CVE-2005-3962

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

CVSS v2.0 4.6 MEDIUM

4.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 3.9 / Impact : 6.4

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056
http://docs.info.apple.com/article.html?artnum=304829
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
http://marc.info/?l=full-disclosure&m=113342788118630&w=2
http://secunia.com/advisories/17762	Vendor Advisory
http://secunia.com/advisories/17802	Vendor Advisory
http://secunia.com/advisories/17844	Vendor Advisory
http://secunia.com/advisories/17941	Vendor Advisory
http://secunia.com/advisories/17952	Vendor Advisory
http://secunia.com/advisories/17993	Vendor Advisory
http://secunia.com/advisories/18075	Vendor Advisory
http://secunia.com/advisories/18183	Vendor Advisory
http://secunia.com/advisories/18187	Vendor Advisory
http://secunia.com/advisories/18295	Vendor Advisory
http://secunia.com/advisories/18413	Vendor Advisory
http://secunia.com/advisories/18517	Vendor Advisory
http://secunia.com/advisories/19041	Vendor Advisory
http://secunia.com/advisories/20894	Vendor Advisory
http://secunia.com/advisories/23155	Vendor Advisory
http://secunia.com/advisories/31208	Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://www.debian.org/security/2006/dsa-943
http://www.dyadsecurity.com/perl-0002.html	Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml
http://www.ipcop.org/index.php?name=News&file=article&sid=41
http://www.kb.cert.org/vuls/id/948385	US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2005:225
http://www.novell.com/linux/security/advisories/2005_29_sr.html
http://www.novell.com/linux/security/advisories/2005_71_perl.html
http://www.openbsd.org/errata37.html#perl
http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html
http://www.osvdb.org/21345
http://www.osvdb.org/22255
http://www.redhat.com/support/errata/RHSA-2005-880.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-881.html	Vendor Advisory
http://www.securityfocus.com/archive/1/418333/100/0/threaded
http://www.securityfocus.com/archive/1/438726/100/0/threaded
http://www.securityfocus.com/archive/1/438726/100/0/threaded
http://www.securityfocus.com/bid/15629
http://www.trustix.org/errata/2005/0070
http://www.us-cert.gov/cas/techalerts/TA06-333A.html	US Government Resource
http://www.vupen.com/english/advisories/2005/2688
http://www.vupen.com/english/advisories/2006/0771
http://www.vupen.com/english/advisories/2006/2613	Vendor Advisory
http://www.vupen.com/english/advisories/2006/4750
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074
https://usn.ubuntu.com/222-1/
https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056
http://docs.info.apple.com/article.html?artnum=304829
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html
http://marc.info/?l=full-disclosure&m=113342788118630&w=2
http://secunia.com/advisories/17762	Vendor Advisory
http://secunia.com/advisories/17802	Vendor Advisory
http://secunia.com/advisories/17844	Vendor Advisory
http://secunia.com/advisories/17941	Vendor Advisory
http://secunia.com/advisories/17952	Vendor Advisory
http://secunia.com/advisories/17993	Vendor Advisory
http://secunia.com/advisories/18075	Vendor Advisory
http://secunia.com/advisories/18183	Vendor Advisory
http://secunia.com/advisories/18187	Vendor Advisory
http://secunia.com/advisories/18295	Vendor Advisory
http://secunia.com/advisories/18413	Vendor Advisory
http://secunia.com/advisories/18517	Vendor Advisory
http://secunia.com/advisories/19041	Vendor Advisory
http://secunia.com/advisories/20894	Vendor Advisory
http://secunia.com/advisories/23155	Vendor Advisory
http://secunia.com/advisories/31208	Vendor Advisory
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm
http://www.debian.org/security/2006/dsa-943
http://www.dyadsecurity.com/perl-0002.html	Patch Vendor Advisory
http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml
http://www.ipcop.org/index.php?name=News&file=article&sid=41
http://www.kb.cert.org/vuls/id/948385	US Government Resource
http://www.mandriva.com/security/advisories?name=MDKSA-2005:225
http://www.novell.com/linux/security/advisories/2005_29_sr.html
http://www.novell.com/linux/security/advisories/2005_71_perl.html
http://www.openbsd.org/errata37.html#perl
http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html
http://www.osvdb.org/21345
http://www.osvdb.org/22255
http://www.redhat.com/support/errata/RHSA-2005-880.html	Vendor Advisory
http://www.redhat.com/support/errata/RHSA-2005-881.html	Vendor Advisory
http://www.securityfocus.com/archive/1/418333/100/0/threaded
http://www.securityfocus.com/archive/1/438726/100/0/threaded
http://www.securityfocus.com/archive/1/438726/100/0/threaded
http://www.securityfocus.com/bid/15629
http://www.trustix.org/errata/2005/0070
http://www.us-cert.gov/cas/techalerts/TA06-333A.html	US Government Resource
http://www.vupen.com/english/advisories/2005/2688
http://www.vupen.com/english/advisories/2006/0771
http://www.vupen.com/english/advisories/2006/2613	Vendor Advisory
http://www.vupen.com/english/advisories/2006/4750
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074
https://usn.ubuntu.com/222-1/
https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:perl:perl:5.8.6:::::::*
	cpe:2.3:a:perl:perl:5.9.2:::::::*

History

21 Nov 2024, 00:03

Information

Published : 2005-12-01 17:03

Updated : 2025-04-03 01:03

NVD link : CVE-2005-3962

Mitre link : CVE-2005-3962

CVE.ORG link : CVE-2005-3962

JSON object : View

Products Affected

perl

perl

CWE

CWE-189

Numeric Errors

4.6 /10