Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-2286

4 documents4 sources
Severity
7.5HIGH
EPSS
22.8%
top 4.12%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Activestate ActiveperlLarry Wall Perl
Timeline
PublishedDec 31
Latest updateApr 29

Description

Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large multiplier, which may trigger a buffer overflow.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

NVDactivestate/activeperl10 versions+9
NVDlarry_wall/perl10 versions+9

🔴Vulnerability Details

2
GHSA
GHSA-8g3v-vx3x-982v: Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary2022-04-29
CVEList
CVE-2004-2286: Integer overflow in the duplication operator in ActivePerl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary2005-08-04

💥Exploits & PoCs

1
Exploit-DB
ActivePerl 5.x / Larry Wall Perl 5.x - Duplication Operator Integer Overflow2004-05-18
CVE-2004-2286 (HIGH CVSS 7.5) | Integer overflow in the duplication | cvebase.io