Perl
Source repositories
CVEs (52)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2012-5195 | 0.00 | — | 0.05 | Dec 18, 2012 | Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via… | |||
| CVE-2012-1151 | 0.00 | — | 0.03 | Sep 9, 2012 | Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the… | |||
| CVE-2011-2939 | 0.00 | — | 0.03 | Jan 13, 2012 | Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based… | |||
| CVE-2010-1158 | 0.00 | — | 0.02 | Apr 20, 2010 | Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string. | |||
| CVE-2009-3626 | 0.00 | — | 0.02 | Oct 29, 2009 | Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match. | |||
| CVE-2008-1927 | 0.00 | — | 0.03 | Apr 24, 2008 | Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems. | |||
| CVE-2007-5116 | 0.00 | — | 0.05 | Nov 7, 2007 | Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression. | |||
| CVE-2005-4278 | 0.00 | — | 0.00 | Dec 16, 2005 | Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. | |||
| CVE-2005-3962 | 0.00 | — | 0.01 | Dec 1, 2005 | Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a… | |||
| CVE-2005-0448 | 0.00 | — | 0.00 | May 2, 2005 | Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452. | |||
| CVE-2004-0452 | 0.00 | — | 0.00 | Dec 21, 2004 | Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack. | |||
| CVE-2003-0900 | 0.00 | — | 0.01 | Dec 31, 2003 | Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers. |
- CVE-2012-5195Dec 18, 2012risk 0.00cvss —epss 0.05
Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via…
- CVE-2012-1151Sep 9, 2012risk 0.00cvss —epss 0.03
Multiple format string vulnerabilities in dbdimp.c in DBD::Pg (aka DBD-Pg or libdbd-pg-perl) module before 2.19.0 for Perl allow remote PostgreSQL database servers to cause a denial of service (process crash) via format string specifiers in (1) a crafted database warning to the…
- CVE-2011-2939Jan 13, 2012risk 0.00cvss —epss 0.03
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based…
- CVE-2010-1158Apr 20, 2010risk 0.00cvss —epss 0.02
Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.
- CVE-2009-3626Oct 29, 2009risk 0.00cvss —epss 0.02
Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.
- CVE-2008-1927Apr 24, 2008risk 0.00cvss —epss 0.03
Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.
- CVE-2007-5116Nov 7, 2007risk 0.00cvss —epss 0.05
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
- CVE-2005-4278Dec 16, 2005risk 0.00cvss —epss 0.00
Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.
- CVE-2005-3962Dec 1, 2005risk 0.00cvss —epss 0.01
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a…
- CVE-2005-0448May 2, 2005risk 0.00cvss —epss 0.00
Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.
- CVE-2004-0452Dec 21, 2004risk 0.00cvss —epss 0.00
Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack.
- CVE-2003-0900Dec 31, 2003risk 0.00cvss —epss 0.01
Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers.
Page 3 of 3