CVE-2004-2022

Name of the Vulnerable Software and Affected Versions ActivePerl versions 5.8.x and earlier Perl version 5.6.1 and others

Description The issue allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the system command, leading to a stack-based buffer overflow. It is unclear whether this bug is in Perl or the OS API used by Perl.

Recommendations For ActivePerl versions 5.8.x and earlier, consider restricting the use of the system command until a patch is available. For Perl version 5.6.1 and others, avoid using long arguments with the system command to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.