CVE-2008-1927 — Out-of-bounds Write in Perl

CWE-3999 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

2.4%

top 15.06%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Perl Debian Perl

Timeline

PublishedApr 24

Latest updateMay 1

Description

Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a crafted regular expression containing UTF8 characters. NOTE: this issue might only be present on certain operating systems.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/perl< perl 5.10.0-1 (bookworm)

▶Debianperl/perl< 5.10.0-1+3

▶NVDperl/perl5.8.8

🔴Vulnerability Details

GHSA

GHSA-cjr5-49hf-284r: Double free vulnerability in Perl 5↗2022-05-01

▶

OSV

CVE-2008-1927: Double free vulnerability in Perl 5↗2008-04-24

▶

📋Vendor Advisories

Ubuntu

Perl regression↗2009-01-15

▶

Ubuntu

Perl vulnerabilities↗2008-12-24

▶

Debian

CVE-2008-1927: perl - Double free vulnerability in Perl 5.8.8 allows context-dependent attackers to ca...↗2008

▶

Red Hat

perl: heap corruption by regular expressions with utf8 characters↗2007-12-04

▶

💬Community

Bugzilla

CVE-2013-1927 icedtea-web: GIFAR issue↗2012-12-06

▶

Bugzilla

CVE-2008-1927 perl: heap corruption by regular expressions with utf8 characters↗2008-04-24

▶