This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Perl First view 2012-01-13
Product Perl Last view 2020-06-05
Version 1.21 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:perl:perl

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2020-06-05 CVE-2020-12723

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

8.6 2020-06-05 CVE-2020-10878

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

8.2 2020-06-05 CVE-2020-10543

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

9.8 2018-12-07 CVE-2018-18314

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

9.1 2018-12-07 CVE-2018-18313

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

9.8 2018-12-07 CVE-2018-18311

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

9.8 2018-12-05 CVE-2018-18312

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

7.5 2018-06-07 CVE-2018-12015

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

9.8 2018-04-17 CVE-2018-6913

Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.

7.5 2018-04-17 CVE-2018-6798

An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.

9.8 2018-04-17 CVE-2018-6797

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.

9.8 2017-09-27 CVE-2017-12814

Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.

9.1 2017-09-19 CVE-2017-12883

Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.

7.5 2017-09-19 CVE-2017-12837

Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.

7.5 2016-05-25 CVE-2015-8853

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."

2.1 2014-09-30 CVE-2014-4330

The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.

7.5 2013-01-04 CVE-2012-6329

The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.

4.3 2012-12-21 CVE-2011-2728

The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.

5 2012-09-09 CVE-2012-1151

Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or (2) a crafted DBD statement to the dbd_st_prepare function.

5.1 2012-01-13 CVE-2011-2939

Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.

CWE : Common Weakness Enumeration

%idName
47% (9) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
10% (2) CWE-125 Out-of-bounds Read
5% (1) CWE-787 Out-of-bounds Write
5% (1) CWE-190 Integer Overflow or Wraparound
5% (1) CWE-189 Numeric Errors
5% (1) CWE-134 Uncontrolled Format String
5% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
5% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
5% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
5% (1) CWE-20 Improper Input Validation

Open Source Vulnerability Database (OSVDB)

id Description
76724 Perl Encode decode_xs() Function Input Parsing Remote Overflow
76723 Perl File::Glob::bsd_glob() Function GLOB_ALTDIRFUNC Flag Handling Remote Cod...

ExploitDB Exploits

id Description
23579 TWiki MAKETEXT Remote Command Execution

OpenVAS Exploits

id Description
2012-12-27 Name : TWiki 'MAKETEXT' variable Remote Command Execution Vulnerability
File : nvt/gb_twiki_maketext_rce_vuln.nasl
2012-12-18 Name : Fedora Update for perl FEDORA-2012-18330
File : nvt/gb_fedora_2012_18330_perl_fc16.nasl
2012-12-04 Name : Ubuntu Update for perl USN-1643-1
File : nvt/gb_ubuntu_USN_1643_1.nasl
2012-08-30 Name : Fedora Update for perl-DBD-Pg FEDORA-2012-10892
File : nvt/gb_fedora_2012_10892_perl-DBD-Pg_fc17.nasl
2012-08-03 Name : Fedora Update for perl-DBD-Pg FEDORA-2012-10871
File : nvt/gb_fedora_2012_10871_perl-DBD-Pg_fc16.nasl
2012-07-30 Name : CentOS Update for perl-DBD-Pg CESA-2012:1116 centos5
File : nvt/gb_CESA-2012_1116_perl-DBD-Pg_centos5.nasl
2012-07-30 Name : CentOS Update for perl-DBD-Pg CESA-2012:1116 centos6
File : nvt/gb_CESA-2012_1116_perl-DBD-Pg_centos6.nasl
2012-07-30 Name : Mandriva Update for perl-DBD-Pg MDVSA-2012:112 (perl-DBD-Pg)
File : nvt/gb_mandriva_MDVSA_2012_112.nasl
2012-07-26 Name : RedHat Update for perl-DBD-Pg RHSA-2012:1116-01
File : nvt/gb_RHSA-2012_1116-01_perl-DBD-Pg.nasl
2012-07-09 Name : RedHat Update for perl RHSA-2011:1424-01
File : nvt/gb_RHSA-2011_1424-01_perl.nasl
2012-04-30 Name : Debian Security Advisory DSA 2431-1 (libdbd-pg-perl)
File : nvt/deb_2431_1.nasl
2012-04-30 Name : Gentoo Security Advisory GLSA 201204-08 (DBD-Pg)
File : nvt/glsa_201204_08.nasl
2012-01-20 Name : Mandriva Update for perl MDVSA-2012:008 (perl)
File : nvt/gb_mandriva_MDVSA_2012_008.nasl
2012-01-17 Name : Strawberry Perl Modules Multiple Vulnerabilities (Windows)
File : nvt/gb_perl_modules_mult_vuln_win.nasl
2011-11-03 Name : Fedora Update for perl FEDORA-2011-13874
File : nvt/gb_fedora_2011_13874_perl_fc14.nasl

Snort® IPS/IDS

Date Description
2014-01-10 Foswiki/Twiki MAKETEXT command execution attempt
RuleID : 26906 - Type : SERVER-OTHER - Revision : 3
2014-01-10 FosWiki and TWiki MAKETEXT macro memory consumption denial of service attempt
RuleID : 26905 - Type : SERVER-WEBAPP - Revision : 5

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-d1ba58394e.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ca03363d57.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9dbe983805.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4e088b6d7c.nasl - Type: ACT_GATHER_INFO
2018-12-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1601.nasl - Type: ACT_GATHER_INFO
2018-11-30 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4347.nasl - Type: ACT_GATHER_INFO
2018-10-31 Name: The remote host is missing a macOS or Mac OS X security update that fixes mul...
File: macosx_SecUpd2018-005.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1308.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1307.nasl - Type: ACT_GATHER_INFO
2018-08-21 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0084.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0167.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0037.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0050.nasl - Type: ACT_GATHER_INFO
2018-07-17 Name: The remote host is missing a macOS or Mac OS X security update that fixes mul...
File: macosx_SecUpd2018-004.nasl - Type: ACT_GATHER_INFO
2018-07-17 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_13_6.nasl - Type: ACT_GATHER_INFO
2018-06-19 Name: The remote Fedora host is missing a security update.
File: fedora_2018-10ae521efa.nasl - Type: ACT_GATHER_INFO
2018-06-12 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4226.nasl - Type: ACT_GATHER_INFO
2018-04-26 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-0050f7c0d1.nasl - Type: ACT_GATHER_INFO
2018-04-23 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-1c8b49fbc7.nasl - Type: ACT_GATHER_INFO
2018-04-16 Name: The remote Debian host is missing a security update.
File: debian_DLA-1345.nasl - Type: ACT_GATHER_INFO
2018-04-16 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4172.nasl - Type: ACT_GATHER_INFO
2018-04-16 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_41c96ffd29a64dcc9a8865f5038fa6eb.nasl - Type: ACT_GATHER_INFO
2018-01-15 Name: The remote Fedora host is missing a security update.
File: fedora_2017-7ae07e9f1f.nasl - Type: ACT_GATHER_INFO
2017-11-27 Name: The remote SUSE host is missing one or more security updates.
File: suse_SU-2017-3092-1.nasl - Type: ACT_GATHER_INFO
2017-11-27 Name: The remote openSUSE host is missing a security update.
File: openSUSE-2017-1304.nasl - Type: ACT_GATHER_INFO