This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Perl First view 2014-09-30
Product Perl Last view 2020-06-05
Version 5.18.2 Type Application
Update rc2  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:perl:perl

Activity : Overall

Related : CVE

  Date Alert Description
7.5 2020-06-05 CVE-2020-12723

regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.

8.6 2020-06-05 CVE-2020-10878

Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.

8.2 2020-06-05 CVE-2020-10543

Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.

9.8 2018-12-07 CVE-2018-18314

Perl before 5.26.3 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

9.1 2018-12-07 CVE-2018-18313

Perl before 5.26.3 has a buffer over-read via a crafted regular expression that triggers disclosure of sensitive information from process memory.

9.8 2018-12-07 CVE-2018-18311

Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

9.8 2018-12-05 CVE-2018-18312

Perl before 5.26.3 and 5.28.0 before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.

7.5 2018-06-07 CVE-2018-12015

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

9.8 2018-04-17 CVE-2018-6913

Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count.

7.5 2018-04-17 CVE-2018-6798

An issue was discovered in Perl 5.22 through 5.26. Matching a crafted locale dependent regular expression can cause a heap-based buffer over-read and potentially information disclosure.

9.8 2018-04-17 CVE-2018-6797

An issue was discovered in Perl 5.18 through 5.26. A crafted regular expression can cause a heap-based buffer overflow, with control over the bytes written.

9.8 2017-09-27 CVE-2017-12814

Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.

9.1 2017-09-19 CVE-2017-12883

Buffer overflow in the S_grok_bslash_N function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to disclose sensitive information or cause a denial of service (application crash) via a crafted regular expression with an invalid '\N{U+...}' escape.

7.5 2017-09-19 CVE-2017-12837

Heap-based buffer overflow in the S_regatom function in regcomp.c in Perl 5 before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 allows remote attackers to cause a denial of service (out-of-bounds write) via a regular expression with a '\N{}' escape and the case-insensitive modifier.

7.8 2016-08-02 CVE-2016-1238

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

7.5 2016-05-25 CVE-2015-8853

The (1) S_reghop3, (2) S_reghop4, and (3) S_reghopmaybe3 functions in regexec.c in Perl before 5.24.0 allow context-dependent attackers to cause a denial of service (infinite loop) via crafted utf-8 data, as demonstrated by "a\x80."

2.1 2014-09-30 CVE-2014-4330

The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.

CWE : Common Weakness Enumeration

%idName
52% (9) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
11% (2) CWE-125 Out-of-bounds Read
5% (1) CWE-787 Out-of-bounds Write
5% (1) CWE-264 Permissions, Privileges, and Access Controls
5% (1) CWE-190 Integer Overflow or Wraparound
5% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
5% (1) CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path ...
5% (1) CWE-20 Improper Input Validation

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-d1ba58394e.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-ca03363d57.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-9dbe983805.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-4e088b6d7c.nasl - Type: ACT_GATHER_INFO
2018-12-17 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201812-07.nasl - Type: ACT_GATHER_INFO
2018-12-01 Name: The remote Debian host is missing a security update.
File: debian_DLA-1601.nasl - Type: ACT_GATHER_INFO
2018-11-30 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4347.nasl - Type: ACT_GATHER_INFO
2018-11-14 Name: The remote Debian host is missing a security update.
File: debian_DLA-1578.nasl - Type: ACT_GATHER_INFO
2018-10-31 Name: The remote host is missing a macOS or Mac OS X security update that fixes mul...
File: macosx_SecUpd2018-005.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_613193a0c1b411e8ae2d54e1ad3d6335.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1308.nasl - Type: ACT_GATHER_INFO
2018-09-27 Name: The remote EulerOS host is missing a security update.
File: EulerOS_SA-2018-1307.nasl - Type: ACT_GATHER_INFO
2018-08-21 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0084.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0167.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2017-0037.nasl - Type: ACT_GATHER_INFO
2018-07-24 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0050.nasl - Type: ACT_GATHER_INFO
2018-07-17 Name: The remote host is missing a macOS or Mac OS X security update that fixes mul...
File: macosx_SecUpd2018-004.nasl - Type: ACT_GATHER_INFO
2018-07-17 Name: The remote host is missing a macOS update that fixes multiple security vulner...
File: macos_10_13_6.nasl - Type: ACT_GATHER_INFO
2018-06-19 Name: The remote Fedora host is missing a security update.
File: fedora_2018-10ae521efa.nasl - Type: ACT_GATHER_INFO
2018-06-12 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4226.nasl - Type: ACT_GATHER_INFO
2018-04-26 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-0050f7c0d1.nasl - Type: ACT_GATHER_INFO
2018-04-23 Name: The remote Fedora host is missing one or more security updates.
File: fedora_2018-1c8b49fbc7.nasl - Type: ACT_GATHER_INFO
2018-04-16 Name: The remote FreeBSD host is missing one or more security-related updates.
File: freebsd_pkg_41c96ffd29a64dcc9a8865f5038fa6eb.nasl - Type: ACT_GATHER_INFO
2018-04-16 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4172.nasl - Type: ACT_GATHER_INFO
2018-04-16 Name: The remote Debian host is missing a security update.
File: debian_DLA-1345.nasl - Type: ACT_GATHER_INFO