CVE-2012-5195

EPSS 6.45%
Published 18.12.2012 00:55:01
Last modified 11.04.2025 00:51:21
Source cve@mitre.org
Teams watchlist Login
Open Login

Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.

Affected products Warnungen 0 Metrics 2 CWE 1 References 19

Data is provided by the National Vulnerability Database (NVD)

Perl ≫ Perl Version5.12.0

Perl ≫ Perl Version5.12.0 Updaterc0

Perl ≫ Perl Version5.12.0 Updaterc1

Perl ≫ Perl Version5.12.0 Updaterc2

Perl ≫ Perl Version5.12.0 Updaterc3

Perl ≫ Perl Version5.12.0 Updaterc4

Perl ≫ Perl Version5.12.0 Updaterc5

Perl ≫ Perl Version5.12.1

Perl ≫ Perl Version5.12.1 Updaterc1

Perl ≫ Perl Version5.12.1 Updaterc2

Perl ≫ Perl Version5.12.2

Perl ≫ Perl Version5.12.2 Updaterc1

Perl ≫ Perl Version5.12.3

Perl ≫ Perl Version5.12.3 Updaterc1

Perl ≫ Perl Version5.12.3 Updaterc2

Perl ≫ Perl Version5.12.3 Updaterc3

Perl ≫ Perl Version5.12.4

Perl ≫ Perl Version5.14.0

Perl ≫ Perl Version5.14.0 Updaterc1

Perl ≫ Perl Version5.14.0 Updaterc2

Perl ≫ Perl Version5.14.0 Updaterc3

Perl ≫ Perl Version5.14.1

Perl ≫ Perl Version5.14.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	6.45%	0.907

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705

http://secunia.com/advisories/55314

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673

http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html

http://secunia.com/advisories/51457

Vendor Advisory

http://www.ubuntu.com/usn/USN-1643-1

http://rhn.redhat.com/errata/RHSA-2013-0685.html

http://www.debian.org/security/2012/dsa-2586

http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44

Patch