CVE-2014-4330 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Perl

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-674 — Uncontrolled Recursion10 documents7 sources

Severity

2.1LOWNVD

OSV7.5

EPSS

0.1%

top 69.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Perl Debian Perl Data Dumper Project Data Dumper

Timeline

PublishedSep 30

Latest updateMay 14

Description

The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages5 packages

▶NVDdata_dumper_project/data_dumper2.151

▶debiandebian/perl< perl 5.20.1-1 (bookworm)

▶Debianperl/perl< 5.20.1-1+3

▶Ubuntuperl/perl< 5.18.2-2ubuntu1.1

▶NVDperl/perl5.20.1

🔴Vulnerability Details

GHSA

GHSA-gxvp-m937-jg9v: The Dumper method in Data::Dumper before 2↗2022-05-14

▶

OSV

perl vulnerabilities↗2016-03-02

▶

OSV

CVE-2014-4330: The Dumper method in Data::Dumper before 2↗2014-09-30

▶

📋Vendor Advisories

Ubuntu

Perl vulnerabilities↗2016-03-02

▶

Red Hat

perl-Data-Dumper: deep recursion stack overflow↗2014-09-18

▶

Debian

CVE-2014-4330: perl - The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earli...↗2014

▶

💬Community

Bugzilla

CVE-2014-4330 perl-Data-Dumper: deep recursion stack overflow [fedora-all]↗2014-09-22

▶

Bugzilla

CVE-2014-4330 perl-Data-Dumper: deep recursion stack overflow [epel-all]↗2014-09-22

▶

Bugzilla

CVE-2014-4330 perl-Data-Dumper: deep recursion stack overflow↗2014-09-09

▶