CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
87.8%
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
Vendor | Product | Version | CPE |
---|---|---|---|
perl | perl | 5.10.0 | cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:* |
perl | perl | 5.10.0 | cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:* |
perl | perl | 5.10.0 | cpe:2.3:a:perl:perl:5.10.0:rc2:*:*:*:*:*:* |
perl | perl | 5.10.1 | cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:* |
perl | perl | 5.10.1 | cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:* |
perl | perl | 5.10.1 | cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:* |
perl | perl | 5.13.0 | cpe:2.3:a:perl:perl:5.13.0:*:*:*:*:*:*:* |
perl | perl | 5.13.1 | cpe:2.3:a:perl:perl:5.13.1:*:*:*:*:*:*:* |
perl | perl | 5.13.2 | cpe:2.3:a:perl:perl:5.13.2:*:*:*:*:*:*:* |
perl | perl | 5.13.3 | cpe:2.3:a:perl:perl:5.13.3:*:*:*:*:*:*:* |
lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.html
lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.html
lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.html
openwall.com/lists/oss-security/2011/04/01/3
openwall.com/lists/oss-security/2011/04/04/35
perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99
rt.perl.org/rt3/Public/Bug/Display.html?id=87336
secunia.com/advisories/43921
secunia.com/advisories/44168
www.debian.org/security/2011/dsa-2265
www.mandriva.com/security/advisories?name=MDVSA-2011:091
www.securityfocus.com/bid/47124
bugzilla.redhat.com/show_bug.cgi?id=692844
bugzilla.redhat.com/show_bug.cgi?id=692898
exchange.xforce.ibmcloud.com/vulnerabilities/66528