CVE-2004-0377

4 documents4 sources
Severity
10.0CRITICAL
EPSS
14.7%
top 5.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Larry Wall Perl
Timeline
PublishedMay 4
Latest updateApr 29

Description

Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 5.8.3 allows local or remote attackers to execute arbitrary commands via filenames that end in a backslash character.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

NVDlarry_wall/perl5.8.3

Patches

Patch: lists.grok.org.ukPatch: www.kb.cert.orgPatch: lists.grok.org.uk

🔴Vulnerability Details

2
GHSA
GHSA-rm2p-jhqp-33q2: Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 52022-04-29
CVEList
CVE-2004-0377: Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and (2) Larry Wall's Perl before 52004-04-06

📋Vendor Advisories

1
Debian
CVE-2004-0377: perl - Buffer overflow in the win32_stat function for (1) ActiveState's ActivePerl and ...2004
CVE-2004-0377 (CRITICAL CVSS 10) | Buffer overflow in the win32_stat f | cvebase.io