Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200711-28
HistoryNov 19, 2007 - 12:00 a.m.

Perl: Buffer overflow

2007-11-1900:00:00
Gentoo Foundation
security.gentoo.org
10

0.034 Low

EPSS

Percentile

91.4%

JSON

Background

Perl is a stable, cross-platform programming language created by Larry Wall.

Description

Tavis Ormandy and Will Drewry (Google Security Team) discovered a heap-based buffer overflow in the Regular Expression engine (regcomp.c) that occurs when switching from byte to Unicode (UTF-8) characters in a regular expression.

Impact

A remote attacker could either entice a user to compile a specially crafted regular expression or actively compile it in case the script accepts remote input of regular expressions, possibly leading to the execution of arbitrary code with the privileges of the user running Perl.

Workaround

There is no known workaround at this time.

Resolution

All Perl users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-lang/perl-5.8.8-r4"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-lang/perl<Β 5.8.8-r4UNKNOWN

Related

nessus 25
openvas 28
debian 1
centos 1
f5 2
debiancve 1
seebug 1
redhat 2
fedora 5
prion 1
securityvulns 3
osv 1
veracode 1
ubuntu 1
cve 1
freebsd 1
ubuntucve 1
oraclelinux 1
vmware 2
gentoo 1
nessus
nessus
AIX 5.2 TL 10 : perl.rte (U815030)
2008-05-13 00:00:00
Oracle Linux 3 / 4 / 5 : perl (ELSA-2007-0966)
2013-07-12 00:00:00
openSUSE 10 Security Update : perl (perl-4675)
2007-11-20 00:00:00
openvas
openvas
Mandriva Update for perl MDKSA-2007:207 (perl)
2009-04-09 00:00:00
Mandriva Update for perl MDKSA-2007:207 (perl)
2009-04-09 00:00:00
Ubuntu: Security Advisory (USN-552-1)
2009-03-23 00:00:00
debian
debian
[SECURITY] [DSA 1400-1] New perl packages fix arbitrary code execution
2007-11-06 00:00:00
centos
centos
perl security update
2007-11-05 17:35:41
f5
f5
SOL17443 - Perl vulnerability CVE-2007-5116
2015-10-16 00:00:00
K17443 : Perl vulnerability CVE-2007-5116
2015-10-16 00:00:00
debiancve
debiancve
CVE-2007-5116
2007-11-07 23:46:00
seebug
seebug
Perl Unicodeζ­£εˆ™θ‘¨θΎΎεΌε †ζΊ’ε‡ΊζΌζ΄ž
2007-11-08 00:00:00
redhat
redhat
(RHSA-2007:0966) Important: perl security update
2007-11-05 00:00:00
(RHSA-2007:1011) Important: perl security update
2007-11-05 00:00:00
fedora
fedora
[SECURITY] Fedora 7 Update: perl-5.8.8-26.fc7
2007-11-13 00:09:18
[SECURITY] Fedora 8 Update: perl-5.8.8-31.fc8
2007-11-13 00:00:23
[SECURITY] Fedora Core 6 Update: perl-5.8.8-12
2007-12-03 16:22:07
prion
prion
Buffer overflow
2007-11-07 23:46:00
securityvulns
securityvulns
[ MDKSA-2007:207 ] - Updated perl packages fix vulnerability
2007-11-07 00:00:00
VMSA-2008-0001 Moderate OpenPegasus PAM Authentication Buffer Overflow and updated service console packages
2008-01-08 00:00:00
PCRE and perl regular expression handling multiple security vulnerabilities
2007-11-07 00:00:00
osv
osv
perl - arbitrary code execution
2007-11-06 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:20:48
ubuntu
ubuntu
Perl vulnerability
2007-12-04 00:00:00
cve
cve
CVE-2007-5116
2007-11-07 23:46:00
freebsd
freebsd
perl -- regular expressions unicode data buffer overflow
2007-11-05 00:00:00
ubuntucve
ubuntucve
CVE-2007-5116
2007-11-07 00:00:00
oraclelinux
oraclelinux
Important: perl security update
2007-11-05 00:00:00
vmware
vmware
Updated service console patches.
2008-01-07 00:00:00
Updated service console patches.
2008-01-07 00:00:00
gentoo
gentoo
AMD64 x86 emulation base libraries: Multiple vulnerabilities
2014-12-12 00:00:00

0.034 Low

EPSS

Percentile

91.4%

JSON
Related for GLSA-200711-28
nessus25openvas28debian1centos1f52debiancve1seebug1redhat2fedora5prion1securityvulns3osv1veracode1ubuntu1cve1freebsd1ubuntucve1oraclelinux1vmware2gentoo1