CVE-2007-5116

CWE-119 — Buffer Overflow10 documents8 sources

Severity

7.5HIGH

EPSS

8.8%

top 7.47%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Larry Wall Perl Mandrakesoft Mandrake Multi Network Firewall Openpkg Openpkg +1 more

Timeline

PublishedNov 7

Latest updateMay 3

Description

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages4 packages

▶Debianperl< 5.8.8-12+3

▶NVDlarry_wall/perl11 versions+10

▶NVDopenpkg/openpkgcurrent

▶NVDmandrakesoft/mandrake_multi_network_firewall2.0

Also affects: Enterprise Linux 1.0

Patches

Patch: www.mandriva.com ↗Patch: www.mandriva.com ↗

🔴Vulnerability Details

GHSA

GHSA-3wp4-6pwm-vcxj: Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp↗2022-05-03

▶

CVEList

CVE-2007-5116: Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp↗2007-11-07

▶

OSV

CVE-2007-5116: Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp↗2007-11-07

▶

📋Vendor Advisories

Ubuntu

Perl vulnerability↗2007-12-04

▶

Red Hat

perl regular expression UTF parsing errors↗2007-11-05

▶

Debian

CVE-2007-5116: perl - Buffer overflow in the polymorphic opcode support in the Regular Expression Engi...↗2007

▶

💬Community

Bugzilla

CVE-2007-5116 perl regular expression UTF parsing errors [f7]↗2007-11-12

▶

Bugzilla

CVE-2007-5116 perl regular expression UTF parsing errors [f8]↗2007-11-12

▶

Bugzilla

CVE-2007-5116 perl regular expression UTF parsing errors↗2007-10-08

▶