CVE-2011-0761
published 2011-05-13CVE-2011-0761: Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject…
PriorityP425medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
8.88%
94.6th percentile
Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | perl | < perl 5.12.0-1 (bookworm) | perl 5.12.0-1 (bookworm) |
| perl | perl | — | — |
| perl | perl | — | — |
| perl | perl | >= 0 < 5.12.0-1 | 5.12.0-1 |
| perl | perl | >= 0 < 5.12.0-1 | 5.12.0-1 |
| perl | perl | >= 0 < 5.12.0-1 | 5.12.0-1 |
| perl | perl | >= 0 < 5.12.0-1 | 5.12.0-1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0LOW
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
perl: NULL pointer dereference via crafted SOCKET, DIRHANDLE or FILEHANDLE value
vendor_redhat·2011-05-03·CVSS 5.0
CVE-2011-0761 [MEDIUM] CWE-476 perl: NULL pointer dereference via crafted SOCKET, DIRHANDLE or FILEHANDLE value
perl: NULL pointer dereference via crafted SOCKET, DIRHANDLE or FILEHANDLE value
Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call.
Statement: Red Hat does not consider this problem to be a security issue. Input passed to these functions should be under the full control of the script author, therefore no trust boundary is crossed.
Package: perl (Red Hat Enterprise Linux 4) - Not affected
Package: perl (Red Hat Enterprise Linux 5) - Not affected
Package: perl (Red Hat Enterprise Linux 6) - Will not fix
Package: perl (Red Hat Enterprise Linux 7) -
Debian
CVE-2011-0761: perl - Perl 5.10.x allows context-dependent attackers to cause a denial of service (NUL...
vendor_debian·2011·CVSS 5.0
CVE-2011-0761 [MEDIUM] CVE-2011-0761: perl - Perl 5.10.x allows context-dependent attackers to cause a denial of service (NUL...
Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call.
Scope: local
bookworm: resolved (fixed in 5.12.0-1)
bullseye: resolved (fixed in 5.12.0-1)
forky: resolved (fixed in 5.12.0-1)
sid: resolved (fixed in 5.12.0-1)
trixie: resolved (fixed in 5.12.0-1)
GHSA
GHSA-mmv5-472c-pf4c: Perl 5
ghsa_unreviewed·2022-05-14
CVE-2011-0761 [MEDIUM] GHSA-mmv5-472c-pf4c: Perl 5
Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call.
OSV
CVE-2011-0761: Perl 5
osv·2011-05-13·CVSS 5.0
CVE-2011-0761 [MEDIUM] CVE-2011-0761: Perl 5
Perl 5.10.x allows context-dependent attackers to cause a denial of service (NULL pointer dereference and application crash) by leveraging an ability to inject arguments into a (1) getpeername, (2) readdir, (3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir function call.
No detection rules found.
Bugzilla
CVE-2011-0761 perl: NULL pointer dereference via crafted SOCKET, DIRHANDLE or FILEHANDLE value
bugzilla·2011-05-16·CVSS 5.0
CVE-2011-0761 [MEDIUM] CVE-2011-0761 perl: NULL pointer dereference via crafted SOCKET, DIRHANDLE or FILEHANDLE value
CVE-2011-0761 perl: NULL pointer dereference via crafted SOCKET, DIRHANDLE or FILEHANDLE value
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-0761 to
the following vulnerability:
Perl 5.10.x allows context-dependent attackers to cause a denial of
service (NULL pointer dereference and application crash) by leveraging
an ability to inject arguments into a (1) getpeername, (2) readdir,
(3) closedir, (4) getsockname, (5) rewinddir, (6) tell, or (7) telldir
function call.
References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0761
[2] http://www.securityfocus.com/archive/1/archive/1/517916/100/0/threaded
[3] http://www.toucan-system.com/advisories/tssa-2011-03.txt
[4] http://www.securityfocus.com/bid/47766
[5] http://securitytracker.com/id?1025507
[6] ht
Bugzilla
CVE-2011-0761 perl: NULL pointer dereference via crafted SOCKET, DIRHANDLE or FILEHANDLE value [fedora-13]
bugzilla·2011-05-16·CVSS 5.0
CVE-2011-0761 [MEDIUM] CVE-2011-0761 perl: NULL pointer dereference via crafted SOCKET, DIRHANDLE or FILEHANDLE value [fedora-13]
CVE-2011-0761 perl: NULL pointer dereference via crafted SOCKET, DIRHANDLE or FILEHANDLE value [fedora-13]
fedora-13 tracking bug for perl: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
This message is a reminder that Fedora 13 is nearing its end of life.
Approximately 30 (thirty) days from now Fedora will stop maintaining
and issuing updates for Fedora 13. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora
'version' of '13'.
Package Maintainer: If you wish for this bug to remain open becaus
http://securityreason.com/securityalert/8248http://securitytracker.com/id?1025507http://www.securityfocus.com/archive/1/517916/100/0/threadedhttp://www.securityfocus.com/bid/47766http://www.toucan-system.com/advisories/tssa-2011-03.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/67355http://securityreason.com/securityalert/8248http://securitytracker.com/id?1025507http://www.securityfocus.com/archive/1/517916/100/0/threadedhttp://www.securityfocus.com/bid/47766http://www.toucan-system.com/advisories/tssa-2011-03.txthttps://exchange.xforce.ibmcloud.com/vulnerabilities/67355
2011-05-13
Published