CVE-2017-12814 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Perl

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

6.1%

top 9.24%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Perl Debian Perl

Timeline

PublishedSep 28

Latest updateMay 13

Description

Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in Perl before 5.24.3-RC1 and 5.26.x before 5.26.1-RC1 on Windows allows attackers to execute arbitrary code via a long environment variable.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶NVDperl/perl5.24.2+1

▶debiandebian/perl

Patches

Patch: rt.perl.org ↗Patch: rt.perl.org ↗

🔴Vulnerability Details

GHSA

GHSA-6g5g-x3hj-6v2x: Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost↗2022-05-13

▶

CVEList

CVE-2017-12814: Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost↗2017-09-27

▶

📋Vendor Advisories

Debian

CVE-2017-12814: perl - Stack-based buffer overflow in the CPerlHost::Add method in win32/perlhost.h in ...↗2017

▶