5 matches found
CVE-2017-12814
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable...
Stack overflow
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable...
Internet Bug Bounty: Perl $ENV Key Stack Buffer Overflow
The CPerlHost::Add method in win32\perlhost.h is vulnerable to a stack buffer overflow. void CPerlHost::AddLPCSTR lpStr char szBuffer1024; LPSTR lpPtr; int index, length = strlenlpStr+1; forindex = 0; lpStrindex != '\0' && lpStrindex != '='; ++index szBufferindex = lpStrindex; szBufferindex = '\0...
CVE-2017-12814
Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable...
CVE-2017-12814
CVE-2017-12814 affects Windows builds of Perl prior to 5.24.3-RC1 and 5.26.x prior to 5.26.1-RC1, due to a stack-based overflow in CPerlHost::Add (win32/perlhost.h). An overly large ENV key can overflow a fixed stack buffer, enabling arbitrary code execution. Public details confirm affected versi...