CVE-2009-3626 — Perl vulnerability

7 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

1.3%

top 20.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Perl Debian Perl

Timeline

PublishedOct 29

Latest updateMay 2

Description

Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/perl< perl 5.10.1-6 (bookworm)

▶Debianperl/perl< 5.10.1-6+3

▶NVDperl/perl5.10.1

Patches

Patch: perl5.git.perl.org ↗Patch: www.vupen.com ↗Patch: perl5.git.perl.org ↗

🔴Vulnerability Details

GHSA

GHSA-pr3m-646v-qvfc: Perl 5↗2022-05-02

▶

OSV

CVE-2009-3626: Perl 5↗2009-10-29

▶

📋Vendor Advisories

Debian

CVE-2009-3626: perl - Perl 5.10.1 allows context-dependent attackers to cause a denial of service (app...↗2009

▶

Red Hat

perl: regexp matcher crash on invalid UTF-8 characters↗

▶

💬Community

Bugzilla

CVE-2009-3626 perl: regexp matcher crash on invalid UTF-8 characters↗2009-12-15

▶

Bugzilla

CVE-2009-3627 perl-HTML-Parser: Production of invalid (wide) character(s) while parsing HTML entity(ies) with invalid UTF-8 character(s)↗2009-10-23

▶