Lucene search

[email protected]CVE-2013-7422

HistoryAug 16, 2015 - 11:59 p.m.

CVE-2013-7422

2015-08-1623:59:00

CWE-189

[email protected]

web.nvd.nist.gov

cve-2013-7422

perl

regcomp.c

integer underflow

arbitrary code execution

denial of service

application crash

nvd

7.5 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.6%

JSON

Integer underflow in regcomp.c in Perl before 5.20, as used in Apple OS X before 10.10.5 and other products, allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long digit string associated with an invalid backreference within a regular expression.

CPENameOperatorVersion
apple:mac_os_xapple mac os xle10.10.4
perl:perlperleq5.18.4

CPE	Name	Operator	Version
apple:mac_os_x	apple mac os x	le	10.10.4
perl:perl	perl	eq	5.18.4

References

lists.apple.com/archives/security-announce/2015/Aug/msg00001.html

perl5.git.perl.org/perl.git/commit/0c2990d652e985784f095bba4bc356481a66aa06

www.securityfocus.com/bid/75704

www.ubuntu.com/usn/USN-2916-1

security.gentoo.org/glsa/201507-11

support.apple.com/kb/HT205031

7.5 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.01 Low

EPSS

Percentile

83.6%

JSON

Related for CVE-2013-7422

prion1 ubuntucve1 gentoo1 nessus9 debiancve1 cvelist1 openvas8 ubuntu1 cloudfoundry1 securityvulns2