Perl Security Vulnerabilities and Issues — Perl CVE List

Lucene search

Larry WallPerl

5 matches found

CVE•added 2007/11/07 11:46 p.m.•105 views

CVE-2007-5116

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.

7.5CVSS9.8AI score0.11413EPSS

CVE•added 1999/09/29 4:0 a.m.•56 views

CVE-1999-0034

Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.

7.2CVSS7.7AI score0.00348EPSS

CVE•added 2000/10/20 4:0 a.m.•39 views

CVE-2000-0703

suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.

7.2CVSS6.9AI score0.00307EPSS

CVE•added 2005/08/04 4:0 a.m.•36 views

CVE-2004-2286

Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow.

7.5CVSS8.1AI score0.06157EPSS

CVE•added 2005/12/16 11:3 a.m.•35 views

CVE-2005-4278

Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.

7.2CVSS6.3AI score0.00075EPSS