CVE-2012-5195 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Perl

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents7 sources

Severity

7.5HIGHNVD

EPSS

5.3%

top 9.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Perl Debian Perl

Timeline

PublishedDec 18

Latest updateMay 17

Description

Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/perl< perl 5.14.2-14 (bookworm)

▶Debianperl/perl< 5.14.2-14+3

▶NVDperl/perl8 versions+7

Patches

Patch: perl5.git.perl.org ↗Patch: perl5.git.perl.org ↗

🔴Vulnerability Details

GHSA

GHSA-6768-qw7m-q528: Heap-based buffer overflow in the Perl_repeatcpy function in util↗2022-05-17

▶

OSV

CVE-2012-5195: Heap-based buffer overflow in the Perl_repeatcpy function in util↗2012-12-18

▶

📋Vendor Advisories

Ubuntu

Perl vulnerabilities↗2012-11-30

▶

Red Hat

perl: heap buffer overrun flaw may lead to arbitrary code execution↗2012-10-10

▶

Debian

CVE-2012-5195: perl - Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12...↗2012

▶

💬Community

Bugzilla

CVE-2012-5195 perl: heap buffer overrun flaw may lead to arbitrary code execution↗2012-10-02

▶