Unrated severityNVD Advisory· Published Feb 10, 2014· Updated Apr 29, 2026

CVE-2010-4777

Description

The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.

Affected products

Perl Foundation/Perl3 versions
cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

bugs.debian.org/cgi-bin/bugreport.cginvd
forums.ocsinventory-ng.org/viewtopic.phpnvd
lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlnvd
lists.opensuse.org/opensuse-updates/2011-05/msg00025.htmlnvd
bugzilla.redhat.com/show_bug.cginvd
listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.htmlnvd
rt.perl.org/Public/Bug/Display.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.004
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000