Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2005-3962

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

Published

2005-12-01T17:03:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.6 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:P/A:P

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

3.9

Impact Score

6.4

Weaknesses

Type: Primary
CWE-189

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	perl	perl	5.8.6	Yes
Application	perl	perl	5.9.2	Yes

References

ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch ([email protected])
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch ([email protected])
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ([email protected])
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056 ([email protected])
http://docs.info.apple.com/article.html?artnum=304829 ([email protected])
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html ([email protected])
http://marc.info/?l=full-disclosure&m=113342788118630&w=2 ([email protected])
http://secunia.com/advisories/17762 Vendor Advisory ([email protected])
http://secunia.com/advisories/17802 Vendor Advisory ([email protected])
http://secunia.com/advisories/17844 Vendor Advisory ([email protected])
http://secunia.com/advisories/17941 Vendor Advisory ([email protected])
http://secunia.com/advisories/17952 Vendor Advisory ([email protected])
http://secunia.com/advisories/17993 Vendor Advisory ([email protected])
http://secunia.com/advisories/18075 Vendor Advisory ([email protected])
http://secunia.com/advisories/18183 Vendor Advisory ([email protected])
http://secunia.com/advisories/18187 Vendor Advisory ([email protected])
http://secunia.com/advisories/18295 Vendor Advisory ([email protected])
http://secunia.com/advisories/18413 Vendor Advisory ([email protected])
http://secunia.com/advisories/18517 Vendor Advisory ([email protected])
http://secunia.com/advisories/19041 Vendor Advisory ([email protected])
http://secunia.com/advisories/20894 Vendor Advisory ([email protected])
http://secunia.com/advisories/23155 Vendor Advisory ([email protected])
http://secunia.com/advisories/31208 Vendor Advisory ([email protected])
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1 ([email protected])
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm ([email protected])
http://www.debian.org/security/2006/dsa-943 ([email protected])
http://www.dyadsecurity.com/perl-0002.html Patch, Vendor Advisory ([email protected])
http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml ([email protected])
http://www.ipcop.org/index.php?name=News&file=article&sid=41 ([email protected])
http://www.kb.cert.org/vuls/id/948385 US Government Resource ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2005:225 ([email protected])
http://www.novell.com/linux/security/advisories/2005_29_sr.html ([email protected])
http://www.novell.com/linux/security/advisories/2005_71_perl.html ([email protected])
http://www.openbsd.org/errata37.html#perl ([email protected])
http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html ([email protected])
http://www.osvdb.org/21345 ([email protected])
http://www.osvdb.org/22255 ([email protected])
http://www.redhat.com/support/errata/RHSA-2005-880.html Vendor Advisory ([email protected])
http://www.redhat.com/support/errata/RHSA-2005-881.html Vendor Advisory ([email protected])
http://www.securityfocus.com/archive/1/418333/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/438726/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/438726/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/15629 ([email protected])
http://www.trustix.org/errata/2005/0070 ([email protected])
http://www.us-cert.gov/cas/techalerts/TA06-333A.html US Government Resource ([email protected])
http://www.vupen.com/english/advisories/2005/2688 ([email protected])
http://www.vupen.com/english/advisories/2006/0771 ([email protected])
http://www.vupen.com/english/advisories/2006/2613 Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2006/4750 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598 ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074 ([email protected])
https://usn.ubuntu.com/222-1/ ([email protected])
https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html ([email protected])
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.7/common/007_perl.patch (af854a3a-2127-422b-91ae-364da2661108)
ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.8/common/001_perl.patch (af854a3a-2127-422b-91ae-364da2661108)
ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U (af854a3a-2127-422b-91ae-364da2661108)
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056 (af854a3a-2127-422b-91ae-364da2661108)
http://docs.info.apple.com/article.html?artnum=304829 (af854a3a-2127-422b-91ae-364da2661108)
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html (af854a3a-2127-422b-91ae-364da2661108)
http://marc.info/?l=full-disclosure&m=113342788118630&w=2 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/17762 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/17802 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/17844 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/17941 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/17952 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/17993 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18075 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18183 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18187 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18295 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18413 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/18517 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/19041 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/20894 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/23155 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/31208 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102192-1 (af854a3a-2127-422b-91ae-364da2661108)
http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2006/dsa-943 (af854a3a-2127-422b-91ae-364da2661108)
http://www.dyadsecurity.com/perl-0002.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.gentoo.org/security/en/glsa/glsa-200512-01.xml (af854a3a-2127-422b-91ae-364da2661108)
http://www.ipcop.org/index.php?name=News&file=article&sid=41 (af854a3a-2127-422b-91ae-364da2661108)
http://www.kb.cert.org/vuls/id/948385 US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2005:225 (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2005_29_sr.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.novell.com/linux/security/advisories/2005_71_perl.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.openbsd.org/errata37.html#perl (af854a3a-2127-422b-91ae-364da2661108)
http://www.openpkg.org/security/OpenPKG-SA-2005.025-perl.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/21345 (af854a3a-2127-422b-91ae-364da2661108)
http://www.osvdb.org/22255 (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2005-880.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.redhat.com/support/errata/RHSA-2005-881.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/418333/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/438726/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/438726/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/15629 (af854a3a-2127-422b-91ae-364da2661108)
http://www.trustix.org/errata/2005/0070 (af854a3a-2127-422b-91ae-364da2661108)
http://www.us-cert.gov/cas/techalerts/TA06-333A.html US Government Resource (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2005/2688 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/0771 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/2613 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2006/4750 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10598 (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1074 (af854a3a-2127-422b-91ae-364da2661108)
https://usn.ubuntu.com/222-1/ (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-legacy-announce/2006-February/msg00008.html (af854a3a-2127-422b-91ae-364da2661108)