CVE-2004-2022
published 2004-12-31CVE-2004-2022: ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and…
PriorityP421low2.1CVSS 2.0
AVLACLAuNCNINAP
EXPLOIT
EPSS
1.67%
73.9th percentile
ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| activestate | activeperl | — | — |
| activestate | activeperl | — | — |
| activestate | activeperl | — | — |
| activestate | activeperl | — | — |
| activestate | activeperl | — | — |
| activestate | activeperl | — | — |
| activestate | activeperl | — | — |
| activestate | activeperl | — | — |
| github.com | sylabs_sif_v2 | >= 0 < 2.8.1 | 2.8.1 |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:N/A:P
ghsa5.0MEDIUM
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
SIF's Digital Signature Hash Algorithms Not Validated
ghsa·2022-10-06·CVSS 5.0
CVE-2022-39237 [MEDIUM] CWE-327 SIF's Digital Signature Hash Algorithms Not Validated
SIF's Digital Signature Hash Algorithms Not Validated
### Impact
The `github.com/sylabs/sif/v2/pkg/integrity` package does not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures.
### Patches
A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade.
The patch is commit https://github.com/sylabs/sif/commit/07fb86029a12e3210f6131e065570124605daeaa
### Workarounds
Users may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure.
### References
* [CVE-2004-2761](https://nvd.nist.gov/vuln/detail/cve-2004-2761)
* [CVE-2005-4900](https://nvd.nist.gov/vuln/detail/cve-2005-4900)
### For more information
If you have any questions or comme
GHSA
GHSA-6g7x-c8vf-63fq: ActivePerl 5
ghsa_unreviewed·2022-04-29
CVE-2004-2022 [LOW] GHSA-6g7x-c8vf-63fq: ActivePerl 5
ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, when running on Windows systems, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, which leads to a stack-based buffer overflow. NOTE: it is unclear whether this bug is in Perl or the OS API that is used by Perl.
CISA
Microsoft Windows Privilege Escalation Vulnerability
cisa·2022-03-03·CVSS 7.8
CVE-2004-0210 [HIGH] CWE-120 Microsoft Windows Privilege Escalation Vulnerability
Vulnerability: Microsoft Windows Privilege Escalation Vulnerability
Affected: Microsoft Windows
A privilege elevation vulnerability exists in the POSIX subsystem. This vulnerability could allow a logged on user to take complete control of the system.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2004-0210
Remediation Due Date: 2022-03-24
No detection rules found.
No writeups or analysis indexed.
http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0905.htmlhttp://marc.info/?l=bugtraq&m=108489894009025&w=2http://marc.info/?l=full-disclosure&m=108482796105922&w=2http://marc.info/?l=full-disclosure&m=108483058514596&w=2http://marc.info/?l=full-disclosure&m=108489112131099&w=2http://www.oliverkarow.de/research/ActivePerlSystemBOF.txthttp://www.perlmonks.org/index.pl?node_id=354145http://www.securityfocus.com/bid/10375https://exchange.xforce.ibmcloud.com/vulnerabilities/16169http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0905.htmlhttp://marc.info/?l=bugtraq&m=108489894009025&w=2http://marc.info/?l=full-disclosure&m=108482796105922&w=2http://marc.info/?l=full-disclosure&m=108483058514596&w=2http://marc.info/?l=full-disclosure&m=108489112131099&w=2http://www.oliverkarow.de/research/ActivePerlSystemBOF.txthttp://www.perlmonks.org/index.pl?node_id=354145http://www.securityfocus.com/bid/10375https://exchange.xforce.ibmcloud.com/vulnerabilities/16169
2004-12-31
Published