Perl Security Vulnerabilities and Issues — Perl CVE List

Lucene search

PerlPerl

8 matches found

CVE•added 2011/04/11 6:55 p.m.•104 views

CVE-2011-1487

The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection ...

5CVSS6AI score0.03822EPSS

CVE•added 2008/04/24 5:5 a.m.•89 views

CVE-2008-1927

Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.

5CVSS7.3AI score0.02895EPSS

Web

CVE•added 2012/01/13 6:55 p.m.•75 views

CVE-2011-2939

Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.

5.1CVSS6.2AI score0.02324EPSS

CVE•added 2011/05/13 5:5 p.m.•64 views

CVE-2011-0761

Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call.

5CVSS6.4AI score0.04237EPSS

CVE•added 2012/09/09 9:55 p.m.•60 views

CVE-2012-1151

Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the pg_warn function or ...

5CVSS6.6AI score0.02485EPSS

CVE•added 2010/04/20 3:30 p.m.•43 views

CVE-2010-1158

Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.

5CVSS6.6AI score0.00604EPSS

CVE•added 2002/03/09 5:0 a.m.•42 views

CVE-1999-1386

Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.

5.5CVSS6.7AI score0.00168EPSS

CVE•added 2009/10/29 2:30 p.m.•39 views

CVE-2009-3626

Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.

5CVSS6.2AI score0.01345EPSS