CVE-2015-8608 — Out-of-bounds Read in Perl

CWE-125 — Out-of-bounds Read CWE-121 — Stack-based Buffer Overflow6 documents6 sources

Severity

9.8CRITICALNVD

EPSS

2.9%

top 13.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Perl Debian Perl

Timeline

PublishedFeb 7

Latest updateMay 13

Description

The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attackers to cause a denial of service (out-of-bounds read) and possibly execute arbitrary code via a crafted (1) drive letter or (2) pInName argument.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDperl/perl5.22

▶debiandebian/perl

Patches

Patch: rt.perl.org ↗Patch: rt.perl.org ↗

🔴Vulnerability Details

GHSA

GHSA-523x-9jc5-mf89: The VDir::MapPathA and VDir::MapPathW functions in Perl 5↗2022-05-13

▶

CVEList

CVE-2015-8608: The VDir::MapPathA and VDir::MapPathW functions in Perl 5↗2017-02-07

▶

📋Vendor Advisories

Red Hat

perl: out-of-bounds read and buffer overflow in functions VDir::MapPathA and VDir::MapPathW via a crafted drive letter or a pInName argument↗2016-01-11

▶

Debian

CVE-2015-8608: perl - The VDir::MapPathA and VDir::MapPathW functions in Perl 5.22 allow remote attack...↗2015

▶

💬Community

Bugzilla

CVE-2015-8608 perl: out-of-bounds read and buffer overflow in functions VDir::MapPathA and VDir::MapPathW via a crafted drive letter or a pInName argument↗2020-07-15

▶