Executive Summary

Titleperl security update
NameDSA-4347First vendor Publication2018-11-29
VendorDebianLast vendor Modification2018-11-29
Severity (Vendor) N/ARevision1

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base ScoreN/AAttack RangeN/A
Cvss Impact ScoreN/AAttack ComplexityN/A
Cvss Expoit ScoreN/AAuthenticationN/A
Calculate full CVSS 2.0 Vectors scores


Multiple vulnerabilities were discovered in the implementation of the Perl programming language. The Common Vulnerabilities and Exposures project identifies the following problems:


Jayakrishna Menon and Christophe Hauser discovered an integer overflow vulnerability in Perl_my_setenv leading to a heap-based buffer overflow with attacker-controlled input.


Eiichi Tsukata discovered that a crafted regular expression could cause a heap-based buffer overflow write during compilation, potentially allowing arbitrary code execution.


Eiichi Tsukata discovered that a crafted regular expression could cause a heap-based buffer overflow read during compilation which leads to information leak.


Jakub Wilk discovered that a specially crafted regular expression could lead to a heap-based buffer overflow.

For the stable distribution (stretch), these problems have been fixed in version 5.24.1-3+deb9u5.

We recommend that you upgrade your perl packages.

For the detailed security status of perl please refer to its security tracker page at: https://security-tracker.debian.org/tracker/perl

Original Source

Url : http://www.debian.org/security/2018/dsa-4347

Nessus® Vulnerability Scanner

2018-12-01Name : The remote Debian host is missing a security update.
File : debian_DLA-1601.nasl - Type : ACT_GATHER_INFO
2018-11-30Name : The remote Debian host is missing a security-related update.
File : debian_DSA-4347.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
2018-12-08 00:21:15
  • Multiple Updates
2018-12-06 00:20:44
  • Multiple Updates
2018-11-30 00:18:13
  • First insertion