7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.7 High
AI Score
Confidence
High
0.036 Low
EPSS
Percentile
91.6%
It was discovered that the decode_xs function in the Encode module is
vulnerable to a heap-based buffer overflow via a crafted Unicode string.
An attacker could use this overflow to cause a denial of service.
(CVE-2011-2939)
It was discovered that the βnewβ constructor in the Digest module is
vulnerable to an eval injection. An attacker could use this to execute
arbitrary code. (CVE-2011-3597)
It was discovered that Perlβs βxβ string repeat operator is vulnerable
to a heap-based buffer overflow. An attacker could use this to execute
arbitrary code. (CVE-2012-5195)
Ryo Anazawa discovered that the CGI.pm module does not properly escape
newlines in Set-Cookie or P3P (Platform for Privacy Preferences Project)
headers. An attacker could use this to inject arbitrary headers into
responses from applications that use CGI.pm. (CVE-2012-5526)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 8.04 | noarch | perl | <Β 5.8.8-12ubuntu0.7 | UNKNOWN |
Ubuntu | 8.04 | noarch | libperl-dev | <Β 5.8.8-12ubuntu0.7 | UNKNOWN |
Ubuntu | 8.04 | noarch | libperl5.8 | <Β 5.8.8-12ubuntu0.7 | UNKNOWN |
Ubuntu | 8.04 | noarch | perl-base | <Β 5.8.8-12ubuntu0.7 | UNKNOWN |
Ubuntu | 8.04 | noarch | perl-debug | <Β 5.8.8-12ubuntu0.7 | UNKNOWN |
Ubuntu | 8.04 | noarch | perl-suid | <Β 5.8.8-12ubuntu0.7 | UNKNOWN |
Ubuntu | 12.10 | noarch | perl | <Β 5.14.2-13ubuntu0.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | libperl-dev | <Β 5.14.2-13ubuntu0.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | libperl5.14 | <Β 5.14.2-13ubuntu0.1 | UNKNOWN |
Ubuntu | 12.10 | noarch | perl-base | <Β 5.14.2-13ubuntu0.1 | UNKNOWN |