4.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
51.1%
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | perl | < 5.8.7-9 | perl_5.8.7-9_all.deb |
Debian | 11 | all | perl | < 5.8.7-9 | perl_5.8.7-9_all.deb |
Debian | 10 | all | perl | < 5.8.7-9 | perl_5.8.7-9_all.deb |
Debian | 999 | all | perl | < 5.8.7-9 | perl_5.8.7-9_all.deb |
Debian | 13 | all | perl | < 5.8.7-9 | perl_5.8.7-9_all.deb |