CVE-2005-3962 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Perl

CWE-18915 documents7 sources

Severity

7.8HIGHNVD

NVD4.6OSV4.6

EPSS

0.9%

top 24.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Perl Debian Perl Positive Software CP

Timeline

PublishedDec 1

Latest updateMay 3

Description

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages4 packages

▶debiandebian/perl< perl 5.8.7-9 (bookworm)

▶Debianperl/perl< 5.8.7-9+3

▶NVDperl/perl5.8.6, 5.9.2+1

▶NVDpositive_software/cp6 versions+5

Patches

Patch: www.dyadsecurity.com ↗Patch: www.dyadsecurity.com ↗

🔴Vulnerability Details

GHSA

GHSA-x9vv-cmfc-4qwh: Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5↗2022-05-03

▶

GHSA

GHSA-rc8p-8p78-4qgh: Unspecified vulnerability in Positive Software Corporation CP+ (cpplus) before 2↗2022-05-01

▶

OSV

CVE-2005-3962: Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5↗2005-12-01

▶

📋Vendor Advisories

Ubuntu

Perl vulnerability↗2005-12-13

▶

Ubuntu

Perl vulnerability↗2005-12-02

▶

Red Hat

security flaw↗2005-12-01

▶

Debian

CVE-2005-3962: perl - Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5...↗2005

▶

💬Community

Bugzilla

CVE-2005-3962 security flaw↗2018-08-16

▶

Bugzilla

CVE-2005-3962 Perl Format String Vulnerability↗2005-12-31

▶

Bugzilla

CVE-2005-3962 Perl integer overflow issue↗2005-12-01

▶

Bugzilla

CVE-2005-3962 Perl integer overflow issue↗2005-12-01

▶

Bugzilla

CVE-2005-3962 Perl integer overflow issue↗2005-12-01

▶