This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Perl First view 2013-01-04
Product Perl Last view 2020-06-05
Version 5.15.1 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:perl:perl

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2020-06-05 CVE-2020-12723

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

8.6 2020-06-05 CVE-2020-10878

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

8.2 2020-06-05 CVE-2020-10543

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

9.8 2018-12-07 CVE-2018-18314

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

9.1 2018-12-07 CVE-2018-18313

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

9.8 2018-12-07 CVE-2018-18311

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

9.8 2018-12-05 CVE-2018-18312

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

7.5 2018-06-07 CVE-2018-12015

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

9.8 2018-04-17 CVE-2018-6913

Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.

7.5 2018-04-17 CVE-2018-6798

An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.

9.8 2018-04-17 CVE-2018-6797

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.

9.8 2017-09-27 CVE-2017-12814

Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.

9.1 2017-09-19 CVE-2017-12883

Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.

7.5 2017-09-19 CVE-2017-12837

Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.

7.8 2016-08-02 CVE-2016-1238

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

7.5 2016-05-25 CVE-2015-8853

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."

2.1 2014-09-30 CVE-2014-4330

The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.

7.5 2013-01-04 CVE-2012-6329

The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6.

CWE : Common Weakness Enumeration

%idName
50% (9) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
11% (2) CWE-125 Out-of-bounds Read
5% (1) CWE-787 Out-of-bounds Write
5% (1) CWE-264 Permissions, Privileges, and Access Controls
5% (1) CWE-190 Integer Overflow or Wraparound
5% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
5% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
5% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
5% (1) CWE-20 Improper Input Validation

ExploitDB Exploits

id Description
23579 TWiki MAKETEXT Remote Command Execution

OpenVAS Exploits

id Description
2012-12-27 Name : TWiki 'MAKETEXT' variable Remote Command Execution Vulnerability
File : nvt/gb_twiki_maketext_rce_vuln.nasl

Snort® IPS/IDS

Date Description
2014-01-10 Foswiki/Twiki MAKETEXT command execution attempt
RuleID : 26906 - Type : SERVER-OTHER - Revision : 3
2014-01-10 FosWiki and TWiki MAKETEXT macro memory consumption denial of service attempt
RuleID : 26905 - Type : SERVER-WEBAPP - Revision : 5

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-d1ba58394e.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ca03363d57.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9dbe983805.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4e088b6d7c.nasl - Type: ACT_GATHER_INFO
2018-12-17 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201812-07.nasl - Type: ACT_GATHER_INFO
2018-12-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1601.nasl - Type: ACT_GATHER_INFO
2018-11-30 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4347.nasl - Type: ACT_GATHER_INFO
2018-11-14 Name: The remote Debian host is missing a security update.
File: debian_DLA-1578.nasl - Type: ACT_GATHER_INFO
2018-10-31 Name: The remote host is missing a macOS or Mac OS X security update that fixes mul...
File: macosx_SecUpd2018-005.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_613193a0c1b411e8ae2d54e1ad3d6335.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1308.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1307.nasl - Type: ACT_GATHER_INFO
2018-08-21 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0084.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0167.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0037.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0050.nasl - Type: ACT_GATHER_INFO
2018-07-17 Name: The remote host is missing a macOS or Mac OS X security update that fixes mul...
File: macosx_SecUpd2018-004.nasl - Type: ACT_GATHER_INFO
2018-07-17 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_13_6.nasl - Type: ACT_GATHER_INFO
2018-06-19 Name: The remote Fedora host is missing a security update.
File: fedora_2018-10ae521efa.nasl - Type: ACT_GATHER_INFO
2018-06-12 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4226.nasl - Type: ACT_GATHER_INFO
2018-04-26 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-0050f7c0d1.nasl - Type: ACT_GATHER_INFO
2018-04-23 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-1c8b49fbc7.nasl - Type: ACT_GATHER_INFO
2018-04-16 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_41c96ffd29a64dcc9a8865f5038fa6eb.nasl - Type: ACT_GATHER_INFO
2018-04-16 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4172.nasl - Type: ACT_GATHER_INFO
2018-04-16 Name: The remote Debian host is missing a security update.
File: debian_DLA-1345.nasl - Type: ACT_GATHER_INFO