Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-4777Improper Input Validation in Perl

CWE-20Improper Input Validation8 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
5.5%
top 9.80%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
PerlDebian Perl
Timeline
PublishedFeb 10
Latest updateMay 17

Description

The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

debiandebian/perl< perl 5.20.1-1 (bookworm)
Debianperl/perl< 5.20.1-1+3
NVDperl/perl5.10, 5.12.0, 5.14.0+2

🔴Vulnerability Details

2
GHSA
GHSA-r32j-2hp8-5qh2: The Perl_reg_numbered_buff_fetch function in Perl 52022-05-17
OSV
CVE-2010-4777: The Perl_reg_numbered_buff_fetch function in Perl 52014-02-10

💥Exploits & PoCs

2
Exploit-DB
Perl 5.x - 'Perl_reg_numbered_buff_fetch()' Remote Denial of Service2011-03-23
Exploit-DB
Microsoft Internet Explorer - Daxctle.OCX KeyFrame Method Heap Buffer Overflow (MS06-067) (Metasploit)2010-07-16

📋Vendor Advisories

2
Red Hat
perl: assertion failure with certain regular expressions2010-07-16
Debian
CVE-2010-4777: perl - The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and ot...2010

💬Community

1
Bugzilla
CVE-2010-4777 perl: assertion failure with certain regular expressions2011-04-06