CVE-2011-2939 — Heap-based Buffer Overflow in Libencode-perl

CWE-189 CWE-122 — Heap-based Buffer Overflow8 documents7 sources

Severity

5.1MEDIUMNVD

EPSS

6.6%

top 8.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Perl Debian Libencode-perl Debian Perl +1 more

Timeline

PublishedJan 13

Latest updateMay 14

Description

Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages5 packages

▶debiandebian/libencode-perl< libencode-perl 2.44-1 (bookworm)

▶NVDdan_kogai/encode_module2.43+117

▶debiandebian/perl< libencode-perl 2.44-1 (bookworm)

▶Debianperl/perl< 5.12.4-4+3

▶NVDperl/perl5.14.2+38

Patches

Patch: perl5.git.perl.org ↗Patch: www.openwall.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-76hr-qp66-cq6j: Off-by-one error in the decode_xs function in Unicode/Unicode↗2022-05-14

▶

OSV

CVE-2011-2939: Off-by-one error in the decode_xs function in Unicode/Unicode↗2012-01-13

▶

📋Vendor Advisories

Ubuntu

Perl vulnerabilities↗2012-11-30

▶

Red Hat

Perl decode_xs heap-based buffer overflow↗2011-08-09

▶

Debian

CVE-2011-2939: libencode-perl - Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode m...↗2011

▶

💬Community

Bugzilla

CVE-2011-2939 Perl decode_xs heap-based buffer overflow [fedora-all]↗2011-10-04

▶

Bugzilla

CVE-2011-2939 Perl decode_xs heap-based buffer overflow↗2011-08-17

▶