursion in Data::Dumper. (CVE-2014-4330) Security Issues: * CVE-2014-4330 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4330>
Family: unix Class: patch
Reference(s): SUSE-SU-2014:1321-1
CVE-2014-4330
Version: 3
Platform(s): SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Desktop 11
Product(s): perl
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application338

Nessus® Vulnerability Scanner

DateDescription
2016-03-03Name : The remote Ubuntu host is missing a security-related patch.
File : ubuntu_USN-2916-1.nasl - Type : ACT_GATHER_INFO
2015-03-30Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2015-136.nasl - Type : ACT_GATHER_INFO
2015-01-19Name : The remote Solaris system is missing a security patch for third-party software.
File : solaris11_perl_20141120.nasl - Type : ACT_GATHER_INFO
2014-10-24Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_perl-141022.nasl - Type : ACT_GATHER_INFO
2014-10-22Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2014-199.nasl - Type : ACT_GATHER_INFO
2014-10-09Name : The remote Fedora host is missing a security update.
File : fedora_2014-11428.nasl - Type : ACT_GATHER_INFO
2014-09-29Name : The remote Fedora host is missing a security update.
File : fedora_2014-11453.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
BID http://www.securityfocus.com/bid/70142
BUGTRAQ http://www.securityfocus.com/archive/1/533543/100/0/threaded
CONFIRM http://advisories.mageia.org/MGASA-2014-0406.html
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_n...
https://metacpan.org/pod/distribution/Data-Dumper/Changes
https://www.lsexperts.de/advisories/lse-2014-06-10.txt
FEDORA http://lists.fedoraproject.org/pipermail/package-announce/2014-September/1394...
FULLDISC http://seclists.org/fulldisclosure/2014/Sep/84
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2015:136
MISC http://packetstormsecurity.com/files/128422/Perl-5.20.1-Deep-Recursion-Stack-...
MLIST http://seclists.org/oss-sec/2014/q3/692
http://www.nntp.perl.org/group/perl.perl5.porters/2014/09/msg220118.html
UBUNTU http://www.ubuntu.com/usn/USN-2916-1
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/96216

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
DateInformations
2019-07-17 12:06:16
  • Multiple Updates
2018-10-10 00:19:51
  • Multiple Updates
2017-08-29 09:24:37
  • Multiple Updates
2016-12-03 09:23:57
  • Multiple Updates
2016-10-06 12:02:17
  • Multiple Updates
2016-08-24 09:24:16
  • Multiple Updates
2016-08-04 12:00:50
  • Multiple Updates
2016-05-06 09:28:55
  • Multiple Updates
2016-04-27 00:58:46
  • Multiple Updates
2016-03-04 13:26:25
  • Multiple Updates
2015-04-21 09:25:14
  • Multiple Updates
2015-04-15 09:28:11
  • Multiple Updates
2015-03-31 13:28:39
  • Multiple Updates
2015-01-21 13:26:57
  • Multiple Updates
2014-10-31 13:25:00
  • Multiple Updates
2014-10-25 13:25:28
  • Multiple Updates
2014-10-23 13:24:54
  • Multiple Updates
2014-10-10 13:25:52
  • Multiple Updates
2014-10-02 09:23:35
  • Multiple Updates
2014-10-01 00:27:32
  • First insertion