4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
51.6%
The Perl interpreter contains a flaw that may increase the impact of format string vulnerabilities in programs written in Perl.
Perl is a programming language used in many applications and commonly used for web applications. The Perl interpreter, which interprets and executes Perl programs, contains an integer sign error in its format string processing for formatted I/O.
An attacker may leverage this vulnerability to increase the impact a format string vulnerability in a Perl program. This vulnerability in the Perl interpreter is not directly exploitable.
Patch the Perl interpreter per vendor instructions.
948385
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: December 28, 2005
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
For Fedora Core 4, consult FEDORA-2005-1144, which updates the remediation described in FEDORA-2005-1113.
For Fedora Core 3, consult FEDORA-2005-1145, which updates the remediation described in FEDORA-2005-1117.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23948385 Feedback>).
Updated: December 08, 2005
Statement Date: December 08, 2005
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Consult GLSA 200512-01 for vulnerability details and remediation instructions.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23948385 Feedback>).
Updated: December 28, 2005
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Consult MDKSA-2005:225 for information about updated Perl packages.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23948385 Feedback>).
Updated: December 06, 2005
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Consult OpenPKG-SA-2005.025 for vulnerability details and remediation instructions.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23948385 Feedback>).
Notified: December 01, 2005 Updated: December 28, 2005
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
In a Dec 15, 2005 stamement, the Perl Foundation reports patches are available addressing this vulnerability.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23948385 Feedback>).
Updated: December 28, 2005
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
For Red Hat Desktop v. 4 and Enterprise Linux v. 4, consult RHSA-2005:880 for remedition instructions…
For Red Hat Desktop v. 3 and Enterprise Linux v. 3, consult RHSA-2005:881 for remedition instructions…
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23948385 Feedback>).
Updated: December 28, 2005
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Consult SUSE-SA:2005:071 for remediation instructions.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23948385 Feedback>).
Updated: December 28, 2005
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Consult Trustix Secure Linux Security Advisory #2005-0070 for update Perl package information.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23948385 Feedback>).
Updated: December 06, 2005
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Consult Ubuntu Security Notice USN-222-1 for vulnerability details and remediation instructions.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23948385 Feedback>).
Group | Score | Vector |
---|---|---|
Base | 0 | AV:–/AC:–/Au:–/C:–/I:–/A:– |
Temporal | 0 | E:ND/RL:ND/RC:ND |
Environmental | 0 | CDP:ND/TD:ND/CR:ND/IR:ND/AR:ND |
Thanks to Jack Louis of Dyad Security, Inc. for reporting this vulnerability.
This document was written by Hal Burch.
CVE IDs: | CVE-2005-3962 |
---|---|
Date Public: | 2005-12-01 Date First Published: |