K5794 : Security Advisory: Perl integer sign error in format string processing - CVE-2005-3962

Security Advisory Description

Note: Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about F5 Networks’ security policy regarding evaluating older and unsupported versions of F5 Networks products, refer to K4602: Overview of F5 Networks security vulnerability response policy.

F5 Networks products and versions that have been evaluated for this Security Advisory

Although F5 Networks products contain versions of Perl that are subject to this vulnerability, this vulnerability can only be exploited by an attacker that has root access. As a result, F5 Networks products are not considered vulnerable.

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

Information about this advisory is available at the following location:

<https://vulners.com/cve/CVE-2005-3962&gt;