Lucene search

[email protected]CVE-2004-0377

HistoryMay 04, 2004 - 4:00 a.m.

CVE-2004-0377

2004-05-0404:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-0377

buffer overflow

win32_stat function

arbitrary command execution

activeperl

larry wall

perl 5.8.3

nvd

7.9 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.035 Low

EPSS

Percentile

91.5%

JSON

Buffer overflow in the win32_stat function for (1) ActiveState’s ActivePerl and (2) Larry Wall’s Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character.

CPENameOperatorVersion
activestate:activeperlactivestate activeperleq*
larry_wall:perllarry wall perlle5.8.3

CPE	Name	Operator	Version
activestate:activeperl	activestate activeperl	eq	*
larry_wall:perl	larry wall perl	le	5.8.3

References

lists.grok.org.uk/pipermail/full-disclosure/2004-April/019794.html

marc.info/?l=bugtraq&m=108118694327979&w=2

public.activestate.com/cgi-bin/perlbrowse?patch=22552

www.idefense.com/application/poi/display?id=93&type=vulnerabilities

www.kb.cert.org/vuls/id/722414

exchange.xforce.ibmcloud.com/vulnerabilities/15732

7.9 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.035 Low

EPSS

Percentile

91.5%

JSON

Related for CVE-2004-0377

cert1 securityvulns1 cvelist1 debiancve1