CVE-2010-4777

2014-02-1018:15:08

CWE-20

mitre

web.nvd.nist.gov

vulnerability

denial of service

perl

nvd

cve-2010-4777

assertion failure

application exit

debugging

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

AI Score

6.4

Confidence

High

EPSS

0.005

Percentile

77.2%

JSON

The Perl_reg_numbered_buff_fetch function in Perl 5.10.0, 5.12.0, 5.14.0, and other versions, when running with debugging enabled, allows context-dependent attackers to cause a denial of service (assertion failure and application exit) via crafted input that is not properly handled when using certain regular expressions, as demonstrated by causing SpamAssassin and OCSInventory to crash.

Affected configurations

Nvd

Node

perlperlMatch5.10

perlperlMatch5.12.0

perlperlMatch5.14.0

VendorProductVersionCPE
perlperl5.10cpe:2.3:a:perl:perl:5.10:*:*:*:*:*:*:*
perlperl5.12.0cpe:2.3:a:perl:perl:5.12.0:*:*:*:*:*:*:*
perlperl5.14.0cpe:2.3:a:perl:perl:5.14.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
perl	perl	5.10	cpe:2.3:a:perl:perl:5.10:::::::*
perl	perl	5.12.0	cpe:2.3:a:perl:perl:5.12.0:::::::*
perl	perl	5.14.0	cpe:2.3:a:perl:perl:5.14.0:::::::*