- EPSS 8.71%
- Veröffentlicht 11.04.2011 18:55:03
- Zuletzt bearbeitet 16.06.2026 23:29:28
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-de...
- EPSS 2.04%
- Veröffentlicht 20.04.2010 15:30:00
- Zuletzt bearbeitet 16.06.2026 23:17:37
Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.
- EPSS 2.2%
- Veröffentlicht 29.10.2009 14:30:01
- Zuletzt bearbeitet 16.06.2026 23:12:02
Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.
CVE-2008-2827
- EPSS 0.85%
- Veröffentlicht 23.06.2008 19:41:00
- Zuletzt bearbeitet 16.06.2026 22:54:33
The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-04...
- EPSS 3.15%
- Veröffentlicht 24.04.2008 05:05:00
- Zuletzt bearbeitet 16.06.2026 22:52:46
Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain oper...
CVE-2005-3962
- EPSS 1.37%
- Veröffentlicht 01.12.2005 17:03:00
- Zuletzt bearbeitet 16.06.2026 22:17:58
Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an int...
CVE-1999-1386
- EPSS 0.46%
- Veröffentlicht 31.12.1999 05:00:00
- Zuletzt bearbeitet 16.06.2026 21:50:19
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
- EPSS 33.39%
- Veröffentlicht 29.05.1996 04:00:00
- Zuletzt bearbeitet 16.06.2026 21:48:32
Perl, sh, csh, or other shell interpreters are installed in the cgi-bin directory on a WWW site, which allows remote attackers to execute arbitrary commands.