Unrated severityNVD Advisory· Published Apr 11, 2011· Updated Jun 16, 2026
CVE-2011-1487
CVE-2011-1487
Description
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
41cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*+ 40 more
- cpe:2.3:a:perl:perl:5.10.0:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.10.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.10.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.10.1:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.10.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.10.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.11.0:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.11.1:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.11.2:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.11.3:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.11.4:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.11.5:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.12.0:rc0:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.12.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.12.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.12.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.12.0:rc4:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.12.0:rc5:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.12.1:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.12.1:rc1:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.12.1:rc2:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.12.2:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.12.2:rc1:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.12.3:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.12.3:rc1:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.12.3:rc2:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.12.3:rc3:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.13.0:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.13.1:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.13.10:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.13.11:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.13.2:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.13.3:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.13.4:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.13.5:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.13.6:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.13.7:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.13.8:*:*:*:*:*:*:*
- cpe:2.3:a:perl:perl:5.13.9:*:*:*:*:*:*:*
- (no CPE)range: >=5.10.0, <=5.13.11
Patches
Vulnerability mechanics
References
15- perl5.git.perl.org/perl.git/commit/539689e74a3bcb04d29e4cd9396de91a81045b99nvdPatch
- openwall.com/lists/oss-security/2011/04/01/3nvdExploitPatch
- openwall.com/lists/oss-security/2011/04/04/35nvdExploitPatch
- rt.perl.org/rt3/Public/Bug/Display.htmlnvdExploit
- www.securityfocus.com/bid/47124nvdExploit
- bugzilla.redhat.com/show_bug.cginvdExploitPatch
- secunia.com/advisories/43921nvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2011-April/057891.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2011-April/057971.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlnvd
- secunia.com/advisories/44168nvd
- www.debian.org/security/2011/dsa-2265nvd
- www.mandriva.com/security/advisoriesnvd
- bugzilla.redhat.com/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/66528nvd
News mentions
0No linked articles in our index yet.